Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report ccproxysetup-free.exe

Overview

General Information

Sample Name:ccproxysetup-free.exe
Analysis ID:382503
MD5:3d07be760cd5756d6ca67bd0096fe8d2
SHA1:2961eb46fb06ea87d2a31926575cd52e6a3fbfeb
SHA256:5b602304faf88737a24a3ad74f92938ea60eed8bdc4532131a31bce5a58be98a
Infos:

Most interesting Screenshot:

Detection

Score:20
Range:0 - 100
Whitelisted:false
Confidence:0%

Signatures

Tries to steal Mail credentials (via file registry)
Antivirus or Machine Learning detection for unpacked file
Contains capabilities to detect virtual machines
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to delete services
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to query network adapater information
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found evasive API chain (may stop execution after checking a module file name)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains strange resources
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sleep loop found (likely to delay execution)
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample has functionality to log and monitor keystrokes, analyze it with the 'Simulates keyboard and window changes' cookbook
Sample is a service DLL but no service has been registered
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")
Sample monitors window changes (e.g. starting applications), analyze the sample with the 'Simulates keyboard and window changes' cookbook



Startup

  • System is w10x64
  • ccproxysetup-free.exe (PID: 6048 cmdline: 'C:\Users\user\Desktop\ccproxysetup-free.exe' MD5: 3D07BE760CD5756D6CA67BD0096FE8D2)
    • ccproxysetup-free.tmp (PID: 2872 cmdline: 'C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmp' /SL5='$110082,836261,56832,C:\Users\user\Desktop\ccproxysetup-free.exe' MD5: 661296AFBB73CA68432EDE7C26FC0108)
      • CCProxy.exe (PID: 6396 cmdline: C:\CCProxy\CCProxy.exe MD5: 3E0C02558BDF66E0A14F463013BB0F26)
        • CCProxy.exe (PID: 6792 cmdline: C:\CCProxy\CCProxy.exe -Upgrade '-UpdateUrl=http%3A%2F%2Fupdate.youngzsoft.com%2Fupdatesystem%2Fupdate.php' '-Silent' '-CheckUpdate' '-ProductName=CCProxy' '-ReleaseTime=2016-07-22+09%3A57%3A12' '-MachineID=90cf1f244918b5ca' '-License=' MD5: 3E0C02558BDF66E0A14F463013BB0F26)
  • SpeechRuntime.exe (PID: 6780 cmdline: C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe -Embedding MD5: 91858001E25FE5FF6E1C650BB4F24AB0)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results
Source: 0.2.ccproxysetup-free.exe.400000.0.unpackAvira: Label: TR/Dropper.Gen
Source: 1.2.ccproxysetup-free.tmp.400000.0.unpackAvira: Label: TR/Dropper.Gen
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_004D6B70 _wcslen,CryptProtectData,LocalFree,_DebugHeapAllocator,10_2_004D6B70
Source: C:\CCProxy\CCProxy.exeCode function: 13_2_004D6B70 _wcslen,CryptProtectData,LocalFree,_DebugHeapAllocator,13_2_004D6B70
Source: ccproxysetup-free.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI, RELOCS_STRIPPED
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCProxy_is1Jump to behavior
Source: ccproxysetup-free.exeStatic PE information: certificate valid
Source: Binary string: D:\yinwuqi\ccproxy\Release\Win32\CCProxy.pdb source: ccproxysetup-free.tmp, 00000001.00000003.275716189.0000000004E00000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp, CCProxy.exe, 0000000D.00000002.283505482.0000000000574000.00000002.00020000.sdmp, is-DB5HA.tmp.1.dr
Source: Binary string: D:\yinwuqi\ccproxy\Release\Win32\CCProxy.pdb0\dYZ source: ccproxysetup-free.tmp, 00000001.00000003.275716189.0000000004E00000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp, CCProxy.exe, 0000000D.00000002.283505482.0000000000574000.00000002.00020000.sdmp, is-DB5HA.tmp.1.dr
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_00452A60 FindFirstFileA,GetLastError,1_2_00452A60
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_0047531C FindFirstFileA,FindNextFileA,FindClose,1_2_0047531C
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_00464158 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,1_2_00464158
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_004985E4 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,1_2_004985E4
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_00462750 FindFirstFileA,FindNextFileA,FindClose,1_2_00462750
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_00463CDC SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,1_2_00463CDC
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_0050A250 __EH_prolog3_GS,GetFullPathNameW,_DebugHeapAllocator,PathIsUNCW,GetVolumeInformationW,CharUpperW,FindFirstFileW,FindClose,lstrlenW,_DebugHeapAllocator,10_2_0050A250
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_00447140 _memset,GetPrivateProfileStringW,_wcslen,_memset,__swprintf,_memset,GetLocalTime,__swprintf,__swprintf,_memset,__swprintf,FindFirstFileW,FindNextFileW,FindClose,10_2_00447140
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_004F7F75 FindFirstFileW,GetLastError,lstrlenW,SetLastError,__wfullpath,__wsplitpath_s,__wmakepath_s,10_2_004F7F75
Source: C:\CCProxy\CCProxy.exeCode function: 13_2_0050A250 __EH_prolog3_GS,GetFullPathNameW,_DebugHeapAllocator,PathIsUNCW,GetVolumeInformationW,CharUpperW,FindFirstFileW,FindClose,lstrlenW,_DebugHeapAllocator,13_2_0050A250
Source: C:\CCProxy\CCProxy.exeCode function: 13_2_00447140 _memset,GetPrivateProfileStringW,_wcslen,_memset,__swprintf,_memset,GetLocalTime,__swprintf,__swprintf,_memset,__swprintf,FindFirstFileW,FindNextFileW,FindClose,13_2_00447140
Source: C:\CCProxy\CCProxy.exeCode function: 13_2_004F7F75 FindFirstFileW,GetLastError,lstrlenW,SetLastError,__wfullpath,__wsplitpath_s,__wmakepath_s,13_2_004F7F75
Source: global trafficHTTP traffic detected: GET /updatesystem/update.php?Upgrade&Silent&CheckUpdate&ProductName=CCProxy&ReleaseTime=2016-07-22+09%3A57%3A12&MachineID=90cf1f244918b5ca&License= HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: update.youngzsoft.com
Source: Joe Sandbox ViewIP Address: 87.248.100.215 87.248.100.215
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_004C7A40 GetTickCount,_memset,GetTickCount,Concurrency::details::_NonReentrantPPLLock::_Acquire,GetTickCount,recv,recv,_strlen,recv,10_2_004C7A40
Source: global trafficHTTP traffic detected: GET /updatesystem/update.php?Upgrade&Silent&CheckUpdate&ProductName=CCProxy&ReleaseTime=2016-07-22+09%3A57%3A12&MachineID=90cf1f244918b5ca&License= HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: update.youngzsoft.com
Source: ccproxysetup-free.tmp, 00000001.00000003.275716189.0000000004E00000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp, CCProxy.exe, 0000000D.00000002.283505482.0000000000574000.00000002.00020000.sdmp, is-DB5HA.tmp.1.drString found in binary or memory: %d-%d-%d%s\log.datSave Debug Info to Log\log.dat?taskmgrhttp://www.facebook.com/ccproxyhomeopenhttp://update.youngzsoft.com/updatesystem/update.phpCCProxyhttp://update.youngzsoft.com/updatesystem/update.phpCCProxy|%d/%d %02d:%02d:%02ddiconnected%02d:%02d|CCProxy%s-vCCProxy%s-v%s\Language\ccproxy.pdfopenopenopenInvalid DateTimeTaZ equals www.facebook.com (Facebook)
Source: ccproxysetup-free.tmp, 00000001.00000003.275716189.0000000004E00000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp, CCProxy.exe, 0000000D.00000002.283505482.0000000000574000.00000002.00020000.sdmp, is-DB5HA.tmp.1.drString found in binary or memory: JXAppIDCLSIDComponent CategoriesFileTypeInterfaceHardwareMimeSAMSECURITYSYSTEMSoftwareTypeLib\%s\CCProxy.ini25PortSMTPMail110PortPOP3MailAntiSpamRBLMailEntrySelectedDialUserNameDialPasswordDial10IdleTimeoutDial0AutoDisconnectDial0AutoDialDial1WebDial1MailDial0FTPDial0OthersDial0TelnetDial0SOCKSDial0NewsDial0DialWhenStartupDial0DisconnectWhenShutdownDial0LoadFromCacheCache60CacheTimeoutCache0WebCacheExSystem0WebCachedSystem-1MaxVerificationTimesSystem30LockTimeSystem0CascadingProxySystemProxyAddrCascadingProxyHTTPProtocolCascadingProxy808PortCascadingProxy0NeedAuthCascadingProxyUserNameCascadingProxyPasswordCascadingProxyBasicAuthMethodCascadingProxyDomainCascadingProxy0CascadingWWWCascadingProxyWWWProxyAddrCascadingProxyHTTPWWWProtocolCascadingProxy808WWWPortCascadingProxy0WWWNeedAuthCascadingProxyWWWUserNameCascadingProxyWWWPasswordCascadingProxyBasicWWWAuthMethodCascadingProxyWWWDomainCascadingProxy0CascadingSOCKSCascadingProxySOCKSProxyAddrCascadingProxyHTTPSOCKSProtocolCascadingProxy808SOCKSPortCascadingProxy0SOCKSNeedAuthCascadingProxySOCKSUserNameCascadingProxySOCKSPasswordCascadingProxyBasicSOCKSAuthMethodCascadingProxySOCKSDomainCascadingProxy0CascadingSMTPCascadingProxySMTPProxyAddrCascadingProxyHTTPSMTPProtocolCascadingProxy808SMTPPortCascadingProxy0SMTPNeedAuthCascadingProxySMTPUserNameCascadingProxySMTPPasswordCascadingProxyBasicSMTPAuthMethodCascadingProxySMTPDomainCascadingProxy0CascadingPOP3CascadingProxyPOP3ProxyAddrCascadingProxyHTTPPOP3ProtocolCascadingProxy808POP3PortCascadingProxy0POP3NeedAuthCascadingProxyPOP3UserNameCascadingProxyPOP3PasswordCascadingProxyBasicPOP3AuthMethodCascadingProxyPOP3DomainCascadingProxy0CascadingOTHERSCascadingProxyOTHERSProxyAddrCascadingProxyHTTPOTHERSProtocolCascadingProxy808OTHERSPortCascadingProxy0OTHERSNeedAuthCascadingProxyOTHERSUserNameCascadingProxyOTHERSPasswordCascadingProxyBasicOTHERSAuthMethodCascadingProxyOTHERSDomainCascadingProxy1SaveLogsLog%s\LogLogPathLog1RequestURLLog0PicInfoLog10000MaxLineLog1NewLogDailyLog30MaxSaveDaysLogEnglishLanguageSystem5SocketIdleTimeoutSystem0PasswordProtectSystem0PasswordProtectStartupSystemPasswordSystem1DisableExternalUserSystemwww.yahoo.com;www.icq.com;www.internic.netWebSitesCheckInternetSystemAutoStartupsystemSoftware\Microsoft\Windows\CurrentVersion\RunCCProxyCCProxyCCProxyAutoHidesystemDialsystemStartDNSsystemStartFtpsystemStartFTPWebsystemStartGophersystemStartHttpsystemStartMailsystemStartNewssystemStartSecuresystemStartSockssystemStartTelnetsystemStartSocks4systemStartMapsystemStartAdminsystemHTTPPortSOCKSPortFTPPortTELNETPortNewsPortAdminPortControlPortAutoUpdateSystem#POP3Token@FTPToken#NewsTokenLocalIPsystem;AutoDetectsystemNTServiceSystemCCProxy AuthorizationWebAuthTitleExStringEx equals www.yahoo.com (Yahoo)
Source: CCProxy.exeString found in binary or memory: http://www.facebook.com/ccproxyhome equals www.facebook.com (Facebook)
Source: CCProxy.exe, 0000000A.00000002.490680709.0000000000A57000.00000004.00000020.sdmpString found in binary or memory: new-fp-shed.wg1.b.yahoo.comwww.yahoo.comW equals www.yahoo.com (Yahoo)
Source: CCProxy.exe, 0000000A.00000002.490680709.0000000000A57000.00000004.00000020.sdmpString found in binary or memory: www.yahoo.com equals www.yahoo.com (Yahoo)
Source: CCProxy.exe, 0000000A.00000002.490702580.0000000000A5D000.00000004.00000020.sdmpString found in binary or memory: www.yahoo.com0 equals www.yahoo.com (Yahoo)
Source: CCProxy.exeString found in binary or memory: www.yahoo.com;www.icq.com;www.internic.net equals www.yahoo.com (Yahoo)
Source: CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmpString found in binary or memory: www.yahoo.comr) equals www.yahoo.com (Yahoo)
Source: unknownDNS traffic detected: queries for: www.yahoo.com
Source: is-9JIIE.tmp.1.drString found in binary or memory: http://cp.youngzsoft.com/
Source: ccproxysetup-free.exeString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: ccproxysetup-free.exeString found in binary or memory: http://ocsp.thawte.com0
Source: ccproxysetup-free.exeString found in binary or memory: http://sf.symcb.com/sf.crl0f
Source: ccproxysetup-free.exeString found in binary or memory: http://sf.symcb.com/sf.crt0
Source: ccproxysetup-free.exeString found in binary or memory: http://sf.symcd.com0&
Source: ccproxysetup-free.exeString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: ccproxysetup-free.exeString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: ccproxysetup-free.exeString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: CCProxy.exe, 0000000D.00000002.284917111.0000000000955000.00000004.00000020.sdmp, CCProxy.exe, 0000000D.00000002.285150202.0000000002497000.00000004.00000040.sdmpString found in binary or memory: http://update.youngzsoft.com/ccproxy/update/ccproxysetup20180914.exe
Source: CCProxy.exeString found in binary or memory: http://update.youngzsoft.com/updatesystem/update.php
Source: ccproxysetup-free.tmp, 00000001.00000003.275716189.0000000004E00000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp, CCProxy.exe, 0000000D.00000002.283505482.0000000000574000.00000002.00020000.sdmp, is-DB5HA.tmp.1.drString found in binary or memory: http://update.youngzsoft.com/updatesystem/update.php%d
Source: CCProxy.exe, 0000000D.00000002.284917111.0000000000955000.00000004.00000020.sdmp, CCProxy.exe, 0000000D.00000002.285150202.0000000002497000.00000004.00000040.sdmpString found in binary or memory: http://update.youngzsoft.com/updatesystem/update.php?Upgrade&Silent&CheckUpdate&ProductName=CCProxy&
Source: ccproxysetup-free.tmp, 00000001.00000003.275716189.0000000004E00000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp, CCProxy.exe, 0000000D.00000002.283505482.0000000000574000.00000002.00020000.sdmp, is-DB5HA.tmp.1.drString found in binary or memory: http://update.youngzsoft.com/updatesystem/update.phpCCProxyccproxy0~Wt
Source: CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmpString found in binary or memory: http://user.y4I7
Source: CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmpString found in binary or memory: http://user.yo
Source: CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmpString found in binary or memory: http://user.youh
Source: CCProxy.exe, 0000000A.00000003.457744856.0000000003375000.00000004.00000001.sdmpString found in binary or memory: http://user.youhQ7
Source: CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmpString found in binary or memory: http://user.youngzsoft
Source: CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmpString found in binary or memory: http://user.youngzsoft.
Source: CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmpString found in binary or memory: http://user.youngzsoft.c
Source: CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmpString found in binary or memory: http://user.youngzsoft.co
Source: CCProxy.exe, 0000000A.00000003.457744856.0000000003375000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmpString found in binary or memory: http://user.youngzsoft.com/
Source: CCProxy.exeString found in binary or memory: http://user.youngzsoft.com/%s/language/language.xml
Source: ccproxysetup-free.tmp, 00000001.00000003.275716189.0000000004E00000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp, CCProxy.exe, 0000000D.00000002.283505482.0000000000574000.00000002.00020000.sdmp, is-DB5HA.tmp.1.drString found in binary or memory: http://user.youngzsoft.com/%s/language/language.xmlUpdate
Source: CCProxy.exe, CCProxy.exe, 0000000D.00000002.283505482.0000000000574000.00000002.00020000.sdmp, is-DB5HA.tmp.1.drString found in binary or memory: http://user.youngzsoft.com/active.php?regsoftware=cc&regsn=%s
Source: CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmpString found in binary or memory: http://user.youngzsoft.com/cc
Source: CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmpString found in binary or memory: http://user.youngzsoft.com/cc7
Source: CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmpString found in binary or memory: http://user.youngzsoft.com/ccpro
Source: CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmpString found in binary or memory: http://user.youngzsoft.com/ccprox
Source: CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmpString found in binary or memory: http://user.youngzsoft.com/ccproxD
Source: CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmpString found in binary or memory: http://user.youngzsoft.com/ccproxy/
Source: CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmpString found in binary or memory: http://user.youngzsoft.com/ccproxy/la
Source: CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmpString found in binary or memory: http://user.youngzsoft.com/ccproxy/lan
Source: CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmpString found in binary or memory: http://user.youngzsoft.com/ccproxy/lang
Source: CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmpString found in binary or memory: http://user.youngzsoft.com/ccproxy/lango
Source: CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmpString found in binary or memory: http://user.youngzsoft.com/ccproxy/langu
Source: CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmpString found in binary or memory: http://user.youngzsoft.com/ccproxy/langu$M7
Source: CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmpString found in binary or memory: http://user.youngzsoft.com/ccproxy/language/ara.in.
Source: ccproxysetup-free.tmp, 00000001.00000003.277421183.0000000005034000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.285150202.0000000002497000.00000004.00000040.sdmp, is-00336.tmp.1.drString found in binary or memory: http://user.youngzsoft.com/ccproxy/language/ara.ini
Source: CCProxy.exe, 0000000A.00000003.280139213.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.286837271.0000000002D68000.00000004.00000001.sdmpString found in binary or memory: http://user.youngzsoft.com/ccproxy/language/ara.ini/
Source: ccproxysetup-free.tmp, 00000001.00000003.277421183.0000000005034000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.285150202.0000000002497000.00000004.00000040.sdmp, is-00336.tmp.1.drString found in binary or memory: http://user.youngzsoft.com/ccproxy/language/bgr.ini
Source: CCProxy.exe, 0000000A.00000003.280139213.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.286837271.0000000002D68000.00000004.00000001.sdmpString found in binary or memory: http://user.youngzsoft.com/ccproxy/language/bgr.ini/
Source: ccproxysetup-free.tmp, 00000001.00000003.277421183.0000000005034000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.285150202.0000000002497000.00000004.00000040.sdmp, is-00336.tmp.1.drString found in binary or memory: http://user.youngzsoft.com/ccproxy/language/chs.ini
Source: CCProxy.exe, 0000000A.00000003.280139213.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.286837271.0000000002D68000.00000004.00000001.sdmpString found in binary or memory: http://user.youngzsoft.com/ccproxy/language/chs.ini/
Source: ccproxysetup-free.tmp, 00000001.00000003.277421183.0000000005034000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.285150202.0000000002497000.00000004.00000040.sdmp, is-00336.tmp.1.drString found in binary or memory: http://user.youngzsoft.com/ccproxy/language/cht.ini
Source: CCProxy.exe, 0000000A.00000003.280139213.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.286837271.0000000002D68000.00000004.00000001.sdmpString found in binary or memory: http://user.youngzsoft.com/ccproxy/language/cht.ini/
Source: CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.285150202.0000000002497000.00000004.00000040.sdmp, is-00336.tmp.1.drString found in binary or memory: http://user.youngzsoft.com/ccproxy/language/csy.ini
Source: CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000003.280139213.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.286837271.0000000002D68000.00000004.00000001.sdmpString found in binary or memory: http://user.youngzsoft.com/ccproxy/language/csy.ini/
Source: CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmpString found in binary or memory: http://user.youngzsoft.com/ccproxy/language/d
Source: ccproxysetup-free.tmp, 00000001.00000003.277421183.0000000005034000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000003.284007343.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.285150202.0000000002497000.00000004.00000040.sdmp, is-00336.tmp.1.drString found in binary or memory: http://user.youngzsoft.com/ccproxy/language/deu.ini
Source: CCProxy.exe, 0000000A.00000003.280139213.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.286837271.0000000002D68000.00000004.00000001.sdmpString found in binary or memory: http://user.youngzsoft.com/ccproxy/language/deu.ini/
Source: ccproxysetup-free.tmp, 00000001.00000003.277421183.0000000005034000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000003.284007343.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000003.277674329.0000000003378000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.285150202.0000000002497000.00000004.00000040.sdmp, is-00336.tmp.1.drString found in binary or memory: http://user.youngzsoft.com/ccproxy/language/enu.ini
Source: CCProxy.exe, 0000000A.00000003.277772982.0000000003372000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.286837271.0000000002D68000.00000004.00000001.sdmpString found in binary or memory: http://user.youngzsoft.com/ccproxy/language/enu.ini/
Source: ccproxysetup-free.tmp, 00000001.00000003.277421183.0000000005034000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000003.284007343.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.285150202.0000000002497000.00000004.00000040.sdmp, is-00336.tmp.1.drString found in binary or memory: http://user.youngzsoft.com/ccproxy/language/esp.ini
Source: CCProxy.exe, 0000000A.00000003.277772982.0000000003372000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000003.284007343.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.286837271.0000000002D68000.00000004.00000001.sdmpString found in binary or memory: http://user.youngzsoft.com/ccproxy/language/esp.ini/
Source: ccproxysetup-free.tmp, 00000001.00000003.277421183.0000000005034000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000003.284007343.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.285150202.0000000002497000.00000004.00000040.sdmp, is-00336.tmp.1.drString found in binary or memory: http://user.youngzsoft.com/ccproxy/language/fra.ini
Source: CCProxy.exe, 0000000A.00000003.280139213.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.286837271.0000000002D68000.00000004.00000001.sdmpString found in binary or memory: http://user.youngzsoft.com/ccproxy/language/fra.ini/
Source: ccproxysetup-free.tmp, 00000001.00000003.277421183.0000000005034000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000003.284007343.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.285150202.0000000002497000.00000004.00000040.sdmp, is-00336.tmp.1.drString found in binary or memory: http://user.youngzsoft.com/ccproxy/language/heb.ini
Source: CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000003.280139213.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.286837271.0000000002D68000.00000004.00000001.sdmpString found in binary or memory: http://user.youngzsoft.com/ccproxy/language/heb.ini/
Source: ccproxysetup-free.tmp, 00000001.00000003.277421183.0000000005034000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000003.284007343.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.285150202.0000000002497000.00000004.00000040.sdmp, is-00336.tmp.1.drString found in binary or memory: http://user.youngzsoft.com/ccproxy/language/hun.ini
Source: CCProxy.exe, 0000000A.00000003.344022918.0000000003375000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.286837271.0000000002D68000.00000004.00000001.sdmpString found in binary or memory: http://user.youngzsoft.com/ccproxy/language/hun.ini/
Source: ccproxysetup-free.tmp, 00000001.00000003.277421183.0000000005034000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000003.284007343.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.285150202.0000000002497000.00000004.00000040.sdmp, is-00336.tmp.1.drString found in binary or memory: http://user.youngzsoft.com/ccproxy/language/ita.ini
Source: CCProxy.exe, 0000000A.00000003.284007343.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000003.280139213.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.286837271.0000000002D68000.00000004.00000001.sdmpString found in binary or memory: http://user.youngzsoft.com/ccproxy/language/ita.ini/
Source: ccproxysetup-free.tmp, 00000001.00000003.277421183.0000000005034000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000003.284007343.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.285150202.0000000002497000.00000004.00000040.sdmp, is-00336.tmp.1.drString found in binary or memory: http://user.youngzsoft.com/ccproxy/language/jpn.ini
Source: CCProxy.exe, 0000000A.00000003.344022918.0000000003375000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.286837271.0000000002D68000.00000004.00000001.sdmpString found in binary or memory: http://user.youngzsoft.com/ccproxy/language/jpn.ini/
Source: ccproxysetup-free.tmp, 00000001.00000003.277421183.0000000005034000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000003.284007343.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.285150202.0000000002497000.00000004.00000040.sdmp, is-00336.tmp.1.drString found in binary or memory: http://user.youngzsoft.com/ccproxy/language/nld.ini
Source: CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000003.280139213.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.286837271.0000000002D68000.00000004.00000001.sdmpString found in binary or memory: http://user.youngzsoft.com/ccproxy/language/nld.ini/
Source: ccproxysetup-free.tmp, 00000001.00000003.277421183.0000000005034000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000003.284007343.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.285150202.0000000002497000.00000004.00000040.sdmp, is-00336.tmp.1.drString found in binary or memory: http://user.youngzsoft.com/ccproxy/language/ptb.ini
Source: CCProxy.exe, 0000000A.00000003.284007343.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.286837271.0000000002D68000.00000004.00000001.sdmpString found in binary or memory: http://user.youngzsoft.com/ccproxy/language/ptb.ini/
Source: ccproxysetup-free.tmp, 00000001.00000003.277421183.0000000005034000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000003.284007343.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.285150202.0000000002497000.00000004.00000040.sdmp, is-00336.tmp.1.drString found in binary or memory: http://user.youngzsoft.com/ccproxy/language/rom.ini
Source: CCProxy.exe, 0000000A.00000003.284007343.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.286837271.0000000002D68000.00000004.00000001.sdmpString found in binary or memory: http://user.youngzsoft.com/ccproxy/language/rom.ini/
Source: ccproxysetup-free.tmp, 00000001.00000003.277421183.0000000005034000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000003.284007343.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.285150202.0000000002497000.00000004.00000040.sdmp, is-00336.tmp.1.drString found in binary or memory: http://user.youngzsoft.com/ccproxy/language/rus.ini
Source: CCProxy.exe, 0000000A.00000003.284007343.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.286837271.0000000002D68000.00000004.00000001.sdmpString found in binary or memory: http://user.youngzsoft.com/ccproxy/language/rus.ini/
Source: ccproxysetup-free.tmp, 00000001.00000003.277421183.0000000005034000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000003.284007343.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.285150202.0000000002497000.00000004.00000040.sdmp, is-00336.tmp.1.drString found in binary or memory: http://user.youngzsoft.com/ccproxy/language/sve.ini
Source: CCProxy.exe, 0000000A.00000003.277772982.0000000003372000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.286837271.0000000002D68000.00000004.00000001.sdmpString found in binary or memory: http://user.youngzsoft.com/ccproxy/language/sve.ini/
Source: ccproxysetup-free.tmp, 00000001.00000003.277421183.0000000005034000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000003.284007343.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.285150202.0000000002497000.00000004.00000040.sdmp, is-00336.tmp.1.drString found in binary or memory: http://user.youngzsoft.com/ccproxy/language/trk.ini
Source: CCProxy.exe, 0000000A.00000003.344022918.0000000003375000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000003.277772982.0000000003372000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.286837271.0000000002D68000.00000004.00000001.sdmpString found in binary or memory: http://user.youngzsoft.com/ccproxy/language/trk.ini/
Source: CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmpString found in binary or memory: http://user.youngzsoft.com/ccproxy/lh
Source: CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmpString found in binary or memory: http://user.youngztN7
Source: ccproxysetup-free.tmp, 00000001.00000003.275716189.0000000004E00000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp, CCProxy.exe, 0000000D.00000002.283505482.0000000000574000.00000002.00020000.sdmp, is-DB5HA.tmp.1.drString found in binary or memory: http://www.HomePageURLHomePageURLHomePageURL.com/?ref=proghttp://www.http://update.youngzsoft.com/up
Source: is-KT4QD.tmp.1.drString found in binary or memory: http://www.ccproxy.com/
Source: ccproxysetup-free.tmp, 00000001.00000003.277421183.0000000005034000.00000004.00000001.sdmp, is-KT4QD.tmp.1.drString found in binary or memory: http://www.ccproxy.com/user.htm
Source: ccproxysetup-free.tmp, ccproxysetup-free.tmp, 00000001.00000000.221342209.0000000000401000.00000020.00020000.sdmp, ccproxysetup-free.tmp.0.drString found in binary or memory: http://www.innosetup.com/
Source: ccproxysetup-free.exeString found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdline
Source: ccproxysetup-free.exeString found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: ccproxysetup-free.exe, 00000000.00000003.220044616.0000000002490000.00000004.00000001.sdmp, ccproxysetup-free.tmp, ccproxysetup-free.tmp.0.drString found in binary or memory: http://www.remobjects.com/ps
Source: ccproxysetup-free.exe, 00000000.00000003.220044616.0000000002490000.00000004.00000001.sdmp, ccproxysetup-free.tmp, 00000001.00000000.221342209.0000000000401000.00000020.00020000.sdmp, ccproxysetup-free.tmp.0.drString found in binary or memory: http://www.remobjects.com/psU
Source: ccproxysetup-free.tmp, 00000001.00000003.277421183.0000000005034000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000003.310098228.0000000005540000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000003.282682997.0000000002E60000.00000004.00000001.sdmp, is-6AVVG.tmp.1.drString found in binary or memory: http://www.youngzsoft.net/ccproxy/
Source: ccproxysetup-free.exeString found in binary or memory: http://www.youngzsoft.net/ccproxy/0
Source: ccproxysetup-free.tmp, 00000001.00000003.277421183.0000000005034000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000003.310098228.0000000005540000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000003.282682997.0000000002E60000.00000004.00000001.sdmp, is-6AVVG.tmp.1.drString found in binary or memory: http://www.youngzsoft.net/ccproxy/purchase.htm
Source: ccproxysetup-free.exeString found in binary or memory: https://d.symcb.com/cps0%
Source: ccproxysetup-free.exeString found in binary or memory: https://d.symcb.com/rpa0
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_004F290A GetPropW,GlobalLock,SendMessageW,SendMessageW,GlobalUnlock,RemovePropW,GlobalFree,GlobalUnlock,GetAsyncKeyState,SendMessageW,10_2_004F290A
Source: CCProxy.exe, 0000000A.00000002.490571229.00000000009EA000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_0042F520 NtdllDefWindowProc_A,1_2_0042F520
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_00423B84 NtdllDefWindowProc_A,1_2_00423B84
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_004125D8 NtdllDefWindowProc_A,1_2_004125D8
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_00478E54 NtdllDefWindowProc_A,1_2_00478E54
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_00457594 PostMessageA,PostMessageA,SetForegroundWindow,NtdllDefWindowProc_A,1_2_00457594
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_0042E934: CreateFileA,DeviceIoControl,GetLastError,CloseHandle,SetLastError,1_2_0042E934
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_0049F5E0 OpenSCManagerW,OpenServiceW,ControlService,QueryServiceStatus,Sleep,DeleteService,CloseServiceHandle,CloseServiceHandle,OpenSCManagerW,GetModuleFileNameW,wsprintfW,CreateServiceW,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,10_2_0049F5E0
Source: C:\Users\user\Desktop\ccproxysetup-free.exeCode function: 0_2_00409448 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,0_2_00409448
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_004555E4 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,1_2_004555E4
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_0043B120 GetVersionExW,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,10_2_0043B120
Source: C:\CCProxy\CCProxy.exeCode function: 13_2_0043B120 GetVersionExW,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,13_2_0043B120
Source: C:\Users\user\Desktop\ccproxysetup-free.exeCode function: 0_2_0040840C0_2_0040840C
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_0048E3601_2_0048E360
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_004707F81_2_004707F8
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_00480DD31_2_00480DD3
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_004673A41_2_004673A4
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_0043035C1_2_0043035C
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_004444C81_2_004444C8
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_004345C41_2_004345C4
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_00444A701_2_00444A70
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_00430EE81_2_00430EE8
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_00486FAC1_2_00486FAC
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_0045F0C41_2_0045F0C4
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_004451681_2_00445168
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_0045B1741_2_0045B174
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_004352C81_2_004352C8
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_004694201_2_00469420
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_004455741_2_00445574
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_004519BC1_2_004519BC
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_0043DD501_2_0043DD50
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_00487F0C1_2_00487F0C
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_0047817010_2_00478170
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_004385E010_2_004385E0
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_0041E0A010_2_0041E0A0
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_0054220910_2_00542209
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_0055839410_2_00558394
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_004084E010_2_004084E0
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_0040852210_2_00408522
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_004086E010_2_004086E0
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_00408AE010_2_00408AE0
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_0055AB9610_2_0055AB96
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_00544CA210_2_00544CA2
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_00488EF010_2_00488EF0
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_00558F5410_2_00558F54
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_0049D03010_2_0049D030
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_0052D3F110_2_0052D3F1
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_0040D38010_2_0040D380
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_0040158010_2_00401580
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_00545E8510_2_00545E85
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_00549F7F10_2_00549F7F
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_00401FC010_2_00401FC0
Source: C:\CCProxy\CCProxy.exeCode function: 13_2_0047817013_2_00478170
Source: C:\CCProxy\CCProxy.exeCode function: 13_2_0055839413_2_00558394
Source: C:\CCProxy\CCProxy.exeCode function: 13_2_004084E013_2_004084E0
Source: C:\CCProxy\CCProxy.exeCode function: 13_2_0040852213_2_00408522
Source: C:\CCProxy\CCProxy.exeCode function: 13_2_004385E013_2_004385E0
Source: C:\CCProxy\CCProxy.exeCode function: 13_2_004086E013_2_004086E0
Source: C:\CCProxy\CCProxy.exeCode function: 13_2_00408AE013_2_00408AE0
Source: C:\CCProxy\CCProxy.exeCode function: 13_2_00544CA213_2_00544CA2
Source: C:\CCProxy\CCProxy.exeCode function: 13_2_00558F5413_2_00558F54
Source: C:\CCProxy\CCProxy.exeCode function: 13_2_0049D03013_2_0049D030
Source: C:\CCProxy\CCProxy.exeCode function: 13_2_0040D3CA13_2_0040D3CA
Source: C:\CCProxy\CCProxy.exeCode function: 13_2_0052D3F113_2_0052D3F1
Source: C:\CCProxy\CCProxy.exeCode function: 13_2_0040158013_2_00401580
Source: C:\CCProxy\CCProxy.exeCode function: 13_2_00401FC013_2_00401FC0
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: String function: 00408C0C appears 45 times
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: String function: 00406AC4 appears 43 times
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: String function: 0040595C appears 117 times
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: String function: 00457F1C appears 77 times
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: String function: 00403400 appears 60 times
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: String function: 00445DD4 appears 45 times
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: String function: 00457D10 appears 105 times
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: String function: 004344DC appears 32 times
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: String function: 004078F4 appears 43 times
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: String function: 00403494 appears 83 times
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: String function: 00403684 appears 226 times
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: String function: 00453344 appears 98 times
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: String function: 004460A4 appears 59 times
Source: C:\CCProxy\CCProxy.exeCode function: String function: 00415E20 appears 52 times
Source: C:\CCProxy\CCProxy.exeCode function: String function: 00424520 appears 31 times
Source: C:\CCProxy\CCProxy.exeCode function: String function: 00415DA0 appears 98 times
Source: C:\CCProxy\CCProxy.exeCode function: String function: 0042D9B0 appears 44 times
Source: C:\CCProxy\CCProxy.exeCode function: String function: 005322F0 appears 107 times
Source: C:\CCProxy\CCProxy.exeCode function: String function: 004B1E70 appears 34 times
Source: C:\CCProxy\CCProxy.exeCode function: String function: 0052AB81 appears 32 times
Source: C:\CCProxy\CCProxy.exeCode function: String function: 004171C0 appears 76 times
Source: C:\CCProxy\CCProxy.exeCode function: String function: 00424600 appears 81 times
Source: C:\CCProxy\CCProxy.exeCode function: String function: 00544584 appears 39 times
Source: C:\CCProxy\CCProxy.exeCode function: String function: 004D7FF0 appears 36 times
Source: C:\CCProxy\CCProxy.exeCode function: String function: 00499290 appears 35 times
Source: C:\CCProxy\CCProxy.exeCode function: String function: 00499B00 appears 98 times
Source: C:\CCProxy\CCProxy.exeCode function: String function: 00527D48 appears 145 times
Source: C:\CCProxy\CCProxy.exeCode function: String function: 005323FC appears 99 times
Source: ccproxysetup-free.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: ccproxysetup-free.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: ccproxysetup-free.tmp.0.drStatic PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
Source: is-HNGLT.tmp.1.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-HNGLT.tmp.1.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: is-HNGLT.tmp.1.drStatic PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
Source: ccproxysetup-free.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: ccproxysetup-free.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: ccproxysetup-free.tmp.0.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: ccproxysetup-free.tmp.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: ccproxysetup-free.tmp.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: is-HNGLT.tmp.1.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: is-HNGLT.tmp.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: is-HNGLT.tmp.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: ccproxysetup-free.exe, 00000000.00000002.284332394.00000000023A0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameKernelbase.dll.muij% vs ccproxysetup-free.exe
Source: ccproxysetup-free.exe, 00000000.00000003.220044616.0000000002490000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameshfolder.dll~/ vs ccproxysetup-free.exe
Source: ccproxysetup-free.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI, RELOCS_STRIPPED
Source: classification engineClassification label: sus20.spyw.evad.winEXE@8/40@3/3
Source: C:\Users\user\Desktop\ccproxysetup-free.exeCode function: 0_2_00409448 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,0_2_00409448
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_004555E4 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,1_2_004555E4
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_004CAAE0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,CloseHandle,AdjustTokenPrivileges,CloseHandle,CloseHandle,10_2_004CAAE0
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_0043B120 GetVersionExW,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,10_2_0043B120
Source: C:\CCProxy\CCProxy.exeCode function: 13_2_004CAAE0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,CloseHandle,AdjustTokenPrivileges,CloseHandle,CloseHandle,13_2_004CAAE0
Source: C:\CCProxy\CCProxy.exeCode function: 13_2_0043B120 GetVersionExW,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,13_2_0043B120
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_00455E0C GetModuleHandleA,GetProcAddress,GetDiskFreeSpaceExA,GetDiskFreeSpaceA,1_2_00455E0C
Source: C:\CCProxy\CCProxy.exeCode function: OpenSCManagerW,OpenServiceW,ControlService,QueryServiceStatus,Sleep,DeleteService,CloseServiceHandle,CloseServiceHandle,OpenSCManagerW,GetModuleFileNameW,wsprintfW,CreateServiceW,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,10_2_0049F5E0
Source: C:\CCProxy\CCProxy.exeCode function: OpenSCManagerW,OpenServiceW,ControlService,QueryServiceStatus,Sleep,DeleteService,CloseServiceHandle,CloseServiceHandle,OpenSCManagerW,GetModuleFileNameW,wsprintfW,CreateServiceW,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,13_2_0049F5E0
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_004F0B69 __EH_prolog3_GS,_memset,GetVersionExW,_malloc,_memset,_DebugHeapAllocator,_wcschr,CoInitializeEx,CoCreateInstance,10_2_004F0B69
Source: C:\Users\user\Desktop\ccproxysetup-free.exeCode function: 0_2_00409C34 FindResourceA,SizeofResource,LoadResource,LockResource,0_2_00409C34
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_0049FCB0 StartServiceCtrlDispatcherW,10_2_0049FCB0
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_0049FCB0 StartServiceCtrlDispatcherW,10_2_0049FCB0
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
Source: C:\CCProxy\CCProxy.exeMutant created: \Sessions\1\BaseNamedObjects\Global\CCProxy is running
Source: C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SapiOneCoreServerStartingOrConnecting
Source: C:\Users\user\Desktop\ccproxysetup-free.exeFile created: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\ccproxysetup-free.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
Source: C:\CCProxy\CCProxy.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\CCProxy\CCProxy.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\CCProxy\CCProxy.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\CCProxy\CCProxy.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: ccproxysetup-free.exeString found in binary or memory: need to be updated. /RESTARTAPPLICATIONS Instructs Setup to restart applications. /NORESTARTAPPLICATIONS Prevents Setup from restarting applications. /LOADINF="filename" Instructs Setup to load the settings from the specified file after having checked t
Source: CCProxy.exeString found in binary or memory: -stop
Source: CCProxy.exeString found in binary or memory: -start
Source: CCProxy.exeString found in binary or memory: -installsvr
Source: CCProxy.exeString found in binary or memory: -uninstall: uninstall program -start: start service -stop: stop service -restart: restart service -update: update xml data
Source: CCProxy.exeString found in binary or memory: -uninstall: uninstall program -start: start service -stop: stop service -restart: restart service -update: update xml data
Source: CCProxy.exeString found in binary or memory: -uninstall: uninstall program-start: start service-stop: stop service-restart: restart service-update: update xml data
Source: CCProxy.exeString found in binary or memory: -uninstall: uninstall program-start: start service-stop: stop service-restart: restart service-update: update xml data
Source: CCProxy.exeString found in binary or memory: -installsvr
Source: ccproxysetup-free.exeString found in binary or memory: /LOADINF="filename"
Source: C:\Users\user\Desktop\ccproxysetup-free.exeFile read: C:\Users\user\Desktop\ccproxysetup-free.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\ccproxysetup-free.exe 'C:\Users\user\Desktop\ccproxysetup-free.exe'
Source: C:\Users\user\Desktop\ccproxysetup-free.exeProcess created: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmp 'C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmp' /SL5='$110082,836261,56832,C:\Users\user\Desktop\ccproxysetup-free.exe'
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpProcess created: C:\CCProxy\CCProxy.exe C:\CCProxy\CCProxy.exe
Source: unknownProcess created: C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe -Embedding
Source: C:\CCProxy\CCProxy.exeProcess created: C:\CCProxy\CCProxy.exe C:\CCProxy\CCProxy.exe -Upgrade '-UpdateUrl=http%3A%2F%2Fupdate.youngzsoft.com%2Fupdatesystem%2Fupdate.php' '-Silent' '-CheckUpdate' '-ProductName=CCProxy' '-ReleaseTime=2016-07-22+09%3A57%3A12' '-MachineID=90cf1f244918b5ca' '-License='
Source: C:\Users\user\Desktop\ccproxysetup-free.exeProcess created: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmp 'C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmp' /SL5='$110082,836261,56832,C:\Users\user\Desktop\ccproxysetup-free.exe' Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpProcess created: C:\CCProxy\CCProxy.exe C:\CCProxy\CCProxy.exeJump to behavior
Source: C:\CCProxy\CCProxy.exeProcess created: C:\CCProxy\CCProxy.exe C:\CCProxy\CCProxy.exe -Upgrade '-UpdateUrl=http%3A%2F%2Fupdate.youngzsoft.com%2Fupdatesystem%2Fupdate.php' '-Silent' '-CheckUpdate' '-ProductName=CCProxy' '-ReleaseTime=2016-07-22+09%3A57%3A12' '-MachineID=90cf1f244918b5ca' '-License='Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
Source: C:\CCProxy\CCProxy.exeFile written: C:\CCProxy\CCProxy.iniJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpWindow found: window name: TMainFormJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpAutomated click: Install
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCProxy_is1Jump to behavior
Source: ccproxysetup-free.exeStatic PE information: certificate valid
Source: ccproxysetup-free.exeStatic file information: File size 1093328 > 1048576
Source: Binary string: D:\yinwuqi\ccproxy\Release\Win32\CCProxy.pdb source: ccproxysetup-free.tmp, 00000001.00000003.275716189.0000000004E00000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp, CCProxy.exe, 0000000D.00000002.283505482.0000000000574000.00000002.00020000.sdmp, is-DB5HA.tmp.1.dr
Source: Binary string: D:\yinwuqi\ccproxy\Release\Win32\CCProxy.pdb0\dYZ source: ccproxysetup-free.tmp, 00000001.00000003.275716189.0000000004E00000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp, CCProxy.exe, 0000000D.00000002.283505482.0000000000574000.00000002.00020000.sdmp, is-DB5HA.tmp.1.dr
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_004502C0 GetVersion,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,1_2_004502C0
Source: is-HNGLT.tmp.1.drStatic PE information: real checksum: 0xafd71 should be: 0xbda13
Source: _setup64.tmp.1.drStatic PE information: real checksum: 0x0 should be: 0x6a87
Source: C:\Users\user\Desktop\ccproxysetup-free.exeCode function: 0_2_004065C8 push 00406605h; ret 0_2_004065FD
Source: C:\Users\user\Desktop\ccproxysetup-free.exeCode function: 0_2_004040B5 push eax; ret 0_2_004040F1
Source: C:\Users\user\Desktop\ccproxysetup-free.exeCode function: 0_2_00408104 push ecx; mov dword ptr [esp], eax0_2_00408109
Source: C:\Users\user\Desktop\ccproxysetup-free.exeCode function: 0_2_0040C218 push eax; ret 0_2_0040C219
Source: C:\Users\user\Desktop\ccproxysetup-free.exeCode function: 0_2_004042DE push 00404391h; ret 0_2_00404389
Source: C:\Users\user\Desktop\ccproxysetup-free.exeCode function: 0_2_004042E8 push 00404391h; ret 0_2_00404389
Source: C:\Users\user\Desktop\ccproxysetup-free.exeCode function: 0_2_00408F38 push 00408F6Bh; ret 0_2_00408F63
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_00484364 push 00484472h; ret 1_2_0048446A
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_0040994C push 00409989h; ret 1_2_00409981
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_004062B4 push ecx; mov dword ptr [esp], eax1_2_004062B5
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_004104E0 push ecx; mov dword ptr [esp], edx1_2_004104E5
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_00412928 push 0041298Bh; ret 1_2_00412983
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_0049AD30 pushad ; retf 1_2_0049AD3F
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_0040CE38 push ecx; mov dword ptr [esp], edx1_2_0040CE3A
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_004951EC push ecx; mov dword ptr [esp], ecx1_2_004951F1
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_004592D0 push 00459314h; ret 1_2_0045930C
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_0040F398 push ecx; mov dword ptr [esp], edx1_2_0040F39A
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_00443440 push ecx; mov dword ptr [esp], ecx1_2_00443444
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_0040546D push eax; ret 1_2_004054A9
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_00405696 push 00405749h; ret 1_2_00405741
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_004056A0 push 00405749h; ret 1_2_00405741
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_004517F8 push 0045182Bh; ret 1_2_00451823
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_004519BC push ecx; mov dword ptr [esp], eax1_2_004519C1
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_00485A54 push ecx; mov dword ptr [esp], ecx1_2_00485A59
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_00419C28 push ecx; mov dword ptr [esp], ecx1_2_00419C2D
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_0045FD1C push ecx; mov dword ptr [esp], ecx1_2_0045FD20
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_00409E4F push ds; ret 1_2_00409E50
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_00409E23 push ds; ret 1_2_00409E4D
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_00477E9C push ecx; mov dword ptr [esp], edx1_2_00477E9D
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_00457FB8 push 00457FF0h; ret 1_2_00457FE8
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_005323C8 push ecx; ret 10_2_005323DB
Source: C:\Users\user\Desktop\ccproxysetup-free.exeFile created: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpFile created: C:\CCProxy\is-DB5HA.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpFile created: C:\CCProxy\is-HNGLT.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpFile created: C:\Users\user\AppData\Local\Temp\is-E27H8.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpFile created: C:\Users\user\AppData\Local\Temp\is-E27H8.tmp\_isetup\_shfoldr.dllJump to dropped file
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_00478170 _memset,GetModuleFileNameW,_memset,__swprintf,_memset,_memset,GetPrivateProfileStringW,_memset,GetPrivateProfileStringW,StrTrimW,StrTrimW,_wcsncpy,_wcslen,__wcsnicmp,_memset,GetWindowsDirectoryW,_wcscat,GetPrivateProfileIntW,GetSystemTime,_memset,__swprintf,WritePrivateProfileStringW,_memset,_wcscat,_memset,_wcscat,_memset,_memset,_wcscpy,__swprintf,_wcscpy,__swprintf,_DebugHeapAllocator,_wcscat,WritePrivateProfileStringW,WritePrivateProfileStringW,10_2_00478170
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_004862A0 _memset,_memset,GetModuleFileNameW,PathRemoveFileSpecW,_DebugHeapAllocator,_memset,__swprintf,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,_DebugHeapAllocator,GetPrivateProfileStringW,_DebugHeapAllocator,GetPrivateProfileStringW,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,_DebugHeapAllocator,GetPrivateProfileStringW,_DebugHeapAllocator,GetPrivateProfileStringW,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,_DebugHeapAllocator,GetPrivateProfileStringW,_DebugHeapAllocator,GetPrivateProfileStringW,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,_DebugHeapAllocator,GetPrivateProfileStringW,_DebugHeapAllocator,GetPrivateProfileStringW,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,_DebugHeapAllocator,GetPrivateProfileStringW,_DebugHeapAllocator,GetPrivateProfileStringW,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,_DebugHeapAllocator,GetPrivateProfileStringW,_DebugHeapAllocator,GetPrivateProfileStringW,__swprintf,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileIntW,RegOpenKeyExW,_memset,RegQueryValueExW,_wcslen,RegDeleteValueW,_memset,GetModuleFi10_2_004862A0
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_0043C9E0 _memset,GetPrivateProfileStringW,10_2_0043C9E0
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_00420DC0 _memset,_memset,GetModuleFileNameW,PathRemoveFileSpecW,__swprintf,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,_memset,_memset,__swprintf,__swprintf,lstrcpyW,_wcslen,lstrcpyW,lstrcpyW,_wcslen,lstrcpyW,lstrcpyW,_wcslen,lstrcpyW,lstrcpyW,_wcslen,lstrcpyW,inet_addr,lstrcpyW,_wcslen,lstrcpyW,inet_addr,_wcslen,_wcslen,_wcslen,_wcslen,_wcslen,_wcslen,_wcslen,_wcslen,_wcslen,_wcslen,_wcslen,lstrcpyW,_wcslen,lstrcpyW,_wcslen,_wcslen,lstrcpyW,_wcslen,lstrcpyW,_wcslen,GetPrivateProfileStringW,_wcslen,_wcslen,_wcslen,_memset,__swprintf,__swprintf,GetPrivateProfileStringW,__swprintf,GetPrivateProfileStringW,__swprintf,GetPrivateProfileIntW,__swprintf,__swprintf,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetCurrentActCtxWorker,_fseek,_ftell,_fseek,__fread_nolock,_wcscpy,_wcslen,_wcscpy,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,10_2_00420DC0
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_00497300 GetPrivateProfileIntW,10_2_00497300
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_004365E0 _DebugHeapAllocator,_memset,GetPrivateProfileStringW,_DebugHeapAllocator,GetPrivateProfileStringW,_DebugHeapAllocator,_DebugHeapAllocator,_memset,_wcscpy,10_2_004365E0
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_004229C3 __swprintf,__swprintf,GetPrivateProfileStringW,__swprintf,GetPrivateProfileStringW,__swprintf,GetPrivateProfileIntW,10_2_004229C3
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_0042ECD0 _memset,GetModuleFileNameW,_memset,__swprintf,_memset,GetPrivateProfileStringW,GetLocaleInfoW,_memset,_wcscpy,_wcscpy,_wcscpy,_wcscpy,_wcscpy,_wcscpy,_wcscpy,10_2_0042ECD0
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_00488EF0 _DebugHeapAllocator,_memset,GetModuleFileNameW,PathRemoveFileSpecW,_DebugHeapAllocator,_memset,__swprintf,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,_memset,GetPrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,_memset,GetModuleFileNameW,WritePrivateProfileStringW,RegOpenKeyExW,_memset,RegQueryValueExW,_wcslen,_memset,GetModuleFileNameW,_wcslen,RegSetValueExW,RegCloseKey,RegOpenKeyExW,RegCreateKeyW,_memset,GetModuleFileNameW,_wcslen,RegSetValueExW,RegCloseKey,RegOpenKeyExW,_memset,RegQueryValueExW,_wcslen,RegDeleteValueW,RegCloseKey,WritePrivateProfileStringW,__swprintf,WritePrivateProfileStringW,__swprintf,WritePrivateProfileStringW,WritePrivateProfileStringW,_wcslen,WritePrivateProfileStringW,_wcslen,WritePrivateProfileStringW,__swprintf,_wcslen,WritePrivateProfileStringW,__swprintf,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,__swprintf,WritePrivateProfileStringW,WritePrivateProfileStringW,_wcslen,WritePrivateProfileStringW,_wcslen,WritePrivateProfileStringW,__swprintf,WritePrivateProfileStringW,WritePrivateProfileStringW,_wcslen,WritePrivateProfileStringW,__swprintf,_wcslen,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,_wcslen,WritePrivateProfileStringW,_wcslen,WritePrivateProfileStringW,__swprintf,WritePrivateProfileStringW,WritePrivateProfileStringW,_wcslen,WritePrivateProfileStringW,__swprintf,_wcslen,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,_wcslen,WritePrivateProfileStringW,_wcslen,WritePrivateProfileStringW,__swprintf,WritePrivateProfileStringW,WritePrivateProfileStringW,_wcslen,WritePrivateProfileStringW,__swprintf,_wcslen,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,_wcslen,WritePrivateProfileStringW,_wcslen,WritePrivateProfileStringW,__swprintf,WritePrivateProfileStringW,WritePrivateProfileStringW,_wcslen,WritePrivateProfileStringW,__swprintf,_wcslen,WritePrivateProfileStringW,WritePriva10_2_00488EF0
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_00420FBE __swprintf,__swprintf,lstrcpyW,_wcslen,lstrcpyW,lstrcpyW,_wcslen,lstrcpyW,lstrcpyW,_wcslen,lstrcpyW,lstrcpyW,_wcslen,lstrcpyW,inet_addr,lstrcpyW,_wcslen,lstrcpyW,inet_addr,_wcslen,_wcslen,_wcslen,_wcslen,_wcslen,_wcslen,_wcslen,_wcslen,_wcslen,_wcslen,_wcslen,lstrcpyW,_wcslen,lstrcpyW,_wcslen,_wcslen,lstrcpyW,_wcslen,lstrcpyW,_wcslen,GetPrivateProfileStringW,_wcslen,_wcslen,_wcslen,10_2_00420FBE
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_00447140 _memset,GetPrivateProfileStringW,_wcslen,_memset,__swprintf,_memset,GetLocalTime,__swprintf,__swprintf,_memset,__swprintf,FindFirstFileW,FindNextFileW,FindClose,10_2_00447140
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_0040D380 _DebugHeapAllocator,_DebugHeapAllocator,_DebugHeapAllocator,inet_ntoa,_DebugHeapAllocator,inet_ntoa,inet_ntoa,_DebugHeapAllocator,_swscanf,_memset,GetModuleFileNameW,_memset,GetPrivateProfileStringW,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,_DebugHeapAllocator,_DebugHeapAllocator,_DebugHeapAllocator,_DebugHeapAllocator,_DebugHeapAllocator,_DebugHeapAllocator,_DebugHeapAllocator,__wcsicoll,__wcsicoll,_memset,GetModuleFileNameW,_memset,__swprintf,_memset,GetPrivateProfileStringW,10_2_0040D380
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_00449A30 _memset,GetModuleFileNameW,PathRemoveFileSpecW,_memset,__swprintf,_memset,GetPrivateProfileStringW,_memset,__swprintf,__swprintf,10_2_00449A30
Source: C:\CCProxy\CCProxy.exeCode function: 13_2_00478170 _memset,GetModuleFileNameW,_memset,__swprintf,_memset,_memset,GetPrivateProfileStringW,_memset,GetPrivateProfileStringW,StrTrimW,StrTrimW,_wcsncpy,_wcslen,__wcsnicmp,_memset,GetWindowsDirectoryW,_wcscat,GetPrivateProfileIntW,GetSystemTime,_memset,__swprintf,WritePrivateProfileStringW,_memset,_wcscat,_memset,_wcscat,_memset,_memset,_wcscpy,__swprintf,_wcscpy,__swprintf,_DebugHeapAllocator,_wcscat,WritePrivateProfileStringW,WritePrivateProfileStringW,13_2_00478170
Source: C:\CCProxy\CCProxy.exeCode function: 13_2_004365E0 _DebugHeapAllocator,_memset,GetPrivateProfileStringW,_DebugHeapAllocator,GetPrivateProfileStringW,_DebugHeapAllocator,_DebugHeapAllocator,_memset,_wcscpy,13_2_004365E0
Source: C:\CCProxy\CCProxy.exeCode function: 13_2_004229E0 __swprintf,__swprintf,GetPrivateProfileStringW,__swprintf,GetPrivateProfileStringW,__swprintf,GetPrivateProfileIntW,13_2_004229E0
Source: C:\CCProxy\CCProxy.exeCode function: 13_2_0043C9E0 _memset,GetPrivateProfileStringW,13_2_0043C9E0
Source: C:\CCProxy\CCProxy.exeCode function: 13_2_0042ECD0 _memset,GetModuleFileNameW,_memset,__swprintf,_memset,GetPrivateProfileStringW,GetLocaleInfoW,_memset,_wcscpy,_wcscpy,_wcscpy,_wcscpy,_wcscpy,_wcscpy,_wcscpy,13_2_0042ECD0
Source: C:\CCProxy\CCProxy.exeCode function: 13_2_00447140 _memset,GetPrivateProfileStringW,_wcslen,_memset,__swprintf,_memset,GetLocalTime,__swprintf,__swprintf,_memset,__swprintf,FindFirstFileW,FindNextFileW,FindClose,13_2_00447140
Source: C:\CCProxy\CCProxy.exeCode function: 13_2_00497300 GetPrivateProfileIntW,13_2_00497300
Source: C:\CCProxy\CCProxy.exeCode function: 13_2_0040D3CA _DebugHeapAllocator,_DebugHeapAllocator,_DebugHeapAllocator,inet_ntoa,_DebugHeapAllocator,inet_ntoa,inet_ntoa,_DebugHeapAllocator,_swscanf,_memset,GetModuleFileNameW,_memset,GetPrivateProfileStringW,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,_DebugHeapAllocator,_DebugHeapAllocator,_DebugHeapAllocator,_DebugHeapAllocator,_DebugHeapAllocator,_DebugHeapAllocator,_DebugHeapAllocator,__wcsicoll,__wcsicoll,_memset,GetModuleFileNameW,_memset,__swprintf,_memset,GetPrivateProfileStringW,13_2_0040D3CA
Source: C:\CCProxy\CCProxy.exeCode function: 13_2_00449A30 _memset,GetModuleFileNameW,PathRemoveFileSpecW,_memset,__swprintf,_memset,GetPrivateProfileStringW,_memset,__swprintf,__swprintf,13_2_00449A30
Source: C:\CCProxy\CCProxy.exeCode function: 13_2_00421D92 _wcslen,_wcslen,lstrcpyW,_wcslen,lstrcpyW,_wcslen,_wcslen,lstrcpyW,_wcslen,lstrcpyW,_wcslen,GetPrivateProfileStringW,_wcslen,_wcslen,_wcslen,13_2_00421D92
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCProxyJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCProxy\CCProxy.lnkJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCProxy\Uninstall CCProxy.lnkJump to behavior
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_0049FCB0 StartServiceCtrlDispatcherW,10_2_0049FCB0
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_0042285C SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow,1_2_0042285C
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_00423C0C IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,1_2_00423C0C
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_00423C0C IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,1_2_00423C0C
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_004241DC IsIconic,SetActiveWindow,SetFocus,1_2_004241DC
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_00424194 IsIconic,SetActiveWindow,1_2_00424194
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_00418384 IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,1_2_00418384
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_00417598 IsIconic,GetCapture,1_2_00417598
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_00417CCE IsIconic,SetWindowPos,1_2_00417CCE
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_00417CD0 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement,1_2_00417CD0
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_00483D18 IsIconic,GetWindowLongA,ShowWindow,ShowWindow,1_2_00483D18
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_00434800 _memset,GetPrivateProfileStringW,_memset,_wcscpy,FindWindowW,_memset,_memset,GetWindowLongW,GetModuleFileNameW,GetModuleFileNameW,__wcsicoll,IsIconic,ShowWindow,ShowWindow,SetForegroundWindow,10_2_00434800
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_004E00E5 MonitorFromWindow,IsIconic,GetWindowPlacement,GetWindowRect,10_2_004E00E5
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_0043B000 IsIconic,10_2_0043B000
Source: C:\CCProxy\CCProxy.exeCode function: 13_2_0043486A _memset,GetPrivateProfileStringW,_memset,_wcscpy,FindWindowW,_memset,_memset,GetWindowLongW,GetModuleFileNameW,GetModuleFileNameW,__wcsicoll,IsIconic,ShowWindow,ShowWindow,SetForegroundWindow,13_2_0043486A
Source: C:\CCProxy\CCProxy.exeCode function: 13_2_0043B000 IsIconic,13_2_0043B000
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_0041F118 GetVersion,SetErrorMode,LoadLibraryA,SetErrorMode,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,1_2_0041F118
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
Source: C:\Users\user\Desktop\ccproxysetup-free.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\CCProxy\CCProxy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\CCProxy\CCProxy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\CCProxy\CCProxy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\CCProxy\CCProxy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\CCProxy\CCProxy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\CCProxy\CCProxy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\CCProxy\CCProxy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\CCProxy\CCProxy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\CCProxy\CCProxy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\CCProxy\CCProxy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\CCProxy\CCProxy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\CCProxy\CCProxy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\CCProxy\CCProxy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\CCProxy\CCProxy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\CCProxy\CCProxy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\CCProxy\CCProxy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\CCProxy\CCProxy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\CCProxy\CCProxy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\CCProxy\CCProxy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\CCProxy\CCProxy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
Source: C:\CCProxy\CCProxy.exeCode function: GlobalAlloc,GetAdaptersInfo,GlobalFree,GlobalAlloc,GetAdaptersInfo,GlobalFree,GlobalFree,_memset,10_2_0043A610
Source: C:\CCProxy\CCProxy.exeCode function: CoInitialize,CoCreateInstance,VariantInit,_printf,_printf,_printf,_memset,GetAdaptersInfo,_printf,_printf,_printf,__wcsicoll,_printf,VariantClear,CoUninitialize,10_2_00435560
Source: C:\CCProxy\CCProxy.exeCode function: GlobalAlloc,GetAdaptersInfo,GlobalFree,GlobalAlloc,GetAdaptersInfo,GlobalFree,GlobalFree,_memset,13_2_0043A610
Source: C:\CCProxy\CCProxy.exeCode function: CoInitialize,CoCreateInstance,VariantInit,_printf,_printf,_printf,_memset,GetAdaptersInfo,_printf,_printf,_printf,__wcsicoll,_printf,VariantClear,CoUninitialize,13_2_00435560
Source: C:\CCProxy\CCProxy.exeWindow / User API: threadDelayed 2844Jump to behavior
Source: C:\CCProxy\CCProxy.exeWindow / User API: threadDelayed 2806Jump to behavior
Source: C:\CCProxy\CCProxy.exeWindow / User API: threadDelayed 1275Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpDropped PE file which has not been started: C:\CCProxy\is-HNGLT.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-E27H8.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-E27H8.tmp\_isetup\_shfoldr.dllJump to dropped file
Source: C:\Users\user\Desktop\ccproxysetup-free.exeEvasive API call chain: GetSystemTime,DecisionNodesgraph_0-5317
Source: C:\CCProxy\CCProxy.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
Source: C:\CCProxy\CCProxy.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_10-68565
Source: C:\CCProxy\CCProxy.exeAPI coverage: 2.4 %
Source: C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe TID: 7096Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe TID: 7092Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\CCProxy\CCProxy.exeThread sleep count: Count: 2844 delay: -10Jump to behavior
Source: C:\CCProxy\CCProxy.exeThread sleep count: Count: 2806 delay: -10Jump to behavior
Source: C:\CCProxy\CCProxy.exeThread sleep count: Count: 1275 delay: -10Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_00452A60 FindFirstFileA,GetLastError,1_2_00452A60
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_0047531C FindFirstFileA,FindNextFileA,FindClose,1_2_0047531C
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_00464158 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,1_2_00464158
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_004985E4 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,1_2_004985E4
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_00462750 FindFirstFileA,FindNextFileA,FindClose,1_2_00462750
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_00463CDC SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,1_2_00463CDC
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_0050A250 __EH_prolog3_GS,GetFullPathNameW,_DebugHeapAllocator,PathIsUNCW,GetVolumeInformationW,CharUpperW,FindFirstFileW,FindClose,lstrlenW,_DebugHeapAllocator,10_2_0050A250
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_00447140 _memset,GetPrivateProfileStringW,_wcslen,_memset,__swprintf,_memset,GetLocalTime,__swprintf,__swprintf,_memset,__swprintf,FindFirstFileW,FindNextFileW,FindClose,10_2_00447140
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_004F7F75 FindFirstFileW,GetLastError,lstrlenW,SetLastError,__wfullpath,__wsplitpath_s,__wmakepath_s,10_2_004F7F75
Source: C:\CCProxy\CCProxy.exeCode function: 13_2_0050A250 __EH_prolog3_GS,GetFullPathNameW,_DebugHeapAllocator,PathIsUNCW,GetVolumeInformationW,CharUpperW,FindFirstFileW,FindClose,lstrlenW,_DebugHeapAllocator,13_2_0050A250
Source: C:\CCProxy\CCProxy.exeCode function: 13_2_00447140 _memset,GetPrivateProfileStringW,_wcslen,_memset,__swprintf,_memset,GetLocalTime,__swprintf,__swprintf,_memset,__swprintf,FindFirstFileW,FindNextFileW,FindClose,13_2_00447140
Source: C:\CCProxy\CCProxy.exeCode function: 13_2_004F7F75 FindFirstFileW,GetLastError,lstrlenW,SetLastError,__wfullpath,__wsplitpath_s,__wmakepath_s,13_2_004F7F75
Source: C:\Users\user\Desktop\ccproxysetup-free.exeCode function: 0_2_00409B78 GetSystemInfo,VirtualQuery,VirtualProtect,VirtualProtect,VirtualQuery,0_2_00409B78
Source: ccproxysetup-free.exe, 00000000.00000002.284332394.00000000023A0000.00000002.00000001.sdmp, ccproxysetup-free.tmp, 00000001.00000002.282555557.0000000002F40000.00000002.00000001.sdmp, SpeechRuntime.exe, 0000000C.00000002.306637995.00000267F4CC0000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
Source: SpeechRuntime.exe, 0000000C.00000003.306132386.00000267F3239000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAWM
Source: SpeechRuntime.exe, 0000000C.00000002.306377338.00000267F3158000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAWp
Source: SpeechRuntime.exe, 0000000C.00000003.306132386.00000267F3239000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.284917111.0000000000955000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW
Source: ccproxysetup-free.exe, 00000000.00000002.284332394.00000000023A0000.00000002.00000001.sdmp, ccproxysetup-free.tmp, 00000001.00000002.282555557.0000000002F40000.00000002.00000001.sdmp, SpeechRuntime.exe, 0000000C.00000002.306637995.00000267F4CC0000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
Source: ccproxysetup-free.exe, 00000000.00000002.284332394.00000000023A0000.00000002.00000001.sdmp, ccproxysetup-free.tmp, 00000001.00000002.282555557.0000000002F40000.00000002.00000001.sdmp, SpeechRuntime.exe, 0000000C.00000002.306637995.00000267F4CC0000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
Source: ccproxysetup-free.exe, 00000000.00000002.284332394.00000000023A0000.00000002.00000001.sdmp, ccproxysetup-free.tmp, 00000001.00000002.282555557.0000000002F40000.00000002.00000001.sdmp, SpeechRuntime.exe, 0000000C.00000002.306637995.00000267F4CC0000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
Source: CCProxy.exe, 0000000A.00000002.490599286.0000000000A27000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllvv
Source: C:\CCProxy\CCProxy.exeAPI call chain: ExitProcess graph end nodegraph_10-68525
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpProcess information queried: ProcessInformationJump to behavior
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_00528656 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,10_2_00528656
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_004502C0 GetVersion,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,1_2_004502C0
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_0055D2DC CreateFileW,__lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock,10_2_0055D2DC
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_00528656 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,10_2_00528656
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_004959C0 SetUnhandledExceptionFilter,__set_invalid_parameter_handler,__set_invalid_parameter_handler,__set_abort_behavior,_signal,_signal,_signal,10_2_004959C0
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_00527C5D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,10_2_00527C5D
Source: C:\CCProxy\CCProxy.exeCode function: 13_2_00528656 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,13_2_00528656
Source: C:\CCProxy\CCProxy.exeCode function: 13_2_004959C0 SetUnhandledExceptionFilter,__set_invalid_parameter_handler,__set_invalid_parameter_handler,__set_abort_behavior,_signal,_signal,_signal,13_2_004959C0
Source: C:\CCProxy\CCProxy.exeCode function: 13_2_00527C5D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,13_2_00527C5D
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_00478898 ShellExecuteEx,GetLastError,MsgWaitForMultipleObjects,GetExitCodeProcess,CloseHandle,1_2_00478898
Source: C:\CCProxy\CCProxy.exeProcess created: C:\CCProxy\CCProxy.exe C:\CCProxy\CCProxy.exe -Upgrade '-UpdateUrl=http%3A%2F%2Fupdate.youngzsoft.com%2Fupdatesystem%2Fupdate.php' '-Silent' '-CheckUpdate' '-ProductName=CCProxy' '-ReleaseTime=2016-07-22+09%3A57%3A12' '-MachineID=90cf1f244918b5ca' '-License='Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_0042E09C AllocateAndInitializeSid,GetVersion,GetModuleHandleA,GetProcAddress,CheckTokenMembership,GetCurrentThread,OpenThreadToken,GetLastError,GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLastError,GetTokenInformation,EqualSid,CloseHandle,FreeSid,1_2_0042E09C
Source: CCProxy.exe, 0000000A.00000002.490871272.0000000001070000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
Source: CCProxy.exe, 0000000A.00000002.490871272.0000000001070000.00000002.00000001.sdmpBinary or memory string: Progman
Source: CCProxy.exe, 0000000A.00000002.490871272.0000000001070000.00000002.00000001.sdmpBinary or memory string: SProgram Managerl
Source: CCProxy.exe, 0000000A.00000002.490871272.0000000001070000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd,
Source: CCProxy.exe, 0000000A.00000002.490871272.0000000001070000.00000002.00000001.sdmpBinary or memory string: Progmanlock
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_004D1460 cpuid 10_2_004D1460
Source: C:\Users\user\Desktop\ccproxysetup-free.exeCode function: GetLocaleInfoA,0_2_0040520C
Source: C:\Users\user\Desktop\ccproxysetup-free.exeCode function: GetLocaleInfoA,0_2_00405258
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: GetLocaleInfoA,1_2_00408568
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: GetLocaleInfoA,1_2_004085B4
Source: C:\CCProxy\CCProxy.exeCode function: _memset,_wcscpy,WritePrivateProfileStringW,_memset,_wcscpy,_memset,GetLocaleInfoW,__swprintf,__wcsicoll,__swprintf,__wcsicoll,__swprintf,WritePrivateProfileStringW,10_2_00434BB0
Source: C:\CCProxy\CCProxy.exeCode function: _memset,GetPrivateProfileStringW,PathFileExistsW,WritePrivateProfileStringW,WritePrivateProfileStringW,_memset,GetLocaleInfoW,GetLocaleInfoW,SafeRWList,WritePrivateProfileStringW,WritePrivateProfileStringW,10_2_00499420
Source: C:\CCProxy\CCProxy.exeCode function: _DebugHeapAllocator,_memset,GetModuleFileNameW,_memset,__swprintf,_memset,_wcslen,_wcslen,_DebugHeapAllocator,GetLocaleInfoW,_memset,_memset,__swprintf,_memset,_DebugHeapAllocator,_wcsncpy,WritePrivateProfileStringW,__wcsicoll,__wcsicoll,_DebugHeapAllocator,__wcsicoll,_DebugHeapAllocator,_DebugHeapAllocator,10_2_00476BE0
Source: C:\CCProxy\CCProxy.exeCode function: _memset,GetModuleFileNameW,_memset,__swprintf,_memset,GetPrivateProfileStringW,GetLocaleInfoW,_memset,_wcscpy,_wcscpy,_wcscpy,_wcscpy,_wcscpy,_wcscpy,_wcscpy,10_2_0042ECD0
Source: C:\CCProxy\CCProxy.exeCode function: GetLocaleInfoA,10_2_00559122
Source: C:\CCProxy\CCProxy.exeCode function: _memset,_wcscpy,WritePrivateProfileStringW,_memset,_wcscpy,_memset,GetLocaleInfoW,__swprintf,__wcsicoll,__swprintf,__wcsicoll,__swprintf,WritePrivateProfileStringW,13_2_00434BCB
Source: C:\CCProxy\CCProxy.exeCode function: _DebugHeapAllocator,_memset,GetModuleFileNameW,_memset,__swprintf,_memset,_wcslen,_wcslen,_DebugHeapAllocator,GetLocaleInfoW,_memset,_memset,__swprintf,_memset,_DebugHeapAllocator,_wcsncpy,WritePrivateProfileStringW,__wcsicoll,__wcsicoll,_DebugHeapAllocator,__wcsicoll,_DebugHeapAllocator,_DebugHeapAllocator,13_2_00476BE0
Source: C:\CCProxy\CCProxy.exeCode function: _memset,GetModuleFileNameW,_memset,__swprintf,_memset,GetPrivateProfileStringW,GetLocaleInfoW,_memset,_wcscpy,_wcscpy,_wcscpy,_wcscpy,_wcscpy,_wcscpy,_wcscpy,13_2_0042ECD0
Source: C:\CCProxy\CCProxy.exeCode function: GetLocaleInfoA,13_2_00559122
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\CCProxy\CCProxy.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\CCProxy\CCProxy.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\CCProxy\CCProxy.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_004585C8 GetTickCount,QueryPerformanceCounter,GetSystemTimeAsFileTime,GetCurrentProcessId,CreateNamedPipeA,GetLastError,CreateFileA,SetNamedPipeHandleState,CreateProcessA,CloseHandle,CloseHandle,1_2_004585C8
Source: C:\Users\user\Desktop\ccproxysetup-free.exeCode function: 0_2_004026C4 GetSystemTime,0_2_004026C4
Source: C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmpCode function: 1_2_0045559C GetUserNameA,1_2_0045559C
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_0053CAD4 __lock,__get_daylight,__invoke_watson,__get_daylight,__invoke_watson,__get_daylight,__invoke_watson,____lc_codepage_func,__getenv_helper_nolock,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,__invoke_watson,__invoke_watson,10_2_0053CAD4
Source: C:\Users\user\Desktop\ccproxysetup-free.exeCode function: 0_2_00405CF4 GetVersionExA,0_2_00405CF4
Source: C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Stealing of Sensitive Information:

barindex
Tries to steal Mail credentials (via file registry)Show sources
Source: C:\CCProxy\CCProxy.exeCode function: _memset,_memset,GetModuleFileNameW,PathRemoveFileSpecW,_DebugHeapAllocator,_memset,__swprintf,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,_DebugHeapAllocator,GetPrivateProfileStringW,_DebugHeapAllocator,GetPrivateProfileStringW,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,_DebugHeapAllocator,GetPrivateProfileStringW,_DebugHeapAllocator,GetPrivateProfileStringW,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,_DebugHeapAllocator,GetPrivateProfileStringW,_DebugHeapAllocator,GetPrivateProfileStringW,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,_DebugHeapAllocator,GetPrivateProfileStringW,_DebugHeapAllocator,GetPrivateProfileStringW,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,_DebugHeapAllocator,GetPrivateProfileStringW,_DebugHeapAllocator,GetPrivateProfileStringW,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,_DebugHeapAllocator,GetPrivateProfileStringW,_DebugHeapAllocator,GetPrivateProfileStringW,__swprintf,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileStringW,GetPrivateProfileStringW,_wcscpy,GetPrivateProfileIntW,RegOpenKeyExW,_memset,RegQueryValueExW,_wcslen,RegDeleteValueW,_memset,GetModuleFileNameW,_wcsle10_2_004862A0
Source: C:\CCProxy\CCProxy.exeCode function: _DebugHeapAllocator,_memset,GetModuleFileNameW,PathRemoveFileSpecW,_DebugHeapAllocator,_memset,__swprintf,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,_memset,GetPrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,_memset,GetModuleFileNameW,WritePrivateProfileStringW,RegOpenKeyExW,_memset,RegQueryValueExW,_wcslen,_memset,GetModuleFileNameW,_wcslen,RegSetValueExW,RegCloseKey,RegOpenKeyExW,RegCreateKeyW,_memset,GetModuleFileNameW,_wcslen,RegSetValueExW,RegCloseKey,RegOpenKeyExW,_memset,RegQueryValueExW,_wcslen,RegDeleteValueW,RegCloseKey,WritePrivateProfileStringW,__swprintf,WritePrivateProfileStringW,__swprintf,WritePrivateProfileStringW,WritePrivateProfileStringW,_wcslen,WritePrivateProfileStringW,_wcslen,WritePrivateProfileStringW,__swprintf,_wcslen,WritePrivateProfileStringW,__swprintf,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,__swprintf,WritePrivateProfileStringW,WritePrivateProfileStringW,_wcslen,WritePrivateProfileStringW,_wcslen,WritePrivateProfileStringW,__swprintf,WritePrivateProfileStringW,WritePrivateProfileStringW,_wcslen,WritePrivateProfileStringW,__swprintf,_wcslen,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,_wcslen,WritePrivateProfileStringW,_wcslen,WritePrivateProfileStringW,__swprintf,WritePrivateProfileStringW,WritePrivateProfileStringW,_wcslen,WritePrivateProfileStringW,__swprintf,_wcslen,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,_wcslen,WritePrivateProfileStringW,_wcslen,WritePrivateProfileStringW,__swprintf,WritePrivateProfileStringW,WritePrivateProfileStringW,_wcslen,WritePrivateProfileStringW,__swprintf,_wcslen,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,WritePrivateProfileStringW,_wcslen,WritePrivateProfileStringW,_wcslen,WritePrivateProfileStringW,__swprintf,WritePrivateProfileStringW,WritePrivateProfileStringW,_wcslen,WritePrivateProfileStringW,__swprintf,_wcslen,WritePrivateProfileStringW,WritePrivateProfileStrin10_2_00488EF0
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_004C9FE0 socket,setsockopt,inet_addr,htons,bind,shutdown,closesocket,_wcscpy,CreateThread,10_2_004C9FE0
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_004CA1F0 shutdown,closesocket,MsgWaitForMultipleObjects,TerminateThread,CloseHandle,socket,inet_addr,htons,bind,shutdown,closesocket,_wcscpy,CreateThread,10_2_004CA1F0
Source: C:\CCProxy\CCProxy.exeCode function: 10_2_00472350 WSASocketW,WSASocketW,WSASocketW,htons,inet_addr,bind,WSAGetLastError,shutdown,closesocket,__CxxThrowException@8,__CxxThrowException@8,listen,CreateThread,10_2_00472350
Source: C:\CCProxy\CCProxy.exeCode function: 13_2_004CA1F0 shutdown,closesocket,MsgWaitForMultipleObjects,TerminateThread,CloseHandle,socket,inet_addr,htons,bind,shutdown,closesocket,_wcscpy,CreateThread,13_2_004CA1F0
Source: C:\CCProxy\CCProxy.exeCode function: 13_2_00472350 WSASocketW,WSASocketW,WSASocketW,htons,inet_addr,bind,WSAGetLastError,shutdown,closesocket,__CxxThrowException@8,__CxxThrowException@8,listen,CreateThread,13_2_00472350
Source: C:\CCProxy\CCProxy.exeCode function: 13_2_004C9FE0 socket,setsockopt,inet_addr,htons,bind,shutdown,closesocket,_wcscpy,CreateThread,13_2_004C9FE0

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsNative API3Application Shimming1Exploitation for Privilege Escalation1Deobfuscate/Decode Files or Information1Input Capture21System Time Discovery2Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer2Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
Default AccountsCommand and Scripting Interpreter2Windows Service15Application Shimming1Obfuscated Files or Information2Credentials in Registry1Account Discovery1Remote Desktop ProtocolInput Capture21Exfiltration Over BluetoothEncrypted Channel2Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsService Execution12Registry Run Keys / Startup Folder1Access Token Manipulation1Software Packing1Security Account ManagerFile and Directory Discovery3SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Windows Service15Masquerading1NTDSSystem Information Discovery36Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol2SIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptProcess Injection13Virtualization/Sandbox Evasion3LSA SecretsQuery Registry1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRegistry Run Keys / Startup Folder1Access Token Manipulation1Cached Domain CredentialsSecurity Software Discovery31VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup ItemsProcess Injection13DCSyncVirtualization/Sandbox Evasion3Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemProcess Discovery2Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Masquerading/etc/passwd and /etc/shadowApplication Window Discovery11Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Invalid Code SignatureNetwork SniffingSystem Owner/User Discovery3Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
Compromise Software Dependencies and Development ToolsWindows Command ShellCronCronRight-to-Left OverrideInput CaptureRemote System Discovery1Replication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop
Compromise Software Supply ChainUnix ShellLaunchdLaunchdRename System UtilitiesKeyloggingSystem Network Configuration Discovery1Component Object Model and Distributed COMScreen CaptureExfiltration over USBDNSInhibit System Recovery

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
ccproxysetup-free.exe2%VirustotalBrowse
ccproxysetup-free.exe5%MetadefenderBrowse
ccproxysetup-free.exe0%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\CCProxy\is-DB5HA.tmp0%MetadefenderBrowse
C:\CCProxy\is-DB5HA.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-E27H8.tmp\_isetup\_setup64.tmp0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\is-E27H8.tmp\_isetup\_setup64.tmp2%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-E27H8.tmp\_isetup\_shfoldr.dll0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\is-E27H8.tmp\_isetup\_shfoldr.dll3%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmp2%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmp3%ReversingLabs

Unpacked PE Files

SourceDetectionScannerLabelLinkDownload
0.2.ccproxysetup-free.exe.400000.0.unpack100%AviraTR/Dropper.GenDownload File
1.2.ccproxysetup-free.tmp.400000.0.unpack100%AviraTR/Dropper.GenDownload File
0.3.ccproxysetup-free.exe.21f8000.2.unpack100%AviraTR/Crypt.XPACK.GenDownload File

Domains

SourceDetectionScannerLabelLink
update.youngzsoft.com0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://user.youngzsoft.com/ccproxy/language/fra.ini/0%Avira URL Cloudsafe
http://user.youngzsoft.com/ccproxy/language/heb.ini0%Avira URL Cloudsafe
http://user.youngzsoft.com/ccproxy/0%Avira URL Cloudsafe
http://user.youngzsoft.com/ccproxy/language/cht.ini0%Avira URL Cloudsafe
http://user.yo0%Avira URL Cloudsafe
http://user.youngzsoft.com/ccproxy/language/ptb.ini0%Avira URL Cloudsafe
http://user.youngzsoft.com/ccproxy/language/chs.ini/0%Avira URL Cloudsafe
http://user.youngzsoft.com/ccproxy/language/rus.ini/0%Avira URL Cloudsafe
http://update.youngzsoft.com/updatesystem/update.phpCCProxyccproxy0~Wt0%Avira URL Cloudsafe
http://user.youngzsoft.com/ccproxy/language/hun.ini/0%Avira URL Cloudsafe
http://user.youhQ70%Avira URL Cloudsafe
http://user.youngzsoft.com/ccproxy/language/ara.ini0%Avira URL Cloudsafe
http://user.youngzsoft.com/ccproxy/language/ptb.ini/0%Avira URL Cloudsafe
http://user.youngztN70%Avira URL Cloudsafe
http://user.youngzsoft.com/ccproxy/language/sve.ini/0%Avira URL Cloudsafe
http://update.youngzsoft.com/updatesystem/update.php%d0%Avira URL Cloudsafe
http://user.youngzsoft.com/ccproxy/language/nld.ini0%Avira URL Cloudsafe
http://user.youngzsoft.com/%s/language/language.xml0%Avira URL Cloudsafe
http://user.youngzsoft.com/ccproxy/language/bgr.ini0%Avira URL Cloudsafe
http://update.youngzsoft.com/ccproxy/update/ccproxysetup20180914.exe0%Avira URL Cloudsafe
http://user.youngzsoft.c0%Avira URL Cloudsafe
http://user.youngzsoft.com/%s/language/language.xmlUpdate0%Avira URL Cloudsafe
http://user.youngzsoft.com/ccproxy/language/cht.ini/0%Avira URL Cloudsafe
http://user.youngzsoft.com/ccproxy/language/jpn.ini0%Avira URL Cloudsafe
http://update.youngzsoft.com/updatesystem/update.php?Upgrade&Silent&CheckUpdate&ProductName=CCProxy&ReleaseTime=2016-07-22+09%3A57%3A12&MachineID=90cf1f244918b5ca&License=0%Avira URL Cloudsafe
http://user.youngzsoft.com/ccproxy/language/jpn.ini/0%Avira URL Cloudsafe
http://user.youngzsoft.co0%Avira URL Cloudsafe
http://user.youngzsoft.com/ccproxy/lan0%Avira URL Cloudsafe
http://user.youngzsoft.com/ccproxy/language/rom.ini/0%Avira URL Cloudsafe
http://user.youngzsoft.com/cc70%Avira URL Cloudsafe
http://user.youngzsoft.com/ccproxy/language/ita.ini/0%Avira URL Cloudsafe
http://user.youngzsoft.com/ccprox0%Avira URL Cloudsafe
http://user.youngzsoft.com/ccproxy/language/nld.ini/0%Avira URL Cloudsafe
http://update.youngzsoft.com/updatesystem/update.php0%Avira URL Cloudsafe
http://user.youngzsoft.com/ccproxy/language/csy.ini0%Avira URL Cloudsafe
http://user.youngzsoft.com/ccproxy/language/chs.ini0%Avira URL Cloudsafe
http://user.youngzsoft.com/ccproxy/language/deu.ini/0%Avira URL Cloudsafe
http://user.youngzsoft.com/ccproxD0%Avira URL Cloudsafe
http://user.youngzsoft.com/ccproxy/lang0%Avira URL Cloudsafe
http://www.innosetup.com/0%URL Reputationsafe
http://www.innosetup.com/0%URL Reputationsafe
http://www.innosetup.com/0%URL Reputationsafe
http://user.youngzsoft.com/active.php?regsoftware=cc&regsn=%s0%Avira URL Cloudsafe
http://cp.youngzsoft.com/0%Avira URL Cloudsafe
http://user.youngzsoft.com/ccproxy/lh0%Avira URL Cloudsafe
http://user.youngzsoft.com/ccproxy/language/ara.in.0%Avira URL Cloudsafe
http://user.youngzsoft.com/ccproxy/language/heb.ini/0%Avira URL Cloudsafe
http://ocsp.thawte.com00%URL Reputationsafe
http://ocsp.thawte.com00%URL Reputationsafe
http://ocsp.thawte.com00%URL Reputationsafe
http://user.youngzsoft.com/ccproxy/language/rus.ini0%Avira URL Cloudsafe
http://user.youngzsoft.com/ccproxy/la0%Avira URL Cloudsafe
http://update.youngzsoft.com/updatesystem/update.php?Upgrade&Silent&CheckUpdate&ProductName=CCProxy&0%Avira URL Cloudsafe
http://user.youngzsoft.com/ccproxy/language/fra.ini0%Avira URL Cloudsafe
http://www.HomePageURLHomePageURLHomePageURL.com/?ref=proghttp://www.http://update.youngzsoft.com/up0%Avira URL Cloudsafe
http://user.youngzsoft.com/ccproxy/language/bgr.ini/0%Avira URL Cloudsafe
http://user.youngzsoft.com/ccproxy/language/enu.ini0%Avira URL Cloudsafe
http://user.youngzsoft.0%Avira URL Cloudsafe
http://user.youngzsoft.com/ccproxy/language/trk.ini0%Avira URL Cloudsafe
http://user.youngzsoft.com/ccpro0%Avira URL Cloudsafe
http://www.ccproxy.com/user.htm0%Avira URL Cloudsafe
http://user.y4I70%Avira URL Cloudsafe
http://user.youh0%Avira URL Cloudsafe
http://user.youngzsoft.com/ccproxy/language/enu.ini/0%Avira URL Cloudsafe
http://www.remobjects.com/psU0%URL Reputationsafe
http://www.remobjects.com/psU0%URL Reputationsafe
http://www.remobjects.com/psU0%URL Reputationsafe
http://user.youngzsoft.com/ccproxy/langu0%Avira URL Cloudsafe
http://user.youngzsoft.com/ccproxy/language/deu.ini0%Avira URL Cloudsafe
http://www.ccproxy.com/0%Avira URL Cloudsafe
http://user.youngzsoft.com/ccproxy/language/d0%Avira URL Cloudsafe
http://user.youngzsoft.com/ccproxy/language/ita.ini0%Avira URL Cloudsafe
http://user.youngzsoft.com/cc0%Avira URL Cloudsafe
http://user.youngzsoft.com/ccproxy/lango0%Avira URL Cloudsafe
http://user.youngzsoft.com/ccproxy/langu$M70%Avira URL Cloudsafe
http://user.youngzsoft.com/ccproxy/language/ara.ini/0%Avira URL Cloudsafe
http://www.remobjects.com/ps0%URL Reputationsafe
http://www.remobjects.com/ps0%URL Reputationsafe
http://www.remobjects.com/ps0%URL Reputationsafe
http://user.youngzsoft.com/ccproxy/language/csy.ini/0%Avira URL Cloudsafe
http://user.youngzsoft.com/ccproxy/language/esp.ini/0%Avira URL Cloudsafe
http://user.youngzsoft.com/ccproxy/language/sve.ini0%Avira URL Cloudsafe
http://user.youngzsoft.com/ccproxy/language/trk.ini/0%Avira URL Cloudsafe
http://user.youngzsoft.com/ccproxy/language/esp.ini0%Avira URL Cloudsafe
http://user.youngzsoft0%Avira URL Cloudsafe
http://user.youngzsoft.com/0%Avira URL Cloudsafe
http://user.youngzsoft.com/ccproxy/language/hun.ini0%Avira URL Cloudsafe
http://user.youngzsoft.com/ccproxy/language/rom.ini0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
new-fp-shed.wg1.b.yahoo.com
87.248.100.215
truefalse
    		high
    update.youngzsoft.com
    		96.126.108.173
    		truefalseunknown
    www.yahoo.com
    		unknown
    		unknownfalse
      		high

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      http://update.youngzsoft.com/updatesystem/update.php?Upgrade&Silent&CheckUpdate&ProductName=CCProxy&ReleaseTime=2016-07-22+09%3A57%3A12&MachineID=90cf1f244918b5ca&License=false
      • Avira URL Cloud: safe
      		unknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://www.youngzsoft.net/ccproxy/ccproxysetup-free.tmp, 00000001.00000003.277421183.0000000005034000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000003.310098228.0000000005540000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000003.282682997.0000000002E60000.00000004.00000001.sdmp, is-6AVVG.tmp.1.drfalse
        		high
        http://user.youngzsoft.com/ccproxy/language/fra.ini/CCProxy.exe, 0000000A.00000003.280139213.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.286837271.0000000002D68000.00000004.00000001.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://user.youngzsoft.com/ccproxy/language/heb.iniccproxysetup-free.tmp, 00000001.00000003.277421183.0000000005034000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000003.284007343.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.285150202.0000000002497000.00000004.00000040.sdmp, is-00336.tmp.1.drfalse
        • Avira URL Cloud: safe
        		unknown
        http://user.youngzsoft.com/ccproxy/CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://user.youngzsoft.com/ccproxy/language/cht.iniccproxysetup-free.tmp, 00000001.00000003.277421183.0000000005034000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.285150202.0000000002497000.00000004.00000040.sdmp, is-00336.tmp.1.drfalse
        • Avira URL Cloud: safe
        		unknown
        http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupUccproxysetup-free.exefalse
          		high
          http://user.yoCCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://user.youngzsoft.com/ccproxy/language/ptb.iniccproxysetup-free.tmp, 00000001.00000003.277421183.0000000005034000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000003.284007343.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.285150202.0000000002497000.00000004.00000040.sdmp, is-00336.tmp.1.drfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.youngzsoft.net/ccproxy/purchase.htmccproxysetup-free.tmp, 00000001.00000003.277421183.0000000005034000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000003.310098228.0000000005540000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000003.282682997.0000000002E60000.00000004.00000001.sdmp, is-6AVVG.tmp.1.drfalse
            		high
            http://user.youngzsoft.com/ccproxy/language/chs.ini/CCProxy.exe, 0000000A.00000003.280139213.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.286837271.0000000002D68000.00000004.00000001.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://user.youngzsoft.com/ccproxy/language/rus.ini/CCProxy.exe, 0000000A.00000003.284007343.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.286837271.0000000002D68000.00000004.00000001.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://update.youngzsoft.com/updatesystem/update.phpCCProxyccproxy0~Wtccproxysetup-free.tmp, 00000001.00000003.275716189.0000000004E00000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp, CCProxy.exe, 0000000D.00000002.283505482.0000000000574000.00000002.00020000.sdmp, is-DB5HA.tmp.1.drfalse
            • Avira URL Cloud: safe
            		unknown
            http://user.youngzsoft.com/ccproxy/language/hun.ini/CCProxy.exe, 0000000A.00000003.344022918.0000000003375000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.286837271.0000000002D68000.00000004.00000001.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://user.youhQ7CCProxy.exe, 0000000A.00000003.457744856.0000000003375000.00000004.00000001.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://user.youngzsoft.com/ccproxy/language/ara.iniccproxysetup-free.tmp, 00000001.00000003.277421183.0000000005034000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.285150202.0000000002497000.00000004.00000040.sdmp, is-00336.tmp.1.drfalse
            • Avira URL Cloud: safe
            		unknown
            http://user.youngzsoft.com/ccproxy/language/ptb.ini/CCProxy.exe, 0000000A.00000003.284007343.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.286837271.0000000002D68000.00000004.00000001.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://user.youngztN7CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://user.youngzsoft.com/ccproxy/language/sve.ini/CCProxy.exe, 0000000A.00000003.277772982.0000000003372000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.286837271.0000000002D68000.00000004.00000001.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://update.youngzsoft.com/updatesystem/update.php%dccproxysetup-free.tmp, 00000001.00000003.275716189.0000000004E00000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp, CCProxy.exe, 0000000D.00000002.283505482.0000000000574000.00000002.00020000.sdmp, is-DB5HA.tmp.1.drfalse
            • Avira URL Cloud: safe
            		unknown
            http://user.youngzsoft.com/ccproxy/language/nld.iniccproxysetup-free.tmp, 00000001.00000003.277421183.0000000005034000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000003.284007343.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.285150202.0000000002497000.00000004.00000040.sdmp, is-00336.tmp.1.drfalse
            • Avira URL Cloud: safe
            		unknown
            http://user.youngzsoft.com/%s/language/language.xmlCCProxy.exefalse
            • Avira URL Cloud: safe
            		unknown
            http://user.youngzsoft.com/ccproxy/language/bgr.iniccproxysetup-free.tmp, 00000001.00000003.277421183.0000000005034000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.285150202.0000000002497000.00000004.00000040.sdmp, is-00336.tmp.1.drfalse
            • Avira URL Cloud: safe
            		unknown
            http://update.youngzsoft.com/ccproxy/update/ccproxysetup20180914.exeCCProxy.exe, 0000000D.00000002.284917111.0000000000955000.00000004.00000020.sdmp, CCProxy.exe, 0000000D.00000002.285150202.0000000002497000.00000004.00000040.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://user.youngzsoft.cCCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://user.youngzsoft.com/%s/language/language.xmlUpdateccproxysetup-free.tmp, 00000001.00000003.275716189.0000000004E00000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp, CCProxy.exe, 0000000D.00000002.283505482.0000000000574000.00000002.00020000.sdmp, is-DB5HA.tmp.1.drfalse
            • Avira URL Cloud: safe
            		unknown
            http://user.youngzsoft.com/ccproxy/language/cht.ini/CCProxy.exe, 0000000A.00000003.280139213.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.286837271.0000000002D68000.00000004.00000001.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://user.youngzsoft.com/ccproxy/language/jpn.iniccproxysetup-free.tmp, 00000001.00000003.277421183.0000000005034000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000003.284007343.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.285150202.0000000002497000.00000004.00000040.sdmp, is-00336.tmp.1.drfalse
            • Avira URL Cloud: safe
            		unknown
            http://crl.thawte.com/ThawteTimestampingCA.crl0ccproxysetup-free.exefalse
              		high
              http://user.youngzsoft.com/ccproxy/language/jpn.ini/CCProxy.exe, 0000000A.00000003.344022918.0000000003375000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.286837271.0000000002D68000.00000004.00000001.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://user.youngzsoft.coCCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://user.youngzsoft.com/ccproxy/lanCCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://user.youngzsoft.com/ccproxy/language/rom.ini/CCProxy.exe, 0000000A.00000003.284007343.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.286837271.0000000002D68000.00000004.00000001.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://user.youngzsoft.com/cc7CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.youngzsoft.net/ccproxy/0ccproxysetup-free.exefalse
                		high
                http://user.youngzsoft.com/ccproxy/language/ita.ini/CCProxy.exe, 0000000A.00000003.284007343.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000003.280139213.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.286837271.0000000002D68000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://user.youngzsoft.com/ccproxCCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://user.youngzsoft.com/ccproxy/language/nld.ini/CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000003.280139213.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.286837271.0000000002D68000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://update.youngzsoft.com/updatesystem/update.phpCCProxy.exefalse
                • Avira URL Cloud: safe
                		unknown
                http://user.youngzsoft.com/ccproxy/language/csy.iniCCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.285150202.0000000002497000.00000004.00000040.sdmp, is-00336.tmp.1.drfalse
                • Avira URL Cloud: safe
                		unknown
                http://user.youngzsoft.com/ccproxy/language/chs.iniccproxysetup-free.tmp, 00000001.00000003.277421183.0000000005034000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.285150202.0000000002497000.00000004.00000040.sdmp, is-00336.tmp.1.drfalse
                • Avira URL Cloud: safe
                		unknown
                http://user.youngzsoft.com/ccproxy/language/deu.ini/CCProxy.exe, 0000000A.00000003.280139213.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.286837271.0000000002D68000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://user.youngzsoft.com/ccproxDCCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://user.youngzsoft.com/ccproxy/langCCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.innosetup.com/ccproxysetup-free.tmp, ccproxysetup-free.tmp, 00000001.00000000.221342209.0000000000401000.00000020.00020000.sdmp, ccproxysetup-free.tmp.0.drfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://user.youngzsoft.com/active.php?regsoftware=cc&regsn=%sCCProxy.exe, CCProxy.exe, 0000000D.00000002.283505482.0000000000574000.00000002.00020000.sdmp, is-DB5HA.tmp.1.drfalse
                • Avira URL Cloud: safe
                		unknown
                http://cp.youngzsoft.com/is-9JIIE.tmp.1.drfalse
                • Avira URL Cloud: safe
                		unknown
                http://user.youngzsoft.com/ccproxy/lhCCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://user.youngzsoft.com/ccproxy/language/ara.in.CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://user.youngzsoft.com/ccproxy/language/heb.ini/CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000003.280139213.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.286837271.0000000002D68000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://ocsp.thawte.com0ccproxysetup-free.exefalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://user.youngzsoft.com/ccproxy/language/rus.iniccproxysetup-free.tmp, 00000001.00000003.277421183.0000000005034000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000003.284007343.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.285150202.0000000002497000.00000004.00000040.sdmp, is-00336.tmp.1.drfalse
                • Avira URL Cloud: safe
                		unknown
                http://user.youngzsoft.com/ccproxy/laCCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://update.youngzsoft.com/updatesystem/update.php?Upgrade&Silent&CheckUpdate&ProductName=CCProxy&CCProxy.exe, 0000000D.00000002.284917111.0000000000955000.00000004.00000020.sdmp, CCProxy.exe, 0000000D.00000002.285150202.0000000002497000.00000004.00000040.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://user.youngzsoft.com/ccproxy/language/fra.iniccproxysetup-free.tmp, 00000001.00000003.277421183.0000000005034000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000003.284007343.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.285150202.0000000002497000.00000004.00000040.sdmp, is-00336.tmp.1.drfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.HomePageURLHomePageURLHomePageURL.com/?ref=proghttp://www.http://update.youngzsoft.com/upccproxysetup-free.tmp, 00000001.00000003.275716189.0000000004E00000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp, CCProxy.exe, 0000000D.00000002.283505482.0000000000574000.00000002.00020000.sdmp, is-DB5HA.tmp.1.drfalse
                • Avira URL Cloud: safe
                		unknown
                http://user.youngzsoft.com/ccproxy/language/bgr.ini/CCProxy.exe, 0000000A.00000003.280139213.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.286837271.0000000002D68000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://user.youngzsoft.com/ccproxy/language/enu.iniccproxysetup-free.tmp, 00000001.00000003.277421183.0000000005034000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000003.284007343.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000003.277674329.0000000003378000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.285150202.0000000002497000.00000004.00000040.sdmp, is-00336.tmp.1.drfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineccproxysetup-free.exefalse
                  		high
                  http://user.youngzsoft.CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://user.youngzsoft.com/ccproxy/language/trk.iniccproxysetup-free.tmp, 00000001.00000003.277421183.0000000005034000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000003.284007343.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.285150202.0000000002497000.00000004.00000040.sdmp, is-00336.tmp.1.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://user.youngzsoft.com/ccproCCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.ccproxy.com/user.htmccproxysetup-free.tmp, 00000001.00000003.277421183.0000000005034000.00000004.00000001.sdmp, is-KT4QD.tmp.1.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://user.y4I7CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://user.youhCCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://user.youngzsoft.com/ccproxy/language/enu.ini/CCProxy.exe, 0000000A.00000003.277772982.0000000003372000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.286837271.0000000002D68000.00000004.00000001.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.remobjects.com/psUccproxysetup-free.exe, 00000000.00000003.220044616.0000000002490000.00000004.00000001.sdmp, ccproxysetup-free.tmp, 00000001.00000000.221342209.0000000000401000.00000020.00020000.sdmp, ccproxysetup-free.tmp.0.drfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://user.youngzsoft.com/ccproxy/languCCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://user.youngzsoft.com/ccproxy/language/deu.iniccproxysetup-free.tmp, 00000001.00000003.277421183.0000000005034000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000003.284007343.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.285150202.0000000002497000.00000004.00000040.sdmp, is-00336.tmp.1.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.ccproxy.com/is-KT4QD.tmp.1.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://user.youngzsoft.com/ccproxy/language/dCCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://user.youngzsoft.com/ccproxy/language/ita.iniccproxysetup-free.tmp, 00000001.00000003.277421183.0000000005034000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000003.284007343.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.285150202.0000000002497000.00000004.00000040.sdmp, is-00336.tmp.1.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://user.youngzsoft.com/ccCCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://user.youngzsoft.com/ccproxy/langoCCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://user.youngzsoft.com/ccproxy/langu$M7CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://user.youngzsoft.com/ccproxy/language/ara.ini/CCProxy.exe, 0000000A.00000003.280139213.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.286837271.0000000002D68000.00000004.00000001.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.remobjects.com/psccproxysetup-free.exe, 00000000.00000003.220044616.0000000002490000.00000004.00000001.sdmp, ccproxysetup-free.tmp, ccproxysetup-free.tmp.0.drfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://user.youngzsoft.com/ccproxy/language/csy.ini/CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000003.280139213.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.286837271.0000000002D68000.00000004.00000001.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://user.youngzsoft.com/ccproxy/language/esp.ini/CCProxy.exe, 0000000A.00000003.277772982.0000000003372000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000003.284007343.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.286837271.0000000002D68000.00000004.00000001.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://user.youngzsoft.com/ccproxy/language/sve.iniccproxysetup-free.tmp, 00000001.00000003.277421183.0000000005034000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000003.284007343.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.285150202.0000000002497000.00000004.00000040.sdmp, is-00336.tmp.1.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://user.youngzsoft.com/ccproxy/language/trk.ini/CCProxy.exe, 0000000A.00000003.344022918.0000000003375000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000003.277772982.0000000003372000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.286837271.0000000002D68000.00000004.00000001.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://user.youngzsoft.com/ccproxy/language/esp.iniccproxysetup-free.tmp, 00000001.00000003.277421183.0000000005034000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000003.284007343.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.285150202.0000000002497000.00000004.00000040.sdmp, is-00336.tmp.1.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://user.youngzsoftCCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://user.youngzsoft.com/CCProxy.exe, 0000000A.00000003.457744856.0000000003375000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://user.youngzsoft.com/ccproxy/language/hun.iniccproxysetup-free.tmp, 00000001.00000003.277421183.0000000005034000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000003.284007343.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.285150202.0000000002497000.00000004.00000040.sdmp, is-00336.tmp.1.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://user.youngzsoft.com/ccproxy/language/rom.iniccproxysetup-free.tmp, 00000001.00000003.277421183.0000000005034000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000003.284007343.0000000003373000.00000004.00000001.sdmp, CCProxy.exe, 0000000A.00000002.492449325.0000000003370000.00000004.00000001.sdmp, CCProxy.exe, 0000000D.00000002.285150202.0000000002497000.00000004.00000040.sdmp, is-00336.tmp.1.drfalse
                  • Avira URL Cloud: safe
                  		unknown

                  Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public

                  IPDomainCountryFlagASNASN NameMalicious
                  96.126.108.173
                  		update.youngzsoft.comUnited States
                  		63949LINODE-APLinodeLLCUSfalse
                  87.248.100.215
                  		new-fp-shed.wg1.b.yahoo.comUnited Kingdom
                  		34010YAHOO-IRDGBfalse

                  Private

                  IP
                  127.0.0.1

                  General Information

                  Joe Sandbox Version:31.0.0 Emerald
                  Analysis ID:382503
                  Start date:06.04.2021
                  Start time:07:55:18
                  Joe Sandbox Product:CloudBasic
                  Overall analysis duration:0h 10m 30s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Sample file name:ccproxysetup-free.exe
                  Cookbook file name:default.jbs
                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                  Number of analysed new started processes analysed:33
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • HDC enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Detection:SUS
                  Classification:sus20.spyw.evad.winEXE@8/40@3/3
                  EGA Information:
                  • Successful, ratio: 100%
                  HDC Information:
                  • Successful, ratio: 16.1% (good quality ratio 15.9%)
                  • Quality average: 86.3%
                  • Quality standard deviation: 21.3%
                  HCA Information:Failed
                  Cookbook Comments:
                  • Adjust boot time
                  • Enable AMSI
                  • Found application associated with file extension: .exe
                  Warnings:
                  Show All
                  • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, SystemSettings.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, ApplicationFrameHost.exe
                  • Excluded IPs from analysis (whitelisted): 168.61.161.212, 204.79.197.200, 13.107.21.200, 92.122.145.220, 13.88.21.125, 52.255.188.83, 184.30.24.56, 152.199.19.161, 40.127.240.158, 51.11.168.232, 20.50.102.62, 92.122.213.194, 92.122.213.247, 8.241.122.126, 67.27.157.126, 67.27.233.254, 67.26.83.254, 67.27.233.126, 20.54.26.129, 20.82.210.154
                  • Excluded domains from analysis (whitelisted): onecs-live.ec.azureedge.net, arc.msn.com.nsatc.net, store-images.s-microsoft.com-c.edgekey.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, e12564.dspb.akamaiedge.net, www-bing-com.dual-a-0001.a-msedge.net, audownload.windowsupdate.nsatc.net, arc.trafficmanager.net, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, auto.au.download.windowsupdate.com.c.footprint.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, www.bing.com, fs.microsoft.com, dual-a-0001.a-msedge.net, ris-prod.trafficmanager.net, skypedataprdcolcus17.cloudapp.net, e1723.g.akamaiedge.net, settings-win.data.microsoft.com, ctldl.windowsupdate.com, settingsfd-geo.trafficmanager.net, ris.api.iris.microsoft.com, skypedataprdcoleus17.cloudapp.net, onecs-live.azureedge.net, a-0001.a-afdentry.net.trafficmanager.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, skypedataprdcolwus15.cloudapp.net, cs9.wpc.v0cdn.net
                  • Report size exceeded maximum capacity and may have missing behavior information.
                  • Report size exceeded maximum capacity and may have missing disassembly code.
                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                  • Report size getting too big, too many NtOpenKeyEx calls found.
                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                  • Report size getting too big, too many NtQueryValueKey calls found.

                  Simulations

                  Behavior and APIs

                  TimeTypeDescription
                  07:56:32API Interceptor1x Sleep call for process: CCProxy.exe modified
                  07:56:35API Interceptor2x Sleep call for process: SpeechRuntime.exe modified

                  Joe Sandbox View / Context

                  IPs

                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                  87.248.100.215GMMs2zuyG4.exeGet hashmaliciousBrowse
                  • www.yahoo.com/

                  Domains

                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                  new-fp-shed.wg1.b.yahoo.comInformation_76612.xlsbGet hashmaliciousBrowse
                  • 87.248.100.215
                  Attachment_.xlsbGet hashmaliciousBrowse
                  • 87.248.100.216
                  Information.xlsbGet hashmaliciousBrowse
                  • 87.248.100.215
                  GMMs2zuyG4.exeGet hashmaliciousBrowse
                  • 87.248.100.215
                  Info_148977.xlsbGet hashmaliciousBrowse
                  • 87.248.100.215
                  Attachment_145854.xlsbGet hashmaliciousBrowse
                  • 87.248.100.215
                  Attachment_870276.xlsbGet hashmaliciousBrowse
                  • 87.248.100.216
                  Attachment_869999.xlsbGet hashmaliciousBrowse
                  • 87.248.100.216
                  File_868646.xlsbGet hashmaliciousBrowse
                  • 87.248.100.215
                  jvBfrKaF4S.xlsbGet hashmaliciousBrowse
                  • 87.248.100.216
                  oBk9C7JMh9.xlsbGet hashmaliciousBrowse
                  • 87.248.100.215
                  COQV159DNC.xlsbGet hashmaliciousBrowse
                  • 87.248.100.216
                  Hme88zBn1S.xlsbGet hashmaliciousBrowse
                  • 87.248.100.216
                  KEhE6FtKxy.xlsbGet hashmaliciousBrowse
                  • 87.248.100.215
                  70IoRCq1e6.xlsbGet hashmaliciousBrowse
                  • 87.248.100.216
                  Info_147229.xlsbGet hashmaliciousBrowse
                  • 87.248.100.216
                  V3HZtftyV5.xlsbGet hashmaliciousBrowse
                  • 87.248.100.215
                  aJA1Ldh1iR.xlsbGet hashmaliciousBrowse
                  • 87.248.100.214
                  ydgQXSM8op.xlsbGet hashmaliciousBrowse
                  • 87.248.100.216
                  kqGM9McTle.xlsbGet hashmaliciousBrowse
                  • 87.248.100.216

                  ASN

                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                  LINODE-APLinodeLLCUSsample.exeGet hashmaliciousBrowse
                  • 66.228.32.51
                  BnJvVt951o.exeGet hashmaliciousBrowse
                  • 45.33.54.74
                  BnJvVt951o.exeGet hashmaliciousBrowse
                  • 45.33.54.74
                  SMtbg7yHyR.exeGet hashmaliciousBrowse
                  • 45.33.54.74
                  9fdUNaHzLv.exeGet hashmaliciousBrowse
                  • 173.230.145.224
                  Private doc.docmGet hashmaliciousBrowse
                  • 212.71.251.238
                  invoice_document.docmGet hashmaliciousBrowse
                  • 212.71.251.238
                  sample.exe.exeGet hashmaliciousBrowse
                  • 173.230.145.224
                  Document_Opener.exe.14.exeGet hashmaliciousBrowse
                  • 88.80.186.210
                  Audio playback (7656) for joew Camrosa.htmGet hashmaliciousBrowse
                  • 192.81.132.201
                  Paymonth invoice.exeGet hashmaliciousBrowse
                  • 45.79.19.196
                  PO_RFQ007899_PDF.exeGet hashmaliciousBrowse
                  • 45.79.175.190
                  FB11.exeGet hashmaliciousBrowse
                  • 172.105.116.135
                  salescontractv2draft.exeGet hashmaliciousBrowse
                  • 45.56.127.45
                  yxghUyIGb4.exeGet hashmaliciousBrowse
                  • 173.230.145.224
                  TaTYytHaBk.exeGet hashmaliciousBrowse
                  • 45.33.51.71
                  0HvIGwMmBV.exeGet hashmaliciousBrowse
                  • 173.230.145.224
                  pitEBNziGR.exeGet hashmaliciousBrowse
                  • 173.230.145.224
                  aEdlObiYav.exeGet hashmaliciousBrowse
                  • 45.33.54.74
                  1m7388e48E.exeGet hashmaliciousBrowse
                  • 45.79.26.231
                  YAHOO-IRDGBSecuriteInfo.com.Variant.Bulz.385171.11582.exeGet hashmaliciousBrowse
                  • 212.82.100.181
                  Information_76612.xlsbGet hashmaliciousBrowse
                  • 87.248.100.215
                  Attachment_.xlsbGet hashmaliciousBrowse
                  • 87.248.100.216
                  Information.xlsbGet hashmaliciousBrowse
                  • 87.248.100.215
                  GMMs2zuyG4.exeGet hashmaliciousBrowse
                  • 87.248.100.215
                  Info_148977.xlsbGet hashmaliciousBrowse
                  • 87.248.100.215
                  Attachment_145854.xlsbGet hashmaliciousBrowse
                  • 87.248.100.215
                  Attachment_870276.xlsbGet hashmaliciousBrowse
                  • 87.248.100.216
                  Attachment_869999.xlsbGet hashmaliciousBrowse
                  • 87.248.100.216
                  File_868646.xlsbGet hashmaliciousBrowse
                  • 87.248.100.215
                  jvBfrKaF4S.xlsbGet hashmaliciousBrowse
                  • 87.248.100.216
                  oBk9C7JMh9.xlsbGet hashmaliciousBrowse
                  • 87.248.100.215
                  COQV159DNC.xlsbGet hashmaliciousBrowse
                  • 87.248.100.216
                  Hme88zBn1S.xlsbGet hashmaliciousBrowse
                  • 87.248.100.216
                  KEhE6FtKxy.xlsbGet hashmaliciousBrowse
                  • 87.248.100.215
                  70IoRCq1e6.xlsbGet hashmaliciousBrowse
                  • 87.248.100.216
                  Info_147229.xlsbGet hashmaliciousBrowse
                  • 87.248.100.216
                  E848.tmp.exeGet hashmaliciousBrowse
                  • 188.125.73.26
                  Avis de Paiement (1).xlsxGet hashmaliciousBrowse
                  • 212.82.100.176
                  V3HZtftyV5.xlsbGet hashmaliciousBrowse
                  • 87.248.100.215

                  JA3 Fingerprints

                  No context

                  Dropped Files

                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                  C:\Users\user\AppData\Local\Temp\is-E27H8.tmp\_isetup\_setup64.tmpRNuld8RVuz.exeGet hashmaliciousBrowse
                    free-_287894825.exeGet hashmaliciousBrowse
                      setup_660813137.exeGet hashmaliciousBrowse
                        filedata.exeGet hashmaliciousBrowse
                          apmsetup.exeGet hashmaliciousBrowse
                            https://download.extendoffice.com/downloads/OutlookKutools.exeGet hashmaliciousBrowse
                              https://www.driverscape.com/files/DriverToolkitInstaller.exeGet hashmaliciousBrowse
                                http://www.tucows.com/thankyou.html?swid=1597673Get hashmaliciousBrowse
                                  http://www.sesasu-guffh.com/k@dpacyxmn48o/jre-8u201-windows-x64.exeGet hashmaliciousBrowse
                                    http://www.driverscape.com/files/driver_setup.exeGet hashmaliciousBrowse
                                      https://www.specialuninstaller.com:443/SpecialUninstaller_setup.exeGet hashmaliciousBrowse
                                        PDFAnnotatorSetup.exeGet hashmaliciousBrowse
                                          eupanda.exeGet hashmaliciousBrowse
                                            http://cdn.advancedpasswordmanager.com/apm/apst/apmsetup.exeGet hashmaliciousBrowse
                                              pcspsncwros_us3.exeGet hashmaliciousBrowse
                                                Install My Faster PC.exeGet hashmaliciousBrowse

                                                  Created / dropped Files

                                                  C:\CCProxy\CCProxy.ini
                                                  Process:C:\CCProxy\CCProxy.exe
                                                  File Type:ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):37
                                                  Entropy (8bit):4.479195257286955
                                                  Encrypted:false
                                                  SSDEEP:3:LAC6wIEg2VE:0YHy
                                                  MD5:F322B15D39A0AE2B76C619ADD4474E67
                                                  SHA1:6156AAA1C3D1F5CE9402F9BD062155C3D8FF53CE
                                                  SHA-256:6FFFD18E33A543B45083CAE489BC4DD7B8C1F32EDEFE468358E22583DA2ED5C3
                                                  SHA-512:704784F86CACD99DD5840AEA59FDBEDDBC5CD573821C8821CC45E5443FFC6F71920F89B62E9F7919A0423FA972A0BF13C7BF34272B275556BF36407BB4297B88
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview: [System]..Ver=8.0..Language=English..
                                                  C:\CCProxy\Language\Language.ini
                                                  Process:C:\CCProxy\CCProxy.exe
                                                  File Type:ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):26
                                                  Entropy (8bit):4.056020968057882
                                                  Encrypted:false
                                                  SSDEEP:3:l4ywCREg5:lr
                                                  MD5:B3D76B24AB5F375307117C380C729709
                                                  SHA1:27800E5E6F2C54AE4471654054EDC4220D50E3B7
                                                  SHA-256:76923C71D2504B152547B01E64E33224AF51999DC7310B86F2329C815D7ED313
                                                  SHA-512:19F249AC3196E6595CCCBE2AFFB2C9701E493A36E9FCC0143A2073C9F6AEC0B32879CC78F5CF70F6F92B90FFF868AFEDA25260078188BA32AB3E0CF8C8E85A64
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview: [Settings]..Language=ENU..
                                                  C:\CCProxy\Language\is-00336.tmp
                                                  Process:C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmp
                                                  File Type:XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):1915
                                                  Entropy (8bit):5.301911418325706
                                                  Encrypted:false
                                                  SSDEEP:24:JdEdw9/49I99RW9/790YtN9lSJ9Q79Xp5Ef9ej0fP9BbE9/Kzy9EK9mre9h89rZ6:3TM0UR0ksfCZ+leQ9e/KKBhiFE9jmho
                                                  MD5:2047B6AE4EA101B14941D43E80CA8E4D
                                                  SHA1:B97DB78BB23FD62F67106B1C9E7CC49B4A6A8C05
                                                  SHA-256:58491AA04C4000F82BDB17413EDF33A44724F710FA94F54221120D728CCCCC27
                                                  SHA-512:0338042A60D6C9057C375BCD85DAC7DCDD7C45DA32D86739373BBBC97BD4FF7A79E351573FF054EF6000FEF5A5BFE5958456A70A1BFC5560CD15C18226C57C24
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview: .<?xml version="1.0" encoding="utf-8" ?> .. <root> .. Language configuration file -->.. <LANG ITEM="CHS" VALUE="ChineseGB" URL="http://user.youngzsoft.com/ccproxy/language/chs.ini"/>.. <LANG ITEM="CHT" VALUE="ChineseBig5" URL="http://user.youngzsoft.com/ccproxy/language/cht.ini"/>.. <LANG ITEM="ARA" VALUE="Arabic" URL="http://user.youngzsoft.com/ccproxy/language/ara.ini"/>.. <LANG ITEM="BGR" VALUE="Bulgarian" URL="http://user.youngzsoft.com/ccproxy/language/bgr.ini"/>.. <LANG ITEM="CSY" VALUE="Czech" URL="http://user.youngzsoft.com/ccproxy/language/csy.ini"/>.. <LANG ITEM="NLD" VALUE="Dutch" URL="http://user.youngzsoft.com/ccproxy/language/nld.ini"/>.. <LANG ITEM="FRA" VALUE="French" URL="http://user.youngzsoft.com/ccproxy/language/fra.ini"/>.. <LANG ITEM="DEU" VALUE="German" URL="http://user.youngzsoft.com/ccproxy/language/deu.ini"/>.. <LANG ITEM="HEB" VALUE="Hebrew" URL="http://user.youngzsoft.com/ccproxy/language/heb.ini"/>.. <LANG ITEM="ITA" VALUE="Italian" URL="http://user.
                                                  C:\CCProxy\Language\is-16ITM.tmp
                                                  Process:C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmp
                                                  File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):20052
                                                  Entropy (8bit):5.398739367436764
                                                  Encrypted:false
                                                  SSDEEP:384:Tw3duaOpgXi7ba28mBdCRE6TU5zI5ukYR2CdkeHgKSv:Skbp+i7ba28mBdCRZo505zYRjieHtU
                                                  MD5:8969C17415D89F1F0C346680D01CBD39
                                                  SHA1:9BB0C91573993BED58B78097F26B29E79F286BDF
                                                  SHA-256:BD5BA8D3B74511BBBC318F2D46FD1C5B7C9C5EF6BA7CC35BFE1B6B5AF84ED7AB
                                                  SHA-512:9F405297DF804EDA74D3C3DC188E925D09F893B92A6FB4F59843C7A5C0ADEC2EBE632FD661694838038AF5926416041C5FB645A4DF8E5AAEB45492738EE64BB5
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview: .[Info]..Author=Youngzsoft..Email=support@youngzsoft.net..Translators=Tragedy @ SoftVisia.com..Language=Bulgarian....[Language]..HOMEPAGE=http://www.youngzsoft.net/ccproxy/..BUYNOW=http://www.youngzsoft.net/ccproxy/purchase.htm....;Configuration Dialog..Configuration=...........Protocol=...........Local IP Address:=....... IP .......Web Cached=..........Auto Startup=...... ............Auto Hide=...... ..........Remote Dial-up=......... Dial-up..Auto Detect=.............Proxy services=...... ........OK=....Cancel=.......Advanced=...........NT Service=NT ..........;Dial..Dial-up=Dial-........Dial-up Entries=........Dial-up User Name=............. .....Dial-up Password=........Idle disconnect minutes=.......... .... ...(...)..Enable Auto Dial-up=........... .............;Log..Log=........CCPro
                                                  C:\CCProxy\Language\is-5GLGV.tmp
                                                  Process:C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmp
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):15377
                                                  Entropy (8bit):5.172327736973775
                                                  Encrypted:false
                                                  SSDEEP:192:zUPmCFqXW4O58TV2Ds/XOQ5yhCwD1p15FFEkA7HdxjFwV/s5hHiF3CW8rL6uWgCd:1lTV0kIf+sSW8fWNbrO5Q
                                                  MD5:1F00037B674C4DB7E9488DF4E9669834
                                                  SHA1:686AB289809414013B5DCC28EAF0AC225D852717
                                                  SHA-256:6083773A8718C6D30B9BAD2BFD8B356C58369C85AE61125C32D5185F3DEB6E47
                                                  SHA-512:29F7115BB7AE8A526B3F717EE4F64AA1E20B2A4EEF9B505DBB790D752FF46CEF346992350FE5BF3B885B4E04ECEAAD09D66FCED9E553BE7C7EE9AF8F6F9D980B
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview: .[Info]..Author=Youngzsoft..Email=support@youngzsoft.net..Translators=Youngzsoft..Language=Portuguese....[Language]..HOMEPAGE=http://www.youngzsoft.net/ccproxy/..BUYNOW=http://www.youngzsoft.net/ccproxy/purchase.htm....;Configuration Dialog..Configuration=Configura..o...Protocol=Protocolo..Local IP Address:=Endere.o do IP Local..Web Cached=Endere.o do Cache na Web..Auto Startup=Inicio Auto...Auto Hide=Esconde Auto...Remote Dial-up=Discagem Remota..Auto Detect=Detecta Auto...Proxy services=Servi.os de Proxy..OK=OK..Cancel=Cancela..Advanced=Avan.a..NT Service=Servi.o NT....;Dial..Dial-up=Discador..Dial-up Entries=Conex.es Discadas..Dial-up User Name=Nome usu.rio..Dial-up Password=Senha..Idle disconnect minutes=Desc. por inatividade (Min.)..Enable Auto Dial-up=Liga Auto Discagem....;Log..Log=Registra atividade..CCProxy can log every user's information. Please DON'T intercept user's mail without his/her permission.=CCProxy n.o registra nenhuma informa..o do usu.rio. Por Favo
                                                  C:\CCProxy\Language\is-5VV97.tmp
                                                  Process:C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmp
                                                  File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):15272
                                                  Entropy (8bit):5.090115632704539
                                                  Encrypted:false
                                                  SSDEEP:384:iGPjxCU99ZVkQ0LqsBF7cq2hjpwprEYW8Md:iqNlnmqsBF4q2hjAEl
                                                  MD5:0A9263D1047039BEA245CD3AD9FEFCCF
                                                  SHA1:73ABA3726EFBC6675B17CE5740D804AAF144249E
                                                  SHA-256:6CBCCEE6B68C1432EB793CE592872EE729FA5A67E464E20FA37E277CBBB9CF27
                                                  SHA-512:0A664DC0EA6D8DFA967E7272B19DB2AC7AA067846178CA90F4949CD35BBBA67315196CA4BD739689397946522B497DB28462E08C8867854C4F4DBA9833A5A63A
                                                  Malicious:false
                                                  Preview: .[Info]..Author=Youngzsoft..Email=support@youngzsoft.net..Translators=Dempsey van Wissen, Pieter Zandbergen - p.zandbergen@rug.nl..Language=Nederlands....[Language]..HOMEPAGE=http://www.youngzsoft.net/ccproxy/..BUYNOW=http://www.youngzsoft.net/ccproxy/purchase.htm....;Configuration Dialog..Configuration=Configuratie..Protocol=Protocol..Local IP Address:=Lokaal IP Adres:..Web Cached=Web Cached..Auto Startup=Auto start..Auto Hide=Automatisch Verbergen..Remote Dial-up=Inbellen op afstand..Auto Detect=Detecteren..Proxy services=Proxy Services..OK=OK..Cancel=Annuleren..Advanced=Geavanceerd..NT Service=NT Service....;Dial..Dial-up=Inbellen..Dial-up Entries=Inbel Toegang..Dial-up User Name=Inbel Gebruikersnaam..Dial-up Password=Inbel Wachtwoord..Idle disconnect minutes=Verbreek na timeout in min...Enable Auto Dial-up=Auto inbellen aan....;Log..Log=Log..CCProxy can log every user's information. Please DON'T intercept user's mail without his/her permission.=CCProxy kan alle gebruikersinformat
                                                  C:\CCProxy\Language\is-6AVVG.tmp
                                                  Process:C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmp
                                                  File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):16754
                                                  Entropy (8bit):6.116421338742111
                                                  Encrypted:false
                                                  SSDEEP:192:fOWWW4YaUFEvGVwK7Zj6nqmK9IFTuIBxFLJOjgwwckJtp8csjf4k6nSzzJLy6c4n:Dtap4ZyTjLJuYnsjj6S3FypqzxS6H
                                                  MD5:2DB6679754777C5280DF06365D96765D
                                                  SHA1:4BF1282C6A1A0D87DA3C4C2D872651E5D9E6BDB1
                                                  SHA-256:2C1B307965BA29F0248396B74F4AABEB9570AF72B5DF930CF293B5E13EFD915B
                                                  SHA-512:7AFCB031DB90D7AFBE2E947F3DB8CD72077F04912696ED4460024EF7E4EC71602F753FC8AEAEDDA760451F5F7CF5ABDA4C0560ABE589122D3FA2F18F18B2D0A0
                                                  Malicious:false
                                                  Preview: .[Info]..Author=Youngzsoft..Email=support@youngzsoft.net..Translators=Hitoshi Okano - okano@attglobal.net..Language=Japanese....[Language]..HOMEPAGE=http://www.youngzsoft.net/ccproxy/..BUYNOW=http://www.youngzsoft.net/ccproxy/purchase.htm....;Configuration Dialog..Configuration=....Protocol=.......Local IP Address:=....IP......Web Cached=..........Auto Startup=......Auto Hide=......Remote Dial-up=...........Auto Detect=......Proxy services=..........OK=....Cancel=....Advanced=.....NT Service=NT........;Dial..Dial-up=.........Dial-up Entries=...........Dial-up User Name=.............Dial-up Password=..............Idle disconnect minutes=..........Enable Auto Dial-up=.................;Log..Log=....CCProxy can log every user's information. P
                                                  C:\CCProxy\Language\is-8ALJJ.tmp
                                                  Process:C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmp
                                                  File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):17516
                                                  Entropy (8bit):5.17790355587457
                                                  Encrypted:false
                                                  SSDEEP:384:cubOiuFA8IrG18XP0a7fGoJvbuvJz0GbjQxr:cuhnfrGSXP0a7+oJzuvJYGb8
                                                  MD5:4AE8A4893CF498C89B87150145EBDF8F
                                                  SHA1:BB2EE19F5BC6FA76B6427E3885B21982888FB09D
                                                  SHA-256:B53A5032957DB2EB6D248340934C27E9B95C70BE963ACAA36C7B0209231D6B8D
                                                  SHA-512:78B36BEC011EED0726BF8B51B9A52BF2E00B79C998214F15694788AF66B266D9C3D4DCEFFAD70835345778D5CD66A2ED9D6B2FACA593B6BF963FC8C0E61B472E
                                                  Malicious:false
                                                  Preview: .[Info]..Author=Youngzsoft..Email=support@youngzsoft.net..Translators=Jack Gorji - zakgj01@gmail.com..Language=Hebrew....[Language]..HOMEPAGE=http://www.youngzsoft.net/ccproxy/..BUYNOW=http://www.youngzsoft.net/ccproxy/purchase.htm....;Configuration Dialog..Configuration= ........Protocol= ..........Local IP Address:= ..... IP .......Web Cached= ... ........Auto Startup= ...... .........Auto Hide= .... ........Remote Dial-up= .... .......Auto Detect= '..... ......Proxy services= ..... ........OK= ....Cancel= .....Advanced= .......NT Service= .... ..... .........;Dial..Dial-up= ......Dial-up Entries= .... ......Dial-up User Name= .. .......Dial-up Password= .......Idle disconnect minutes= .... ...... ... .......Enable Auto Dial-up= .... .... ..........;Log..Log= .......CCProxy can log every user's information. Pleas
                                                  C:\CCProxy\Language\is-9JIIE.tmp
                                                  Process:C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmp
                                                  File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):14328
                                                  Entropy (8bit):6.356884932143809
                                                  Encrypted:false
                                                  SSDEEP:192:mVKldiRF/j11boczV+PFzPQkFNFhYjW/7GIb+7p17tDQSEwPXunG3szqdY21LU75:mVSnxImNBw7tkwXuJzqdTOiI/Qq
                                                  MD5:439CCCB2404D9414F9398747EE721090
                                                  SHA1:C7DE496B9AAD2206240362FF8CB5A27985F310F0
                                                  SHA-256:436A28506583F9E6655760632344DADBDE45684875D13C9A91706F643B541004
                                                  SHA-512:7809D8F289A8CF92233FDE400BDA2DE10AFCBBE8313FDE99B78F1B0C00EE799678836ABA415A797733C2AFD94834A010FC08AFEA42F1426527478563C478E1FA
                                                  Malicious:false
                                                  Preview: .[Info]..Author=Youngzsoft..Email=support@youngzsoft.net..Translators=Youngzsoft..Language=ChineseGB....[Language]..HOMEPAGE=http://www.ccproxy.com/..BUYNOW=http://www.ccproxy.com/user.htm....;Configuration Dialog..Configuration=....Protocol=....Local IP Address:=........IP..:..Web Cached=......Auto Startup=......Auto Hide=......Remote Dial-up=......Auto Detect=......Proxy services=......OK=....Cancel=....Advanced=....NT Service=NT......;Dial..Dial-up=....Dial-up Entries=......Dial-up User Name=.......Dial-up Password=......Idle disconnect minutes=........(..)..Enable Auto Dial-up=..........;Log..Log=....CCProxy can log every user's information. Please DON'T intercept user's mail without his/her permission.=CCProxy.................................Log session selection
                                                  C:\CCProxy\Language\is-BQDHQ.tmp
                                                  Process:C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmp
                                                  File Type:UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):16238
                                                  Entropy (8bit):5.3633931535073565
                                                  Encrypted:false
                                                  SSDEEP:384:j7t8wo2d2snzOlkl+NZgtmz4csLnPqJ2i:NRn6bRja0
                                                  MD5:97926390EA4C8D3661424B8408234842
                                                  SHA1:D1635C54F2698E850B6571FE030AB1F6D27DB133
                                                  SHA-256:CA8559B7E7E992FE5F50F90ADE863734B1CF52790C7E5B33875CADF2558175B0
                                                  SHA-512:1E141EAC92778F992249D249C2DBEC868D8D080075E134A2129D02A3D9417B9FF1B0A1891E85657168AE7DCE0BF3F81E6FDB5B59B572281C966E40D2ADF3C784
                                                  Malicious:false
                                                  Preview: .[Info]..Author=Youngzsoft..Email=support@youngzsoft.net..Translators=Burak Yavuz - hitowerdigit@hotmail.com..Language=Turkish....[Language]..HOMEPAGE=http://www.youngzsoft.net/ccproxy/..BUYNOW=http://www.youngzsoft.net/ccproxy/purchase.htm....;Configuration Dialog..Configuration=Yap.land.rma..Protocol=Protokol..Local IP Address:=Yerel IP Adresi:..Web Cached=Web .nbellekleme..Auto Startup=Otomatik Ba.latma..Auto Hide=Otomatik Gizle..Remote Dial-up=Uzak .evirmeli..Auto Detect=Otomatik Alg.la..Proxy services=Vekil sunucu hizmetleri..OK=TAMAM..Cancel=.ptal..Advanced=Geli.mi...NT Service=NT Hizmeti....;Dial..Dial-up=.evirmeli..Dial-up Entries=.evirmeli Giri.leri..Dial-up User Name=.evirmeli Kullan.c. Ad...Dial-up Password=.evirmeli Parolas...Idle disconnect minutes=Bo.ta ba.lant. kesme dakikas...Enable Auto Dial-up=Otomatik .evirmeli etkin....;Log..Log=G.nl.k..CCProxy can log every user's information. Please DON'T intercept user's mail without his/her permission.
                                                  C:\CCProxy\Language\is-C0C3F.tmp
                                                  Process:C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmp
                                                  File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):27706
                                                  Entropy (8bit):3.715925312019594
                                                  Encrypted:false
                                                  SSDEEP:768:aIFmVPPfNCudZthKKd+BGxiwykvNHog81qj:JkdNcPrg818
                                                  MD5:B523378CAB66F7C3F3242942FDAAA077
                                                  SHA1:7FE8DB9A268CDB972E5203CE52891AA67B4081E0
                                                  SHA-256:8462329E1E14C1EC234E171C03E96845AFE463B150ADE488F44B2A872C3925F8
                                                  SHA-512:35CB7739DF597F6476A9CA1D05B05D4299BC0935F7BC3B9570A8303F88294BCA20972252EBFDA882885454F015A188A078336B117DE25FD7BD43A60F26EAA289
                                                  Malicious:false
                                                  Preview: ..[.I.n.f.o.].....A.u.t.h.o.r.=.Y.o.u.n.g.z.s.o.f.t.....E.m.a.i.l.=.s.u.p.p.o.r.t.@.y.o.u.n.g.z.s.o.f.t...n.e.t.....T.r.a.n.s.l.a.t.o.r.s.=.L.u.k.a.s. .K.y.s.e.l.a. .-. .t.r.u.e.f.r.i.e.n.d...c.z.@.g.m.a.i.l...c.o.m.....L.a.n.g.u.a.g.e.=.C.z.e.c.h.........[.L.a.n.g.u.a.g.e.].....H.O.M.E.P.A.G.E.=.h.t.t.p.:././.w.w.w...y.o.u.n.g.z.s.o.f.t...n.e.t./.c.c.p.r.o.x.y./.....B.U.Y.N.O.W.=.h.t.t.p.:././.w.w.w...y.o.u.n.g.z.s.o.f.t...n.e.t./.c.c.p.r.o.x.y./.p.u.r.c.h.a.s.e...h.t.m.........;.C.o.n.f.i.g.u.r.a.t.i.o.n. .D.i.a.l.o.g.....C.o.n.f.i.g.u.r.a.t.i.o.n.=.K.o.n.f.i.g.u.r.a.c.e.....P.r.o.t.o.c.o.l.=.P.r.o.t.o.k.o.l.....L.o.c.a.l. .I.P. .A.d.d.r.e.s.s.:.=.L.o.k...l.n... .I.P. .A.d.r.e.s.a.....W.e.b. .C.a.c.h.e.d.=.C.a.c.h.o.v...n... .s.t.r...n.e.k.....A.u.t.o. .S.t.a.r.t.u.p.=.S.p.u.a.t...n... .p.o. .s.t.a.r.t.u. .P.C.....A.u.t.o. .H.i.d.e.=.S.k.r...t. .p.o. .s.t.a.r.t.u.....R.e.m.o.t.e. .D.i.a.l.-.u.p.=.V.z.d...l.e.n... .v.y.t.....e.n.......A.u.t.o. .D.e.t.e.c.t.=.A.u.t.o.d.e.t.e.k.c.e.....
                                                  C:\CCProxy\Language\is-EADC1.tmp
                                                  Process:C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmp
                                                  File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):15852
                                                  Entropy (8bit):5.13891566122623
                                                  Encrypted:false
                                                  SSDEEP:192:BSEAYCzyvU8F1Y9ZXUgB2N2QSV+uC42ZcUFgu6Ejowtc69qZ4oWWaNC+mr3E88iX:ErrzyvTs9+GLV+uC4q3c69chafOcMd
                                                  MD5:A93D22915BEA75B3B0BD2BF0B7BE9537
                                                  SHA1:A46615F771E938EBE39A281EDCFFE00738058D7B
                                                  SHA-256:DA01873B6A6B85E28A86FD1E6EDF1F2AAE0BB71B033E901179355B224C251486
                                                  SHA-512:6386B00BC6CD074CA08ACE251DABB3D705EC481A74E05E7C6664A1CC43C38F973E494D4309DD7B719FEDEAC27098D80D3173FB48CB6B0B59D12733780A8DEF11
                                                  Malicious:false
                                                  Preview: .[Info]..Author=Youngzsoft..Email=support@youngzsoft.net..Translators=Nicolae Bogdan, Petru Giumanca - petru.giumanca@itsg.ro..Language=Rom.n.....[Language]..HOMEPAGE=http://www.youngzsoft.net/ccproxy/..BUYNOW=http://www.youngzsoft.net/ccproxy/purchase.htm....;Configuration Dialog..Configuration=Configurare..Protocol=Protocol..Local IP Address:=Adres. Ip local.:..Web Cached=Copie temp. rap. pt. Web..Auto Startup=Pornire automat...Auto Hide=Autoascundere..Remote Dial-up=Linie comutata la dist...Auto Detect=Autodetectare..Proxy services=Servicii Proxy..OK=OK..Cancel=Anuleaz...Advanced=Avansate..NT Service=Serviciu NT....;Dial..Dial-up=Linii comutate..Dial-up Entries=Conturi pe Linii comutate..Dial-up User Name=Utilizator linie comutat...Dial-up Password=Parol. linie comutat...Idle disconnect minutes=Decon. dup. min. de inact...Enable Auto Dial-up=Activare autoformare....;Log..Log=Jurnal..CCProxy can log every user's information. Please DON'T intercept user's mail without his/
                                                  C:\CCProxy\Language\is-EVTPC.tmp
                                                  Process:C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmp
                                                  File Type:UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):16037
                                                  Entropy (8bit):5.077960897454009
                                                  Encrypted:false
                                                  SSDEEP:192:ObTlte351rhaNfeXgXuUrGa1AxXFF2zoNjNxwTEOb45JFiqXd1HMFIQpRR+s9IBu:eqPra3OP1v1cR4ZSm+
                                                  MD5:EF2FA4BA808B51DE5901803D5255FD53
                                                  SHA1:0D05E135422999FF14C974914BC07EAA0560057A
                                                  SHA-256:E0E30FDBF25BB7ED164FACE70A1870112AF2AD419D0D25B269447EDDD8A95240
                                                  SHA-512:0F74A78BDD4E5BEDEF5462084364BD63B51EC7E045CC72C37F6016D378D2079841BEFDB60E7C7C1147EEDC14355126E4E94B1516D225E9A0F7D5AAD46833CC3E
                                                  Malicious:false
                                                  Preview: .[Info]..Author=Youngzsoft..Email=support@youngzsoft.net..Translators=Roberto Rivera L...Language=Spanish....[Language]..HOMEPAGE=http://www.youngzsoft.net/ccproxy/..BUYNOW=http://www.youngzsoft.net/ccproxy/purchase.htm....;Configuration Dialog..Configuration=Configuraci.n..Protocol=Protocolo..Local IP Address:=Direcci.n IP Local..Web Cached=Cache Web..Auto Startup=Inicio Autom.tico..Auto Hide=Esconder Automaticamente..Remote Dial-up=Marcado Autom.tico..Auto Detect=Autodetectar..Proxy services=Servicios Proxy..OK=Aceptar..Cancel=Cancelar..Advanced=Avanzado..NT Service=Servicio NT....;Dial..Dial-up=Marcado..Dial-up Entries=Listado de Conexiones..Dial-up User Name=Nombre de Usuario..Dial-up Password=Contrase.a..Idle disconnect minutes=Desconexi.n en IDLE (Min.)..Enable Auto Dial-up=Habilitar Auto Marcado....;Log..Log=Registro de Actividades..CCProxy can log every user's information. Please DON'T intercept user's mail without his/her permission.=CCProxy puede llevar un registro de
                                                  C:\CCProxy\Language\is-GATN0.tmp
                                                  Process:C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmp
                                                  File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):20516
                                                  Entropy (8bit):5.3126171598685215
                                                  Encrypted:false
                                                  SSDEEP:384:N+RP4/yTZRTlGZ2D7Q4k9M5A2rpeIwdOZNGkIHtZ:gRP4KTZdM4k94A2rphpPGkIb
                                                  MD5:E1DEAA5F3FD25FFDF63A576F6B934DBF
                                                  SHA1:BC1DFBC9A48D2422FC1C193F4DC742FC456D5651
                                                  SHA-256:102F8E3D687B85BF6A784DBEEEF186CA35E3CF2068824103CF222F599B8F8F63
                                                  SHA-512:67EDF285AF4AA16B5CA955EEA2DAEEF9812C62E7BB8C18ED553422926F7E26919751336460D8A696030719BAE18970186E2CF290E140F77D4F99D421E816FF74
                                                  Malicious:false
                                                  Preview: .[Info]..Author=Youngzsoft..Email=support@youngzsoft.net..Translators=Sameer B. Mohammed - smohammed@almutlaqholding.com..Language=Arabic....[Language]..HOMEPAGE=http://www.youngzsoft.net/ccproxy/..BUYNOW=http://www.youngzsoft.net/ccproxy/purchase.htm....;Configuration Dialog. .... .......Configuration=.........Protocol=..........Local IP Address:= ...... IP .......Web Cached=... ........Auto Startup=... ....... ..........Auto Hide=..... ........Remote Dial-up=.... ..... .........Auto Detect=... ........Proxy services=..... ........OK=.......Cancel=.......Advanced=........NT Service=NT ........;Dial. .......Dial-up=..... .........Dial-up Entries=....... ....... ........Dial-up User Name=..... ....... ... ..........Dial-up Password=..... ....... .... ........Idle disconnect m
                                                  C:\CCProxy\Language\is-GUSO1.tmp
                                                  Process:C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmp
                                                  File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):7940
                                                  Entropy (8bit):5.1222918761851925
                                                  Encrypted:false
                                                  SSDEEP:192:wxR2xlOx3jsrpjDs/9F6/Pj6tlRMkJ0szBANZAAJBAk4IjLgXYtx:ZCO3s/zBzRMkyADAJBV4cD
                                                  MD5:0229ED457483A9B4FE337CD5951567E8
                                                  SHA1:8BE53CD5F9CD220FAF64B1D79921742996B245A5
                                                  SHA-256:67DDDB6E829AE58531C822753ACB6DC7EC4F32E0B2FB70A06AB96CD05E02192F
                                                  SHA-512:D10CA03EACD1195E4A263857719BFC03E97BAB6E4B040A363CDE3EEB131E31E7ACA35BF8A1E452878B5F49AC9C011EFD003B805CF5B62B8C1024E0055FBFA625
                                                  Malicious:false
                                                  Preview: .[Info]..Author=Youngzsoft..Email=support@youngzsoft.net..Translators=Youngzsoft..Language=English....[Language]..HOMEPAGE=http://www.youngzsoft.net/ccproxy/..BUYNOW=http://www.youngzsoft.net/ccproxy/purchase.htm....;Configuration Dialog..Configuration=..Protocol=..Local IP Address:=..Web Cached=..Auto Startup=..Auto Hide=..Remote Dial-up=..Auto Detect=..Proxy services=..OK=..Cancel=..Advanced=..NT Service=....;Dial..Dial-up=..Dial-up Entries=..Dial-up User Name=..Dial-up Password=..Idle disconnect minutes=..Enable Auto Dial-up=....;Log..Log=..CCProxy can log every user's information. Please DON'T intercept user's mail without his/her permission.=..Log session selection=..Request URL=..Mail Info=..Outgoing Mails=..Maximum Lines=..Clear Logs=..Save Logs to File=..Export Excel=..New Log Daily=..Flow Stats Time Interval(m)=..Enable Flow Stats=..Flow Stats=..Picture Info=..Web Title Info=....;Mail..Mail=..Primary DNS=..Secondary DNS=..Maximum Tries=..Time Interval Before Next Try=..Minut
                                                  C:\CCProxy\Language\is-I47DC.tmp
                                                  Process:C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmp
                                                  File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):16056
                                                  Entropy (8bit):5.127721237831992
                                                  Encrypted:false
                                                  SSDEEP:384:c36BTMQWndY89JXtW0tAPQsJLHM/+3Z8plO6z9qNm:zTZWdY89JXt9tAPQs9HM/+3Z8HFz9V
                                                  MD5:16EB4E0DA099746D108F058F0D1FA6AC
                                                  SHA1:844552C0093B25FF3388D72110214557B319C6A3
                                                  SHA-256:140C289F24985C80C516645584581B31FEE53458B71EA3F1DDCC835D49599C90
                                                  SHA-512:98098A66E343E4F8B2BEE17F28D4D112BAB9E62EB8892668C332E72C8E6C2EE583912D57314054C068118669AAD64CBE238A47DBECA83EA8DD25001D479A9033
                                                  Malicious:false
                                                  Preview: .[Info]..Author=Youngzsoft..Email=support@youngzsoft.net..Translators=Christophe NGUYEN - Christophe.NGUYEN@jl-investments.com..Language=French....[Language]..HOMEPAGE=http://www.youngzsoft.net/ccproxy/..BUYNOW=http://www.youngzsoft.net/ccproxy/purchase.htm....;Configuration Dialog..Configuration=Configuration..Protocol=Protocole..Local IP Address:=Adresse IP locale :..Web Cached=Cache Web..Auto Startup=D.marrage Auto..Auto Hide=Auto Masquer..Remote Dial-up=Connexion . Distance..Auto Detect=Autod.tect...Proxy services=Services Proxy..OK=Accepter..Cancel=Annuler..Advanced=Avanc...NT Service=Service NT....;Dial..Dial-up=Connecter..Dial-up Entries=Listes Connexions..Dial-up User Name=Nom Utilisateur..Dial-up Password=Mot de passe..Idle disconnect minutes=D.connexion si Inactivit. (mn)..Enable Auto Dial-up=Activer Connexion Auto....;Log..Log=Journal..CCProxy can log every user's information. Please DON'T intercept user's mail without his/her permission.=CCProxy peut enregistrer les
                                                  C:\CCProxy\Language\is-J6NOI.tmp
                                                  Process:C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmp
                                                  File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):20109
                                                  Entropy (8bit):5.426726169317967
                                                  Encrypted:false
                                                  SSDEEP:384:LfGXU/wBHCNhXY7mHpbIN2IY07zUU3JLIDuWzTFD:oLCNhXY7mHpbIN2Ij7ztLIDuy1
                                                  MD5:912B8FF8188D5EA4BCEC539281358450
                                                  SHA1:240B7D91A05D89C39AF552A1EBCCF7F66CF7B842
                                                  SHA-256:D1CC43537F5FD4E90898B7B44994A1CFA597DAEDC7A975BE5873A682E5B444EF
                                                  SHA-512:EFA1390D3C02A8940872EFA658333C4C17F4B45AD37BE8321C4883C2646E4979E3663930529B8E3C8114E0D3CA2EFC6AB83B32D6148A837687E8AC8A975AAAE5
                                                  Malicious:false
                                                  Preview: .[Info]..Author=Youngzsoft..Email=support@youngzsoft.net..Translators=Stas ......... ........ - 2972373@gmail.com..Language=Russian....[Language]..HOMEPAGE=http://www.youngzsoft.net/ccproxy/..BUYNOW=http://www.youngzsoft.net/ccproxy/purchase.htm....;Configuration Dialog..Configuration=..............Protocol=..........Local IP Address:=......... IP .......Web Cached=............Auto Startup=............Auto Hide=...... ...........Remote Dial-up=..... Dial-up..Auto Detect=......Proxy services=........OK=....Cancel=..........Advanced=........NT Service=..........;Dial..Dial-up=.......Dial-up Entries=............Dial-up User Name=..............Dial-up Password=........Idle disconnect minutes=......... ..... (.....)..Enable Auto Dial-up=..................;Log..Log=.....CCProxy can log every user's in
                                                  C:\CCProxy\Language\is-KBJHI.tmp
                                                  Process:C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmp
                                                  File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):15122
                                                  Entropy (8bit):5.192120779974727
                                                  Encrypted:false
                                                  SSDEEP:384:5kIrM+yqe+xWHmRv8XT2VeMkdO89xiEUwfv2x8A6:2axCmR2Mw9xinwfv2x8t
                                                  MD5:28CF068F639AF5DF2817713642984A7F
                                                  SHA1:F8F1EF86F258F0DE9E43AC7A9E032BA6F37A4120
                                                  SHA-256:09E3364433481169B68148595A0AB4E9A9B19BE197FB14E9C942C8911ABE0AA6
                                                  SHA-512:964745F9CF174A00F6C92AA43EA13D5ADF0E7AB46C328B51F221224067929C3832AE7CB6BE28E96802E0AD784F87B715A007547265171EB9975787931C8B8C50
                                                  Malicious:false
                                                  Preview: .[Info]..Author=Youngzsoft..Email=support@youngzsoft.net..Translators=Charlie Simonsson - c.simonsson1@gmail.com..Language=Swedish....[Language]..HOMEPAGE=http://www.youngzsoft.net/ccproxy/..BUYNOW=http://www.youngzsoft.net/ccproxy/purchase.htm....;Configuration Dialog..Configuration=Inst.llningar..Protocol=protokoll..Local IP Address:=Lokal IP Adress..Web Cached=Web Cached..Auto Startup=Starta Automatiskt..Auto Hide=G.m automatiskt..Remote Dial-up=Remote uppringning..Auto Detect=Automatisk..Proxy services=Proxy service..OK=Ok..Cancel=Avsluta..Advanced=Avancerat..NT Service=NT Service....;Dial..Dial-up=Ring upp..Dial-up Entries=Upp ringnins intr.de ..Dial-up User Name=Ring upp andv.ndarnamn..Dial-up Password=Anslutnings L.senord..Idle disconnect minutes=Vid overksamhet koppla ner minut(er)..Enable Auto Dial-up=Till.t Automatisk uppringning....;Log..Log=Log..CCProxy can log every user's information. Please DON'T intercept user's mail without his/her permission.=CCProxy kan logga
                                                  C:\CCProxy\Language\is-KT4QD.tmp
                                                  Process:C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmp
                                                  File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):14104
                                                  Entropy (8bit):6.375406076389016
                                                  Encrypted:false
                                                  SSDEEP:192:bKYfLfeVWhL+YZqN1wvK0XkC+z6lF7ICo5jSg9E1iabRHF2q0SvKpYK6/2/wzkC0:5nEIXeeBLgoIqBKIzTqXl
                                                  MD5:DD4B20431BA3EDEFF50000A866F257B4
                                                  SHA1:05F72B11633687B6BF69FCED49193781F6363FAF
                                                  SHA-256:720974368EE77422A4867671953E1C5E8D3423AD04770CA67B3D54CAE9FF08CA
                                                  SHA-512:28362655A3D1C8742798901C4484CD41E9E556CB9A823F8ED24E7C739BC75AF87A483A3B0F54331ADBE20DD23A3711F22397B096C5E531F848F77E9FCC43856C
                                                  Malicious:false
                                                  Preview: .[Info]..Author=Youngzsoft..Email=support@youngzsoft.net..Translators=Youngzsoft..Language=ChineseBig5....[Language]..HOMEPAGE=http://www.ccproxy.com/..BUYNOW=http://www.ccproxy.com/user.htm....;Configuration Dialog..Configuration=....Protocol=....Local IP Address:=........IP..:..Web Cached=......Auto Startup=......Auto Hide=......Remote Dial-up=......Auto Detect=......Proxy services=......OK=....Cancel=....Advanced=....NT Service=NT......;Dial..Dial-up=....Dial-up Entries=......Dial-up User Name=.......Dial-up Password=......Idle disconnect minutes=........(..)..Enable Auto Dial-up=..........;Log..Log=....CCProxy can log every user's information. Please DON'T intercept user's mail without his/her permission.=CCProxy..................................Log session sele
                                                  C:\CCProxy\Language\is-MJLA0.tmp
                                                  Process:C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmp
                                                  File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):14861
                                                  Entropy (8bit):5.08261075423635
                                                  Encrypted:false
                                                  SSDEEP:384:Qir5xSK/NwNOgL3M9NdmlnV9pv/2j+LrX197CIO:Rr513Kmd6nRvejOrXs
                                                  MD5:FB2A0BB796DBD04E46AC893A1F442E57
                                                  SHA1:97F9F0089A99255DCD198D87B631A56B3B624651
                                                  SHA-256:1E2D8EDB14119815D63A1A4B348795025160F97B4E7DBE6BB9225B944B037D6E
                                                  SHA-512:29B4AE708FE5972DDA61D07241127B789525BA9822D01868FE2263BAB1E4F3CE340479B506AD897B93C4CF913578A5BDC28E4882A0C172522CD2817BFEC45645
                                                  Malicious:false
                                                  Preview: .[Info]..Author=Youngzsoft..Email=support@youngzsoft.net..Translators=ZaX, Simone Scartapatti - simone@mc2net.it..Language=Italian....[Language]..HOMEPAGE=http://www.youngzsoft.net/ccproxy/..BUYNOW=http://www.youngzsoft.net/ccproxy/purchase.htm....;Configuration Dialog..Configuration=Confgurazione..Protocol=Protocollo..Local IP Address:=IP Locale..Web Cached=Web Cache..Auto Startup=Auto Startup..Auto Hide=Auto nascondi..Remote Dial-up=Remote dial-up..Auto Detect=Auto Detect..Proxy services=Servizi Proxy..OK=OK..Cancel=Annulla..Advanced=Avanzato..NT Service=servizio NT ....;Dial..Dial-up=Dial-UP..Dial-up Entries=Dial-up Elenco..Dial-up User Name=Dial-up utente..Dial-up Password=Dial-up password..Idle disconnect minutes=Pausa disconnessione (min.)..Enable Auto Dial-up=Abil. Auto Dial-UP....;Log..Log=Log..CCProxy can log every user's information. Please DON'T intercept user's mail without his/her permission.=CCproxy puo' loggare qualsiasi info utente. Non intercettare lui/lei senza perm
                                                  C:\CCProxy\Language\is-PQKN1.tmp
                                                  Process:C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmp
                                                  File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):15575
                                                  Entropy (8bit):5.1609490874147435
                                                  Encrypted:false
                                                  SSDEEP:384:BTSqh3AybWr3N1aYIF+gxhL9tuWl7S1b2u:sqh3Fb23N1aYIFvhL77l7S1bv
                                                  MD5:ED7FBAB970CA4C62341B8FFCF642CA76
                                                  SHA1:CEF6CF97C2931321A9C104A8C2E21BB07134F7F4
                                                  SHA-256:16A699532FAE6E19FAAA82586363257883F28B54AED1BEE59DAC3B5F2856A6D6
                                                  SHA-512:CD57EECB23C9F08A986D309DF835ED26CC8EBA13727694B7571E4020F102E866469EA6E6C0447252DA58EFB4E9A8A91F93E9EFF0FE4A5B245F4AF81048161F9C
                                                  Malicious:false
                                                  Preview: .[Info]..Author=Youngzsoft..Email=support@youngzsoft.net..Translators=Ingo Baitinger - it@morcher.com..Language=German....[Language]..HOMEPAGE=http://www.youngzsoft.net/ccproxy/..BUYNOW=http://www.youngzsoft.net/ccproxy/purchase.htm....;Configuration Dialog..Configuration=Konfiguration..Protocol=Protokoll..Local IP Address:=Lokale IP Adresse:..Web Cached=Web Cached..Auto Startup=Autostart..Auto Hide=Automatisch verbergen..Remote Dial-up=Df?..Auto Detect=Auto Detect..Proxy services=Proxy Dienste..OK=OK..Cancel=Abbrechen..Advanced=Erweitert..NT Service=NT Dienst....;Dial..Dial-up=Df?..Dial-up Entries=Df?Eintr.ge..Dial-up User Name=Df?Benutzername..Dial-up Password=Df?Passwort..Idle disconnect minutes=Automatisch trennen..Enable Auto Dial-up=Automatisch w.hlen....;Log..Log=Log..CCProxy can log every user's information. Please DON'T intercept user's mail without his/her permission.=CCProxy kann jede Benutzerinformation aufzeichnen. Bitte fangen Sie keine Mails ab, ohne die Erlaubnis de
                                                  C:\CCProxy\Language\is-S9QTV.tmp
                                                  Process:C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmp
                                                  File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):15336
                                                  Entropy (8bit):5.35892320878332
                                                  Encrypted:false
                                                  SSDEEP:192:78ifmB6hcNrU6RJ8AHBoYYn4CFsGKMMPbPfVnjbErhfMABGdnKQuEUl1afKobGDF:4iCj2YBkmWBGdnxuEY8bGDcnUgIoRi
                                                  MD5:69ACB8861703791DFECF667CB4C96A4E
                                                  SHA1:37617F8B5C7958E30AE295EBE57EF688D2027758
                                                  SHA-256:FC6213BA645D9F7052F875DA5AA3490E11358197DDACE35719798442D5AE0CA6
                                                  SHA-512:725F8B21DBB074E6B3B84EACFBD685D8C0DC45F5C864F36CC4E9AE98F43C1E2DEBD896763181E74F01E1D45AB34A6A461FC79526B28A688C0959DBD2D372EFCF
                                                  Malicious:false
                                                  Preview: .[Info]..Author=Youngzsoft..Email=support@youngzsoft.net..Translators=Zoltan Lerner - lerner.zoltan@gmail.com..Language=Hungarian....[Language]..HOMEPAGE=http://www.youngzsoft.net/ccproxy/..BUYNOW=http://www.youngzsoft.net/ccproxy/purchase.htm....;Configuration Dialog..Configuration=Be.ll.t.sok..Protocol=Protokoll..Local IP Address:=Saj.t IP c.m..Web Cached=Web Cached..Auto Startup=Automatikus ind.t.s..Auto Hide=Automatikus elrejt.s..Remote Dial-up=T.voli becsatlakoz.s..Auto Detect=Automatikus..Proxy services=Proxy szolg.ltat.sok..OK=Ok..Cancel=M.gsem..Advanced=Halad...NT Service=Szolg.ltat.sk.nt fut....;Dial..Dial-up=Bet.rcs.z.s..Dial-up Entries=Lehet.s.gek ..Dial-up User Name=Felhaszn.l...Dial-up Password=Jelsz...Idle disconnect minutes=Inakt.v kapcsolat bont.sa (perc)..Enable Auto Dial-up=Automatikus bet.rcs.z.s....;Log..Log=Napl.z.s..CCProxy can log every user's information. Please DON'T intercept user's mail without his/her permission.="Be.ll.t.
                                                  C:\CCProxy\is-DB5HA.tmp
                                                  Process:C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmp
                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):2624880
                                                  Entropy (8bit):6.481973869333744
                                                  Encrypted:false
                                                  SSDEEP:49152:uEEUGD4SUc35nDx1qbhMyM/2EZzhLTkyyA0N:uEEUspD9nqbhE2EN6A0N
                                                  MD5:3E0C02558BDF66E0A14F463013BB0F26
                                                  SHA1:63E30941E8F5C4FBF3E8DDF320A353799C71566E
                                                  SHA-256:4996A85A864A918A02DE4B5D7DF9C760D767195976E35372EA74B58C37ED9281
                                                  SHA-512:E4BDD13ACF5314B0A6F7875C35F8AFFB763E48D54E4629C873AA7CA43839B4FBC6103DE60A08AE1D16D5ECE56795710C51EAEB1BB52B1726306FBC11E57DB142
                                                  Malicious:false
                                                  Antivirus:
                                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............O..O..O.(.]..O......O...^..O...H.@O...B..O..O.RM......O...O.kO..._..O...Z..O.Rich.O.................PE..L....}.W................."...........w.......@....@...........................,.....(.(...............................................!.0.............'.p............L...............................X..@............@..l.......@....................text....!.......".................. ..`.rdata.......@.......&..............@..@.data...8....0...Z..................@....rsrc...0.....!......p..............@..@........................................................................................................................................................................................................................................................................................................................................................
                                                  C:\CCProxy\is-HNGLT.tmp
                                                  Process:C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmp
                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):714612
                                                  Entropy (8bit):6.525454021651861
                                                  Encrypted:false
                                                  SSDEEP:12288:iQszP8NRMXpc/rPx37/zHBA66pE+4p1YR71CERdH6rN9by7HaOMe3mxyFz:iQQP8YXpc/rPx37/zHBA6plp+51CErzb
                                                  MD5:3FCB9A5103199CE8C074967D4FE35C9C
                                                  SHA1:79C478201028FCCFA4ACF4A5E44946CAAC510566
                                                  SHA-256:6F9F9D97941FA3F3957AE7FDA3E140E1E0E075D68FE550A663379AE053EAA596
                                                  SHA-512:714DBC78FFBAC2A69D981498E23E580373B535DC96DF283FC49CF870CB5BE2FB95CBC2C9D2717D05CE5D0934090F7A7EBEE3FEDC5535916DC5FDCAA3FDD000FD
                                                  Malicious:false
                                                  Preview: MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.........................................@.................................q............@...............................%......................p.................................... ......................................................CODE....,........................... ..`DATA................................@...BSS......................................idata...%.......&..................@....tls.....................................rdata....... ......................@..P.reloc..(....0......................@..P.rsrc...............................@..P.....................Z..............@..P........................................................................................................................................
                                                  C:\CCProxy\is-PB6KE.tmp
                                                  Process:C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmp
                                                  File Type:ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):6388
                                                  Entropy (8bit):4.877234836218214
                                                  Encrypted:false
                                                  SSDEEP:96:CYN1wJP4DzGJwaT4L1NYsDEAhKYrYg5zw42xuJ7s50T+:C62JPmzGJwaT4L/HDEAzR5U4L9s5o+
                                                  MD5:BE69F04430A652B6853F6313A34F9A24
                                                  SHA1:9BEAC1DF4022687DD96B94BB8D91045474C59F7F
                                                  SHA-256:2EB7E541B7D70F2F416ED7F01A39F5B30C3666C1AA4C3FEE5391FBDC887ED178
                                                  SHA-512:A17334C3F6CF164195B72B631A2CD851128EBBF268673D82D7448A1A9FBB68479DC64B5AB0895618B7B7C6017B9D5025F826052FE7BC1A152DEC73F0D39B0890
                                                  Malicious:false
                                                  Preview: 20160722..* fixed a bug of "Log Analysis" function..* optimized "website filter" function..* added support for setting verification times for client..* added support for monitoring current website of client....20160615..* optimized tool tips content..* optimized registration function..* fixed a bug in GZipDecode..* added Support for exporting traffic details in CSV format..* added Hungarian Language....20160503..* optimized the "Dial-up" function..* optimized the application performance..* optimized the "Remote Admin" function..* optimized the SMTP proxy..* optimized the Hyper links..* optimized the "Uninstall" function..* fixed issue with Uninstallation of CCProxy when set as NT Service....20160202..* fix a bug of dialup function in xp..* optimize the http proxy....20160105..* optimize the "Active" function..* optimize auto upgrade function..* optimize socks5 proxy..* fix a bug in saving stream data to log.dat..* optimize the "Export Excel" function....20151009..* add "Active" functio
                                                  C:\CCProxy\unins000.dat
                                                  Process:C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmp
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):5299
                                                  Entropy (8bit):4.556443290748934
                                                  Encrypted:false
                                                  SSDEEP:96:fR2WU/4PYbblSng4SL7ICSss/LnOZ9fC6m2WuwijmoqLb5b:5XOSg4CICSsAneSr3HN
                                                  MD5:9BDC2AC574216D3B812F650E4941CBBB
                                                  SHA1:96E06A793B7AB22AC69FC57B86AA712E79B2F2AB
                                                  SHA-256:93F5A43F0658743AF57F7BB0C3D9A3C0F597D8014D29154C282C25495E7059F4
                                                  SHA-512:A0D3399F778EB3251B73980E7F3F5D2209DF2E7920D0047949E342F2DB403FB3A3F186749D865F8BC3F97B19C4E9DEBCE4D8FCE9EFEB0B25B388DCE514890875
                                                  Malicious:false
                                                  Preview: .........................................................................................................................................................................................................................................................................................................................................................................................................................................................................HeZ......+....123716.user.C:\CCProxy...........8...... ............IFPS.............................................................................................................BOOLEAN....................?...........!MAIN....-1.@...........INITIALIZESETUP....16..REGQUERYSTRINGVALUE...........MSGBOX..........REMOVEQUOTES........EXEC........................GETDEFAULTDIR....8 @8........................................._...........`...........`........................`...............`.........InstallLocation..........`.....?...SOFTWARE\
                                                  C:\CCProxy\unins000.msg
                                                  Process:C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmp
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):11397
                                                  Entropy (8bit):4.691973131855328
                                                  Encrypted:false
                                                  SSDEEP:192:4yuyHdp7pdoksdrKUURqCZYcI71gWb/I+XIWCMVtQs:vFz7p85KaCZYcI71Tb/rIWCMVtN
                                                  MD5:B0610572F47DD7165EF515858C48C164
                                                  SHA1:07F192C9AB4166647F5FBB8108F6D3D803EF20B1
                                                  SHA-256:221D3BEFB04828CC2BA4D167DD2CC87B2680A58C5E7069210A17D0C37EC182BB
                                                  SHA-512:BBBD6A1D722A9833CE4AD2E7803AAB5AB9F2515F23CA1116DD3BC6ABA805F1575DF5767EE00E2191FED871F1977C4D373DE6AD2D446751316C771557D35E98A5
                                                  Malicious:false
                                                  Preview: Inno Setup Messages (5.5.3).........................................X,......G.a&About Setup....%1 version %2..%3....%1 home page:..%4..About Setup.You must be logged in as an administrator when installing this program..The following applications are using files that need to be updated by Setup. It is recommended that you allow Setup to automatically close these applications..The following applications are using files that need to be updated by Setup. It is recommended that you allow Setup to automatically close these applications. After the installation has completed, Setup will attempt to restart the applications..Folder names cannot include any of the following characters:....%1.The folder name cannot include any of the following characters:....%1..Select a folder in the list below, then click OK..Browse For Folder.< &Back.&Browse....Cancel.&Finish.&Install.&Make New Folder.&Next >.&No.N&o to All.OK.B&rowse....&Yes.Yes to &All.Setup cannot continue. Please click Cancel to exit..Setu
                                                  C:\CCProxy\web\is-2SQAF.tmp
                                                  Process:C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmp
                                                  File Type:HTML document, UTF-8 Unicode text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):3016
                                                  Entropy (8bit):5.061058811790533
                                                  Encrypted:false
                                                  SSDEEP:48:F1pphXlVFqOtjUveHP9YIdBOWFzU0N4C1S4VLAuawnv4/IgmSgAC:VXNqO1UvevdRHg8
                                                  MD5:AB48C2F1B5F50E0AC40B9E515587A3E0
                                                  SHA1:CE8B8D61CB09474A623D6DA2FF8570AEFF6F74E3
                                                  SHA-256:1109F658CC126FBF2A9B4A514F87CE70F878E8C50835D39190F67597645D5611
                                                  SHA-512:451EA940A91A199649BECA8DEE9FE3A23969EA0586939D3E3D5FE5E3BC6CD79B462A81D986D3C594C505808AC57C26C965104CE79856107EDE75D8AFB4A8E8FE
                                                  Malicious:false
                                                  Preview: header -->..<html><head><title>CCProxy Account Manager</title>..<meta http-equiv="Content-Type" content="text/html; charset=utf-8">..<style>..body,td {font-family: "arial"; font-size: 9pt;}...button { font-family: "Arial", "Helvetica", "sans-serif"; font-size: 9px; font-style: _italic; height: 18px; width: 50px}...editbox {font-family: "Arial", "Helvetica", "sans-serif"; font-size: 9px; height: 16px;}..</style></head><body>..<h3 align="center">CCProxy ....</h3>.. body -->..<form name="form" method="post" action="account">.. <table width="47%" border="1" cellspacing="0" cellpadding="5" align="center">.. <input type=hidden name="userid" value="$userid">.. <tr> .. <td nowrap align="right">...</td>.. <td nowrap>$username </td>.. </tr>.. <tr> .. <td nowrap align="right">..</td>.. <td nowrap>$enable</td>.. </tr>.. <tr> .. <td nowrap align="right">.....</td>.. <td nowrap>$connection</td>.. </tr>.. <tr
                                                  C:\CCProxy\web\is-6UOBB.tmp
                                                  Process:C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmp
                                                  File Type:HTML document, UTF-8 Unicode text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):5678
                                                  Entropy (8bit):4.917008741265922
                                                  Encrypted:false
                                                  SSDEEP:96:VXNqO1Uq65FSI2OVJ128ZKYYssyw63Jko8I2ZSYHGvh:ZIDqZyPYjLI2rH0
                                                  MD5:58829EBDDD3A12A24DC084CFEC129AD9
                                                  SHA1:31090C656F9C4CEE4EC3E6C8A5E000C42ED11F7D
                                                  SHA-256:33FC72CC8E25B62440D37997A658075D5E723BAE0AD58132846CE823CC8D8ECE
                                                  SHA-512:FF1B9E5887B853A2D3F6CB73F5DB76616E1CAEA0B098B0CFBE79E9E56DACF916144E40FCAD51A0EF05ACEBC6708CFC1DE113E119863446BEB21D7346C66BDEA5
                                                  Malicious:false
                                                  Preview: header -->..<html><head><title>CCProxy Account Manager</title>..<meta http-equiv="Content-Type" content="text/html; charset=utf-8">..<style>..body,td {font-family: "arial"; font-size: 9pt;}...button { font-family: "Arial", "Helvetica", "sans-serif"; font-size: 9px; font-style: _italic; height: 18px; width: 50px}...editbox {font-family: "Arial", "Helvetica", "sans-serif"; font-size: 9px; height: 16px;}..</style></head><body>..<h3 align="center">CCProxy ....</h3>..<table width="100%" border="1" cellspacing="0" cellpadding="0" id="t$userid">.. <tr align="center"> .. <td nowrap width="0">&nbsp; </td>.. <td nowrap width="0">&nbsp; </td>.. <td nowrap width="0">...</td>.. <td nowrap width="0" align="center">..</td>.. <td nowrap width="0" align="center">..</td>.. <td nowrap width="0" align="center">IP ..</td>.. <td nowrap width="0">MAC ..</td>.. <td nowrap width="0" colspan="2">...</td>.. <td nowrap width="0" colspan="2">.
                                                  C:\CCProxy\web\is-I8FLJ.tmp
                                                  Process:C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmp
                                                  File Type:PHP script, ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):4762
                                                  Entropy (8bit):5.162258614063539
                                                  Encrypted:false
                                                  SSDEEP:48:XseokiW3MbXDbztbyqK+2ek2/L7D3o5jiW3+IqKJek2/L7gJFo4Cek2/L7D9zoOv:UFXRV0eNU5EUeNAy5eN5UO6iPUW
                                                  MD5:77EF42F252112B7ECB69F9E26600FE3E
                                                  SHA1:6CEEF6B87FC0EDFB3B9E272FA6CA0529F6A22300
                                                  SHA-256:815D42EA800BDF4A5133A85F6D22B45B87D408E7CFBE7D3DEBE7C2F47E1D8912
                                                  SHA-512:5A1AC520576606B3C499C8DFA057771FA4CBE5AD5E691F9AF27FD8803F9C3E1E156CB462B6D2B6F647988869D5FBCF4A1DE3D899C33C1BAA1E9FB8C09008C184
                                                  Malicious:false
                                                  Preview: <?....function accountcreate($username, $password, $ipaddress, $macaddress, $connection, $bandwidth, $disabledate, $disabletime)..{...$adminpassword='admin';...$adminport=88;...$proxyaddress='mail.ccproxy.com';.....$fp = fsockopen($proxyaddress, $adminport, &$errno, &$errstr, 1000);...if(!$fp) ...{.. .echo "$errstr ($errno)<br>\n";...} ...else ...{....$url_ = "/account";....$url = "add=1"."&";....$url = $url."autodisable=1"."&";....$url = $url."enable=1"."&";....if(strlen($password) > 0).....$url = $url."usepassword=1"."&";....else.....$url = $url."usepassword=0"."&";....if(strlen($ipaddress) > 0).....$url = $url."useipaddress=1"."&";....else.....$url = $url."useipaddress=0"."&";....if(strlen($macaddress) > 0).....$url = $url."usemacaddress=1"."&";....else.....$url = $url."usemacaddress=0"."&";.......$url = $url."enablesocks=1"."&";....$url = $url."enablewww=0"."&";....$url = $url."enabletelnet=0"."&";....$url = $url."enabledial=0"."&";....$url = $url."enableftp=0"."&";....$url
                                                  C:\CCProxy\web\is-M48UJ.tmp
                                                  Process:C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmp
                                                  File Type:exported SGML document, ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):73
                                                  Entropy (8bit):4.144653586503454
                                                  Encrypted:false
                                                  SSDEEP:3:j43wMIIFqBcb/IFvJFR5bTAJLynQKgvn:CwJIosIZL/bwLiQf
                                                  MD5:F74DC14E0359298DEFC845A1F24B865E
                                                  SHA1:EB2E1ED740E86703FBE0103F067CEB1D3F4BBCAE
                                                  SHA-256:5919D6E8242E9CE7262BCD92A306EF261177BD94FAF19789FCEFBA2A77072AF2
                                                  SHA-512:FA6C613C5E11A583C545FD6078CD51D03AD88E8D4CA6878A686483DF6A360ADD9D806557F11FD5E7792ED81257B17A98225AD9650C7FCCE8ADB8506383E5635E
                                                  Malicious:false
                                                  Preview: header --> body --> tail -->..$totalactiveconn..$totalconn..
                                                  C:\CCProxy\web\is-NBCN7.tmp
                                                  Process:C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmp
                                                  File Type:HTML document, ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):3071
                                                  Entropy (8bit):4.710297405311219
                                                  Encrypted:false
                                                  SSDEEP:48:F1pphXlVFqOtjReHP9YMixMO2ZNUtu4iH7u9Xj/lpDAC:VXNqO1Revg3
                                                  MD5:507F2B0582E1D5904A57FF02FB409974
                                                  SHA1:6DF3EC48757C1D5FD9C3F445E10450E3B5B00F6F
                                                  SHA-256:0D770FC1159D303C8E4AB69AA5BB09FA6949DEFE498792ED0ECD7A6FA019055D
                                                  SHA-512:21386E7AA76A4117FD150D1B0DD4CF39C1382E324C1D7C90E2ED059EA29FCBE3BF40AC649E6A5527041683CB672745601E638DEB46041D948E0345FAA80BEBD0
                                                  Malicious:false
                                                  Preview: header -->..<html><head><title>CCProxy Account Manager</title>..<meta http-equiv="Content-Type" content="text/html; charset=utf-8">..<style>..body,td {font-family: "arial"; font-size: 9pt;}...button { font-family: "Arial", "Helvetica", "sans-serif"; font-size: 9px; font-style: _italic; height: 18px; width: 50px}...editbox {font-family: "Arial", "Helvetica", "sans-serif"; font-size: 9px; height: 16px;}..</style></head><body>..<h3 align="center">CCProxy Account Manager </h3>.. body -->..<form name="form" method="post" action="account">.. <table width="47%" border="1" cellspacing="0" cellpadding="5" align="center">.. <input type=hidden name="userid" value="$userid">.. <tr> .. <td nowrap align="right">Username</td>.. <td nowrap>$username </td>.. </tr>.. <tr> .. <td nowrap align="right">Enabled</td>.. <td nowrap>$enable</td>.. </tr>.. <tr> .. <td nowrap align="right">Connection Limitation</td>.. <td nowrap>$connection</td>.. </tr
                                                  C:\CCProxy\web\is-U92L7.tmp
                                                  Process:C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmp
                                                  File Type:HTML document, ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):5737
                                                  Entropy (8bit):4.704014000876694
                                                  Encrypted:false
                                                  SSDEEP:96:VXNqO1g6h/lhh3OVJ128ZKYYsst63Jko8I2ZSYHdfEp:ZIlc9yPYPLI2rHdA
                                                  MD5:8E75AC924B0DD96A5A0C69F50CDF2058
                                                  SHA1:DAF63C6A40E282DAC77A99BE2646EE63E9D6C2F8
                                                  SHA-256:B8E3820854AB5898E3190DFF5AC453E11A07A67E61AFD3D5057C79B61D1FC3FA
                                                  SHA-512:C21EC9DD3538617DC5BFA176B7BD9D25565A501F34E9F9C9FE7A4C3B12706A067DD408D8E97534E7526B2AE28868F41A36D77E423839EBAF60AC70E38B88864D
                                                  Malicious:false
                                                  Preview: header -->..<html><head><title>CCProxy Account Manager</title>..<meta http-equiv="Content-Type" content="text/html; charset=utf-8">..<style>..body,td {font-family: "arial"; font-size: 9pt;}...button { font-family: "Arial", "Helvetica", "sans-serif"; font-size: 9px; font-style: _italic; height: 18px; width: 50px}...editbox {font-family: "Arial", "Helvetica", "sans-serif"; font-size: 9px; height: 16px;}..</style></head><body>..<h3 align="center">CCProxy Account Manager </h3>..<table width="100%" border="1" cellspacing="0" cellpadding="0" id="t$userid">.. <tr align="center"> .. <td nowrap width="0">&nbsp; </td>.. <td nowrap width="0">&nbsp; </td>.. <td nowrap width="0">Username </td>.. <td nowrap width="0" align="center">Enabled </td>.. <td nowrap width="0" align="center">Password </td>.. <td nowrap width="0" align="center">IP Address</td>.. <td nowrap width="0">MAC Address</td>.. <td nowrap width="0" colspan="2">Connections </td>.. <td nowrap width="0" c
                                                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCProxy\CCProxy.lnk
                                                  Process:C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmp
                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Tue Apr 6 13:56:24 2021, mtime=Tue Apr 6 13:56:24 2021, atime=Fri Jul 22 15:57:56 2016, length=2624880, window=hide
                                                  Category:dropped
                                                  Size (bytes):645
                                                  Entropy (8bit):4.4754034463870545
                                                  Encrypted:false
                                                  SSDEEP:12:8mP0A6B8m/1Td/PCl+jAgCmq01m3Op5HLm:8mhcdT5eCAgI017ptm
                                                  MD5:D4C6C3F7DA5CE8ECA029C985A3F7C55A
                                                  SHA1:A0E7A168282C57E8FFB393889B0D9BC92A72F2C7
                                                  SHA-256:5740AD2D8EED8B2A613BA9690F7E50D271A1F578283387CD7A13D7306BF74FC1
                                                  SHA-512:153C5AF42C01B29B273065D79F4A2F9AFCDC4B2D104C8167AC798297A7166207FA932CBC7C5C3D5289A6E888CECDF4816A4D45A8E12DD875CA0F9411DBC66910
                                                  Malicious:false
                                                  Preview: L..................F.... ....T...*..-...*....}1:...p.(..........................P.O. .:i.....+00.../C:\...................V.1......R.w..CCProxy.@......R.w.R.w....[.........................C.C.P.r.o.x.y.....b.2.p.(..H<. .CCProxy.exe.H......R.w.R.w....:[........................C.C.P.r.o.x.y...e.x.e.......E...............-.......D............A.5.....C:\CCProxy\CCProxy.exe..%.....\.....\.....\.....\.....\.....\.C.C.P.r.o.x.y.\.C.C.P.r.o.x.y...e.x.e...C.:.\.C.C.P.r.o.x.y.`.......X.......123716...........!a..%.H.VZAj....^t.+........W...!a..%.H.VZAj....^t.+........W..E.......9...1SPS..mD..pH.H@..=x.....h....H......K*..@.A..7sFJ............
                                                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCProxy\Uninstall CCProxy.lnk
                                                  Process:C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmp
                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Tue Apr 6 13:56:24 2021, mtime=Tue Apr 6 13:56:24 2021, atime=Tue Apr 6 13:56:04 2021, length=714608, window=hide
                                                  Category:dropped
                                                  Size (bytes):652
                                                  Entropy (8bit):4.580297106375271
                                                  Encrypted:false
                                                  SSDEEP:6:4xtAl/ZrScqyl//rRdygTxb/lDgT03A1TxlUlhdPTtSljAlD5CSsAgg0dPTvmdVZ:8mTqm/1Td/Te4bajAEzxm3Op5M0m
                                                  MD5:E3A6FB91D550146B95A6BD101E6AC0B1
                                                  SHA1:5CE2BE142C36D59D8EF4CB918F49C3EFC0CB4EC6
                                                  SHA-256:2272559DA48A5A681DF2E08EB96E13630B87868E56DFBDA8F00D7D6C6AC2B219
                                                  SHA-512:307233E2CAF3D05768A1184D5B27048264628331C94663FCAF6B1DAAEEB51399327545BEA5BEC6982B05EF7E181C2ECDB72180FE05D0FD35886A1DE2B5CBEEF6
                                                  Malicious:false
                                                  Preview: L..................F.... .....x..*..M.}..*..5....*..p............................P.O. .:i.....+00.../C:\...................V.1......R.w..CCProxy.@......R.w.R.w....[........................C.C.P.r.o.x.y.....f.2.p....R.w .unins000.exe..J......R.w.R.w....5[.....................{..u.n.i.n.s.0.0.0...e.x.e.......F...............-.......E............A.5.....C:\CCProxy\unins000.exe..&.....\.....\.....\.....\.....\.....\.C.C.P.r.o.x.y.\.u.n.i.n.s.0.0.0...e.x.e...C.:.\.C.C.P.r.o.x.y.`.......X.......123716...........!a..%.H.VZAj...+^t.+........W...!a..%.H.VZAj...+^t.+........W..E.......9...1SPS..mD..pH.H@..=x.....h....H......K*..@.A..7sFJ............
                                                  C:\Users\user\AppData\Local\Temp\is-E27H8.tmp\_isetup\_setup64.tmp
                                                  Process:C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmp
                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):6144
                                                  Entropy (8bit):4.363359036723334
                                                  Encrypted:false
                                                  SSDEEP:48:SvrzfWvPcXegCPUo1vlZQrAxoONfHFZONfH3d1xCWMBFNL2piSS4k+bkg6j0KHc:+fkcXegaJ/ZAYNzcld1xaX12pTSKvkc
                                                  MD5:526426126AE5D326D0A24706C77D8C5C
                                                  SHA1:68BAEC323767C122F74A269D3AA6D49EB26903DB
                                                  SHA-256:B20A8D88C550981137ED831F2015F5F11517AEB649C29642D9D61DEA5EBC37D1
                                                  SHA-512:A2D824FB08BF0B2B2CC0B5E4AF8B13D5BC752EA0D195C6D40FD72AEC05360A3569EADE1749BDAC81CFB075112D0D3CD030D40F629DAF7ABCC243F9D8DCA8BFBE
                                                  Malicious:false
                                                  Antivirus:
                                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                                  • Antivirus: ReversingLabs, Detection: 2%
                                                  Joe Sandbox View:
                                                  • Filename: RNuld8RVuz.exe, Detection: malicious, Browse
                                                  • Filename: free-_287894825.exe, Detection: malicious, Browse
                                                  • Filename: setup_660813137.exe, Detection: malicious, Browse
                                                  • Filename: filedata.exe, Detection: malicious, Browse
                                                  • Filename: apmsetup.exe, Detection: malicious, Browse
                                                  • Filename: , Detection: malicious, Browse
                                                  • Filename: , Detection: malicious, Browse
                                                  • Filename: , Detection: malicious, Browse
                                                  • Filename: , Detection: malicious, Browse
                                                  • Filename: , Detection: malicious, Browse
                                                  • Filename: , Detection: malicious, Browse
                                                  • Filename: PDFAnnotatorSetup.exe, Detection: malicious, Browse
                                                  • Filename: eupanda.exe, Detection: malicious, Browse
                                                  • Filename: , Detection: malicious, Browse
                                                  • Filename: pcspsncwros_us3.exe, Detection: malicious, Browse
                                                  • Filename: Install My Faster PC.exe, Detection: malicious, Browse
                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`..............................................................<!.......P.......@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc........P......................@..@................................................................................................................................................................................................................................................................................................................................
                                                  C:\Users\user\AppData\Local\Temp\is-E27H8.tmp\_isetup\_shfoldr.dll
                                                  Process:C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmp
                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                  Category:dropped
                                                  Size (bytes):23312
                                                  Entropy (8bit):4.596242908851566
                                                  Encrypted:false
                                                  SSDEEP:384:+Vm08QoKkiWZ76UJuP71W55iWHHoSHigH2euwsHTGHVb+VHHmnH+aHjHqLHxmoq1:2m08QotiCjJuPGw4
                                                  MD5:92DC6EF532FBB4A5C3201469A5B5EB63
                                                  SHA1:3E89FF837147C16B4E41C30D6C796374E0B8E62C
                                                  SHA-256:9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87
                                                  SHA-512:9908E573921D5DBC3454A1C0A6C969AB8A81CC2E8B5385391D46B1A738FB06A76AA3282E0E58D0D2FFA6F27C85668CD5178E1500B8A39B1BBAE04366AE6A86D3
                                                  Malicious:false
                                                  Antivirus:
                                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                                  • Antivirus: ReversingLabs, Detection: 3%
                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......IzJ^..$...$...$...%.".$.T87...$.[."...$...$...$.Rich..$.........................PE..L.....\;...........#..... ...4.......'.......0.....q....................................................................k...l)..<....@.../...................p..T....................................................................................text...{........ .................. ..`.data...\....0.......&..............@....rsrc..../...@...0...(..............@..@.reloc.......p.......X..............@..B................................................................................................................................................................................................................................................................................................................................................................................................
                                                  C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmp
                                                  Process:C:\Users\user\Desktop\ccproxysetup-free.exe
                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):714608
                                                  Entropy (8bit):6.525452365063682
                                                  Encrypted:false
                                                  SSDEEP:12288:iQszP8NRMXpc/rPx37/zHBA66pE+4p1YR71CERdH6rN9by7HaOMe3mxyF:iQQP8YXpc/rPx37/zHBA6plp+51CErzP
                                                  MD5:661296AFBB73CA68432EDE7C26FC0108
                                                  SHA1:39A56AAC8DF003CAEE79A04B6DF0F20B5824FF3C
                                                  SHA-256:5674F722A041A9368E48014A3B1309D9B016AF7E02F996FF07DDD0923092273B
                                                  SHA-512:9BA4B0A35EB325E1FEE61821AC7A653E84A1A525D097D6931CC7A4D052145515C435B22398A8BB54C596D98431F739D3A5DAB62B2E7103D170655FF0EAAA5A48
                                                  Malicious:false
                                                  Antivirus:
                                                  • Antivirus: Metadefender, Detection: 2%, Browse
                                                  • Antivirus: ReversingLabs, Detection: 3%
                                                  Preview: MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.........................................@.................................q............@...............................%......................p.................................... ......................................................CODE....,........................... ..`DATA................................@...BSS......................................idata...%.......&..................@....tls.....................................rdata....... ......................@..P.reloc..(....0......................@..P.rsrc...............................@..P.....................Z..............@..P........................................................................................................................................
                                                  C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\CCProxy.lnk
                                                  Process:C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmp
                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Tue Apr 6 13:56:24 2021, mtime=Tue Apr 6 13:56:24 2021, atime=Fri Jul 22 15:57:56 2016, length=2624880, window=hide
                                                  Category:dropped
                                                  Size (bytes):651
                                                  Entropy (8bit):4.468005818855871
                                                  Encrypted:false
                                                  SSDEEP:12:8mP0A6B8m/1Td/BCl+jAgCq01m3Op5HLm:8mhcdTHeCAgx017ptm
                                                  MD5:5122639865DE7D851E1D918F28FC94FA
                                                  SHA1:6A9A3BD9942742780C1C29FB58454A192A5B4DA7
                                                  SHA-256:8CDE4225C0013523143EE4778C438BB5412AB490008FE1A14E3666A9F7EC4D0C
                                                  SHA-512:BEEDCA39FEEC2DD4E8280A35E232672C62E8E851569510923AAA2526FE99E0D8773E6815271540BBD6A7C6EDB92EF520282B510C0DA3387E553F7D483EE982F5
                                                  Malicious:false
                                                  Preview: L..................F.... ....T...*..-...*....}1:...p.(..........................P.O. .:i.....+00.../C:\...................V.1......R.w..CCProxy.@......R.w.R.w....[........................C.C.P.r.o.x.y.....b.2.p.(..H<. .CCProxy.exe.H......R.w.R.w....:[........................C.C.P.r.o.x.y...e.x.e.......E...............-.......D............A.5.....C:\CCProxy\CCProxy.exe..(.....\.....\.....\.....\.....\.....\.....\.C.C.P.r.o.x.y.\.C.C.P.r.o.x.y...e.x.e...C.:.\.C.C.P.r.o.x.y.`.......X.......123716...........!a..%.H.VZAj....^t.+........W...!a..%.H.VZAj....^t.+........W..E.......9...1SPS..mD..pH.H@..=x.....h....H......K*..@.A..7sFJ............
                                                  C:\Users\user\Desktop\CCProxy.lnk
                                                  Process:C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmp
                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Tue Apr 6 13:56:24 2021, mtime=Tue Apr 6 13:56:24 2021, atime=Fri Jul 22 15:57:56 2016, length=2624880, window=hide
                                                  Category:dropped
                                                  Size (bytes):627
                                                  Entropy (8bit):4.511865575653098
                                                  Encrypted:false
                                                  SSDEEP:12:8mP0A6B8m/1Td/BCl+jAgC+01m3Op5HLm:8mhcdTHeCAgl017ptm
                                                  MD5:C787D190758E7F0DB9BC2A2DE1756BDD
                                                  SHA1:B9C99B571AF49B6FB82DF6038AA3276842EEF793
                                                  SHA-256:92961EFADC6E822CDED3F80802109D60EB56AA49D89700931776D3165F7E49CB
                                                  SHA-512:648488F22D1F187705CC9AEDD8427E9C48B75DE87DD8DE824A1687AED6C3021E46AC9BB4E9585DE9312D0C1552D05323E73AE7FA1029FF56169CF0A2C9385A61
                                                  Malicious:false
                                                  Preview: L..................F.... ....T...*..-...*....}1:...p.(..........................P.O. .:i.....+00.../C:\...................V.1......R.w..CCProxy.@......R.w.R.w....[........................C.C.P.r.o.x.y.....b.2.p.(..H<. .CCProxy.exe.H......R.w.R.w....:[........................C.C.P.r.o.x.y...e.x.e.......E...............-.......D............A.5.....C:\CCProxy\CCProxy.exe........\.....\.....\.C.C.P.r.o.x.y.\.C.C.P.r.o.x.y...e.x.e...C.:.\.C.C.P.r.o.x.y.`.......X.......123716...........!a..%.H.VZAj....^t.+........W...!a..%.H.VZAj....^t.+........W..E.......9...1SPS..mD..pH.H@..=x.....h....H......K*..@.A..7sFJ............

                                                  Static File Info

                                                  General

                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                  Entropy (8bit):7.982920353871681
                                                  TrID:
                                                  • Win32 Executable (generic) a (10002005/4) 98.73%
                                                  • Inno Setup installer (109748/4) 1.08%
                                                  • Windows Screen Saver (13104/52) 0.13%
                                                  • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                  File name:ccproxysetup-free.exe
                                                  File size:1093328
                                                  MD5:3d07be760cd5756d6ca67bd0096fe8d2
                                                  SHA1:2961eb46fb06ea87d2a31926575cd52e6a3fbfeb
                                                  SHA256:5b602304faf88737a24a3ad74f92938ea60eed8bdc4532131a31bce5a58be98a
                                                  SHA512:c9bf8901d2f4f542f01cab53132813a95a4a681b736135464c65cf2c4eb1e495daa7afd356c3010dec9c8e3e24bbe423a4d24a55671c964b4a2e19cf7c51ecf3
                                                  SSDEEP:24576:xQi/gX6I8FgDe3IOmy2a9k9LB5tBgWmvl7mEZKY:x9y8YD3amFuvl
                                                  File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                  File Icon

                                                  Icon Hash:a2a0b496b2caca72

                                                  Static PE Info

                                                  General

                                                  Entrypoint:0x40a5f8
                                                  Entrypoint Section:CODE
                                                  Digitally signed:true
                                                  Imagebase:0x400000
                                                  Subsystem:windows gui
                                                  Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI, RELOCS_STRIPPED
                                                  DLL Characteristics:TERMINAL_SERVER_AWARE
                                                  Time Stamp:0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
                                                  TLS Callbacks:
                                                  CLR (.Net) Version:
                                                  OS Version Major:1
                                                  OS Version Minor:0
                                                  File Version Major:1
                                                  File Version Minor:0
                                                  Subsystem Version Major:1
                                                  Subsystem Version Minor:0
                                                  Import Hash:884310b1928934402ea6fec1dbd3cf5e

                                                  Authenticode Signature

                                                  Signature Valid:true
                                                  Signature Issuer:CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
                                                  Signature Validation Error:The operation completed successfully
                                                  Error Number:0
                                                  Not Before, Not After
                                                  • 3/25/2015 5:00:00 PM 5/14/2018 4:59:59 PM
                                                  Subject Chain
                                                  • CN="Youngzsoft Co., Ltd.", OU=Software Development, O="Youngzsoft Co., Ltd.", L=Changsha, S=Hunan, C=CN
                                                  Version:3
                                                  Thumbprint MD5:24887CCD1E34FEFAF004315C092A7117
                                                  Thumbprint SHA-1:02A0F465A03DC634391CE2D56996118734B49AA2
                                                  Thumbprint SHA-256:7CBAD3C8313A420AD02B8BBF08F1F640D5329261F9CF582CB8F0B0088B55F9DF
                                                  Serial:72D5CAF59A3CC644C573E13EA0892EAB

                                                  Entrypoint Preview

                                                  Instruction
                                                  push ebp
                                                  mov ebp, esp
                                                  add esp, FFFFFFC4h
                                                  push ebx
                                                  push esi
                                                  push edi
                                                  xor eax, eax
                                                  mov dword ptr [ebp-10h], eax
                                                  mov dword ptr [ebp-24h], eax
                                                  call 00007F54A8AF4383h
                                                  call 00007F54A8AF558Ah
                                                  call 00007F54A8AF5819h
                                                  call 00007F54A8AF58BCh
                                                  call 00007F54A8AF785Bh
                                                  call 00007F54A8AFA1C6h
                                                  call 00007F54A8AFA32Dh
                                                  xor eax, eax
                                                  push ebp
                                                  push 0040ACC9h
                                                  push dword ptr fs:[eax]
                                                  mov dword ptr fs:[eax], esp
                                                  xor edx, edx
                                                  push ebp
                                                  push 0040AC92h
                                                  push dword ptr fs:[edx]
                                                  mov dword ptr fs:[edx], esp
                                                  mov eax, dword ptr [0040C014h]
                                                  call 00007F54A8AFADDBh
                                                  call 00007F54A8AFA9C6h
                                                  cmp byte ptr [0040B234h], 00000000h
                                                  je 00007F54A8AFB8BEh
                                                  call 00007F54A8AFAED8h
                                                  xor eax, eax
                                                  call 00007F54A8AF5079h
                                                  lea edx, dword ptr [ebp-10h]
                                                  xor eax, eax
                                                  call 00007F54A8AF7E6Bh
                                                  mov edx, dword ptr [ebp-10h]
                                                  mov eax, 0040CE28h
                                                  call 00007F54A8AF441Ah
                                                  push 00000002h
                                                  push 00000000h
                                                  push 00000001h
                                                  mov ecx, dword ptr [0040CE28h]
                                                  mov dl, 01h
                                                  mov eax, 0040738Ch
                                                  call 00007F54A8AF86FAh
                                                  mov dword ptr [0040CE2Ch], eax
                                                  xor edx, edx
                                                  push ebp
                                                  push 0040AC4Ah
                                                  push dword ptr fs:[edx]
                                                  mov dword ptr fs:[edx], esp
                                                  call 00007F54A8AFAE36h
                                                  mov dword ptr [0040CE34h], eax
                                                  mov eax, dword ptr [0040CE34h]
                                                  cmp dword ptr [eax+0Ch], 00000000h

                                                  Data Directories

                                                  NameVirtual AddressVirtual Size Is in Section
                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0xd0000x950.idata
                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x110000x2c00.rsrc
                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x1095600x1970
                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_TLS0xf0000x18.rdata
                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                  Sections

                                                  NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                  CODE0x10000x9d300x9e00False0.60527096519data6.63176587695IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                  DATA0xb0000x2500x400False0.306640625data2.75182066229IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                  BSS0xc0000xe8c0x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                  .idata0xd0000x9500xa00False0.414453125data4.4307330698IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                  .tls0xe0000x80x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                  .rdata0xf0000x180x200False0.052734375data0.20448815744IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                  .reloc0x100000x8c40x0False0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                  .rsrc0x110000x2c000x2c00False0.332208806818data4.55534003528IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ

                                                  Resources

                                                  NameRVASizeTypeLanguageCountry
                                                  RT_ICON0x113540x128GLS_BINARY_LSB_FIRSTDutchNetherlands
                                                  RT_ICON0x1147c0x568GLS_BINARY_LSB_FIRSTDutchNetherlands
                                                  RT_ICON0x119e40x2e8dataDutchNetherlands
                                                  RT_ICON0x11ccc0x8a8dataDutchNetherlands
                                                  RT_STRING0x125740x2f2data
                                                  RT_STRING0x128680x30cdata
                                                  RT_STRING0x12b740x2cedata
                                                  RT_STRING0x12e440x68data
                                                  RT_STRING0x12eac0xb4data
                                                  RT_STRING0x12f600xaedata
                                                  RT_RCDATA0x130100x2cdata
                                                  RT_GROUP_ICON0x1303c0x3edataEnglishUnited States
                                                  RT_VERSION0x1307c0x4f4dataEnglishUnited States
                                                  RT_MANIFEST0x135700x5e8XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States

                                                  Imports

                                                  DLLImport
                                                  kernel32.dllDeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, WideCharToMultiByte, TlsSetValue, TlsGetValue, MultiByteToWideChar, GetModuleHandleA, GetLastError, GetCommandLineA, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetSystemTime, GetFileType, ExitProcess, CreateFileA, CloseHandle
                                                  user32.dllMessageBoxA
                                                  oleaut32.dllVariantChangeTypeEx, VariantCopyInd, VariantClear, SysStringLen, SysAllocStringLen
                                                  advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA
                                                  kernel32.dllWriteFile, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, Sleep, SizeofResource, SetLastError, SetFilePointer, SetErrorMode, SetEndOfFile, RemoveDirectoryA, ReadFile, LockResource, LoadResource, LoadLibraryA, IsDBCSLeadByte, GetWindowsDirectoryA, GetVersionExA, GetUserDefaultLangID, GetSystemInfo, GetSystemDefaultLCID, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeProcess, GetEnvironmentVariableA, GetCurrentProcess, GetCommandLineA, GetACP, InterlockedExchange, FormatMessageA, FindResourceA, DeleteFileA, CreateProcessA, CreateFileA, CreateDirectoryA, CloseHandle
                                                  user32.dllTranslateMessage, SetWindowLongA, PeekMessageA, MsgWaitForMultipleObjects, MessageBoxA, LoadStringA, ExitWindowsEx, DispatchMessageA, DestroyWindow, CreateWindowExA, CallWindowProcA, CharPrevA
                                                  comctl32.dllInitCommonControls
                                                  advapi32.dllAdjustTokenPrivileges

                                                  Version Infos

                                                  DescriptionData
                                                  LegalCopyrightCopyright 2000-2016 Youngzsoft
                                                  FileVersion8.0
                                                  CompanyNameYoungzsoft, Inc.
                                                  CommentsThis installation was built with Inno Setup.
                                                  ProductNameCCProxy
                                                  ProductVersion8.0
                                                  FileDescriptionCCProxy Setup
                                                  Translation0x0000 0x04b0

                                                  Possible Origin

                                                  Language of compilation systemCountry where language is spokenMap
                                                  DutchNetherlands
                                                  EnglishUnited States

                                                  Network Behavior

                                                  Network Port Distribution

                                                  TCP Packets

                                                  TimestampSource PortDest PortSource IPDest IP
                                                  Apr 6, 2021 07:56:32.232037067 CEST4972080192.168.2.587.248.100.215
                                                  Apr 6, 2021 07:56:32.304409027 CEST804972087.248.100.215192.168.2.5
                                                  Apr 6, 2021 07:56:32.304512024 CEST4972080192.168.2.587.248.100.215
                                                  Apr 6, 2021 07:56:32.304691076 CEST4972080192.168.2.587.248.100.215
                                                  Apr 6, 2021 07:56:32.375047922 CEST804972087.248.100.215192.168.2.5
                                                  Apr 6, 2021 07:56:32.375144958 CEST4972080192.168.2.587.248.100.215
                                                  Apr 6, 2021 07:56:34.096980095 CEST4972280192.168.2.596.126.108.173
                                                  Apr 6, 2021 07:56:34.218791962 CEST804972296.126.108.173192.168.2.5
                                                  Apr 6, 2021 07:56:34.218930006 CEST4972280192.168.2.596.126.108.173
                                                  Apr 6, 2021 07:56:34.224473953 CEST4972280192.168.2.596.126.108.173
                                                  Apr 6, 2021 07:56:34.347738028 CEST804972296.126.108.173192.168.2.5
                                                  Apr 6, 2021 07:56:34.352200985 CEST804972296.126.108.173192.168.2.5
                                                  Apr 6, 2021 07:56:34.488244057 CEST4972280192.168.2.596.126.108.173
                                                  Apr 6, 2021 07:56:36.311239958 CEST4972280192.168.2.596.126.108.173

                                                  UDP Packets

                                                  TimestampSource PortDest PortSource IPDest IP
                                                  Apr 6, 2021 07:55:59.812522888 CEST6173353192.168.2.58.8.8.8
                                                  Apr 6, 2021 07:55:59.858680010 CEST53617338.8.8.8192.168.2.5
                                                  Apr 6, 2021 07:56:00.214729071 CEST6544753192.168.2.58.8.8.8
                                                  Apr 6, 2021 07:56:00.284522057 CEST53654478.8.8.8192.168.2.5
                                                  Apr 6, 2021 07:56:00.819832087 CEST5244153192.168.2.58.8.8.8
                                                  Apr 6, 2021 07:56:00.875817060 CEST53524418.8.8.8192.168.2.5
                                                  Apr 6, 2021 07:56:03.518559933 CEST6217653192.168.2.58.8.8.8
                                                  Apr 6, 2021 07:56:03.564599037 CEST53621768.8.8.8192.168.2.5
                                                  Apr 6, 2021 07:56:04.900906086 CEST5959653192.168.2.58.8.8.8
                                                  Apr 6, 2021 07:56:04.949738026 CEST53595968.8.8.8192.168.2.5
                                                  Apr 6, 2021 07:56:06.600625992 CEST6529653192.168.2.58.8.8.8
                                                  Apr 6, 2021 07:56:06.646462917 CEST53652968.8.8.8192.168.2.5
                                                  Apr 6, 2021 07:56:07.503767014 CEST6318353192.168.2.58.8.8.8
                                                  Apr 6, 2021 07:56:07.551086903 CEST53631838.8.8.8192.168.2.5
                                                  Apr 6, 2021 07:56:08.269804001 CEST6015153192.168.2.58.8.8.8
                                                  Apr 6, 2021 07:56:08.315731049 CEST53601518.8.8.8192.168.2.5
                                                  Apr 6, 2021 07:56:09.071280003 CEST5696953192.168.2.58.8.8.8
                                                  Apr 6, 2021 07:56:09.125879049 CEST53569698.8.8.8192.168.2.5
                                                  Apr 6, 2021 07:56:11.875215054 CEST5516153192.168.2.58.8.8.8
                                                  Apr 6, 2021 07:56:11.924124002 CEST53551618.8.8.8192.168.2.5
                                                  Apr 6, 2021 07:56:22.139302969 CEST5475753192.168.2.58.8.8.8
                                                  Apr 6, 2021 07:56:22.185272932 CEST53547578.8.8.8192.168.2.5
                                                  Apr 6, 2021 07:56:25.978678942 CEST4999253192.168.2.58.8.8.8
                                                  Apr 6, 2021 07:56:26.034794092 CEST53499928.8.8.8192.168.2.5
                                                  Apr 6, 2021 07:56:32.182636023 CEST6007553192.168.2.58.8.8.8
                                                  Apr 6, 2021 07:56:32.231045961 CEST53600758.8.8.8192.168.2.5
                                                  Apr 6, 2021 07:56:32.773356915 CEST5501653192.168.2.58.8.8.8
                                                  Apr 6, 2021 07:56:32.834916115 CEST53550168.8.8.8192.168.2.5
                                                  Apr 6, 2021 07:56:33.827523947 CEST6434553192.168.2.58.8.8.8
                                                  Apr 6, 2021 07:56:34.075306892 CEST53643458.8.8.8192.168.2.5
                                                  Apr 6, 2021 07:56:35.118513107 CEST5712853192.168.2.58.8.8.8
                                                  Apr 6, 2021 07:56:35.180867910 CEST53571288.8.8.8192.168.2.5
                                                  Apr 6, 2021 07:56:35.203625917 CEST5479153192.168.2.58.8.8.8
                                                  Apr 6, 2021 07:56:35.268412113 CEST53547918.8.8.8192.168.2.5
                                                  Apr 6, 2021 07:56:41.854585886 CEST5046353192.168.2.58.8.8.8
                                                  Apr 6, 2021 07:56:41.900841951 CEST53504638.8.8.8192.168.2.5
                                                  Apr 6, 2021 07:56:50.193968058 CEST5039453192.168.2.58.8.8.8
                                                  Apr 6, 2021 07:56:50.251776934 CEST53503948.8.8.8192.168.2.5
                                                  Apr 6, 2021 07:56:53.413809061 CEST5853053192.168.2.58.8.8.8
                                                  Apr 6, 2021 07:56:53.461482048 CEST53585308.8.8.8192.168.2.5
                                                  Apr 6, 2021 07:57:03.499959946 CEST5381353192.168.2.58.8.8.8
                                                  Apr 6, 2021 07:57:03.564387083 CEST53538138.8.8.8192.168.2.5
                                                  Apr 6, 2021 07:57:19.210037947 CEST6373253192.168.2.58.8.8.8
                                                  Apr 6, 2021 07:57:19.256155014 CEST53637328.8.8.8192.168.2.5
                                                  Apr 6, 2021 07:57:21.772566080 CEST5734453192.168.2.58.8.8.8
                                                  Apr 6, 2021 07:57:21.830987930 CEST53573448.8.8.8192.168.2.5
                                                  Apr 6, 2021 07:57:54.648525953 CEST5445053192.168.2.58.8.8.8
                                                  Apr 6, 2021 07:57:54.698064089 CEST53544508.8.8.8192.168.2.5
                                                  Apr 6, 2021 07:57:56.494321108 CEST5926153192.168.2.58.8.8.8
                                                  Apr 6, 2021 07:57:56.557831049 CEST53592618.8.8.8192.168.2.5
                                                  Apr 6, 2021 07:58:12.187446117 CEST5715153192.168.2.58.8.8.8
                                                  Apr 6, 2021 07:58:12.235265017 CEST53571518.8.8.8192.168.2.5

                                                  DNS Queries

                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                  Apr 6, 2021 07:56:32.182636023 CEST192.168.2.58.8.8.80xc914Standard query (0)www.yahoo.comA (IP address)IN (0x0001)
                                                  Apr 6, 2021 07:56:33.827523947 CEST192.168.2.58.8.8.80x3dc5Standard query (0)update.youngzsoft.comA (IP address)IN (0x0001)
                                                  Apr 6, 2021 07:58:12.187446117 CEST192.168.2.58.8.8.80x65e4Standard query (0)www.yahoo.comA (IP address)IN (0x0001)

                                                  DNS Answers

                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                  Apr 6, 2021 07:56:32.231045961 CEST8.8.8.8192.168.2.50xc914No error (0)www.yahoo.comnew-fp-shed.wg1.b.yahoo.comCNAME (Canonical name)IN (0x0001)
                                                  Apr 6, 2021 07:56:32.231045961 CEST8.8.8.8192.168.2.50xc914No error (0)new-fp-shed.wg1.b.yahoo.com87.248.100.215A (IP address)IN (0x0001)
                                                  Apr 6, 2021 07:56:32.231045961 CEST8.8.8.8192.168.2.50xc914No error (0)new-fp-shed.wg1.b.yahoo.com87.248.100.216A (IP address)IN (0x0001)
                                                  Apr 6, 2021 07:56:34.075306892 CEST8.8.8.8192.168.2.50x3dc5No error (0)update.youngzsoft.com96.126.108.173A (IP address)IN (0x0001)
                                                  Apr 6, 2021 07:58:12.235265017 CEST8.8.8.8192.168.2.50x65e4No error (0)www.yahoo.comnew-fp-shed.wg1.b.yahoo.comCNAME (Canonical name)IN (0x0001)
                                                  Apr 6, 2021 07:58:12.235265017 CEST8.8.8.8192.168.2.50x65e4No error (0)new-fp-shed.wg1.b.yahoo.com87.248.100.216A (IP address)IN (0x0001)
                                                  Apr 6, 2021 07:58:12.235265017 CEST8.8.8.8192.168.2.50x65e4No error (0)new-fp-shed.wg1.b.yahoo.com87.248.100.215A (IP address)IN (0x0001)

                                                  HTTP Request Dependency Graph

                                                  • update.youngzsoft.com

                                                  HTTP Packets

                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                  0192.168.2.54972296.126.108.17380C:\CCProxy\CCProxy.exe
                                                  TimestampkBytes transferredDirectionData
                                                  Apr 6, 2021 07:56:34.224473953 CEST1367OUTGET /updatesystem/update.php?Upgrade&Silent&CheckUpdate&ProductName=CCProxy&ReleaseTime=2016-07-22+09%3A57%3A12&MachineID=90cf1f244918b5ca&License= HTTP/1.1
                                                  Cache-Control: no-cache
                                                  Connection: Keep-Alive
                                                  Pragma: no-cache
                                                  Host: update.youngzsoft.com
                                                  Apr 6, 2021 07:56:34.352200985 CEST1368INHTTP/1.1 200 OK
                                                  Server: nginx/1.16.1
                                                  Date: Tue, 06 Apr 2021 05:56:34 GMT
                                                  Content-Type: text/html
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  X-Powered-By: PHP/5.3.3
                                                  Data Raw: 31 37 32 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 20 0d 0a 20 3c 59 7a 55 70 64 61 74 65 3e 0d 0a 09 3c 43 6f 6e 66 69 67 3e 0d 0a 09 09 3c 43 6f 6e 66 69 67 3e 0d 0a 09 09 09 3c 69 64 20 76 61 6c 75 65 3d 22 31 22 20 2f 3e 0d 0a 09 09 09 3c 55 70 64 61 74 65 56 65 72 73 69 6f 6e 20 76 61 6c 75 65 3d 22 31 2e 30 22 20 2f 3e 0d 0a 09 09 09 3c 50 72 6f 64 75 63 74 4e 61 6d 65 20 76 61 6c 75 65 3d 22 43 43 50 72 6f 78 79 22 20 2f 3e 0d 0a 09 09 09 3c 55 70 64 61 74 65 20 76 61 6c 75 65 3d 22 59 65 73 22 20 2f 3e 0d 0a 09 09 09 3c 55 72 6c 20 76 61 6c 75 65 3d 22 68 74 74 70 3a 2f 2f 75 70 64 61 74 65 2e 79 6f 75 6e 67 7a 73 6f 66 74 2e 63 6f 6d 2f 63 63 70 72 6f 78 79 2f 75 70 64 61 74 65 2f 63 63 70 72 6f 78 79 73 65 74 75 70 32 30 31 38 30 39 31 34 2e 65 78 65 22 20 2f 3e 0d 0a 09 09 09 3c 53 69 6c 65 6e 74 20 76 61 6c 75 65 3d 22 4e 6f 22 20 2f 3e 0d 0a 09 09 09 3c 49 6e 66 6f 20 76 61 6c 75 65 3d 22 22 20 2f 3e 0d 0a 09 09 3c 2f 43 6f 6e 66 69 67 3e 0d 0a 09 3c 2f 43 6f 6e 66 69 67 3e 0d 0a 20 3c 2f 59 7a 55 70 64 61 74 65 3e 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 172<?xml version="1.0" encoding="utf-8" ?> <YzUpdate><Config><Config><id value="1" /><UpdateVersion value="1.0" /><ProductName value="CCProxy" /><Update value="Yes" /><Url value="http://update.youngzsoft.com/ccproxy/update/ccproxysetup20180914.exe" /><Silent value="No" /><Info value="" /></Config></Config> </YzUpdate>0


                                                  Code Manipulations

                                                  Statistics

                                                  CPU Usage

                                                  Click to jump to process

                                                  Memory Usage

                                                  Click to jump to process

                                                  High Level Behavior Distribution

                                                  Click to dive into process behavior distribution

                                                  Behavior

                                                  Click to jump to process

                                                  System Behavior

                                                  Analysis Process: ccproxysetup-free.exe PID: 6048 Parent PID: 5696

                                                  General

                                                  Start time:07:56:04
                                                  Start date:06/04/2021
                                                  Path:C:\Users\user\Desktop\ccproxysetup-free.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:'C:\Users\user\Desktop\ccproxysetup-free.exe'
                                                  Imagebase:0x400000
                                                  File size:1093328 bytes
                                                  MD5 hash:3D07BE760CD5756D6CA67BD0096FE8D2
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:low

                                                  Chronological Activities

                                                  Analysis Process: ccproxysetup-free.tmp PID: 2872 Parent PID: 6048

                                                  General

                                                  Start time:07:56:05
                                                  Start date:06/04/2021
                                                  Path:C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmp
                                                  Wow64 process (32bit):true
                                                  Commandline:'C:\Users\user\AppData\Local\Temp\is-VDPTE.tmp\ccproxysetup-free.tmp' /SL5='$110082,836261,56832,C:\Users\user\Desktop\ccproxysetup-free.exe'
                                                  Imagebase:0x400000
                                                  File size:714608 bytes
                                                  MD5 hash:661296AFBB73CA68432EDE7C26FC0108
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Antivirus matches:
                                                  • Detection: 2%, Metadefender, Browse
                                                  • Detection: 3%, ReversingLabs
                                                  Reputation:low

                                                  Chronological Activities

                                                  Analysis Process: CCProxy.exe PID: 6396 Parent PID: 2872

                                                  General

                                                  Start time:07:56:29
                                                  Start date:06/04/2021
                                                  Path:C:\CCProxy\CCProxy.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:C:\CCProxy\CCProxy.exe
                                                  Imagebase:0x400000
                                                  File size:2624880 bytes
                                                  MD5 hash:3E0C02558BDF66E0A14F463013BB0F26
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:low

                                                  Chronological Activities

                                                  Analysis Process: SpeechRuntime.exe PID: 6780 Parent PID: 792

                                                  General

                                                  Start time:07:56:31
                                                  Start date:06/04/2021
                                                  Path:C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe -Embedding
                                                  Imagebase:0x7ff67e340000
                                                  File size:223744 bytes
                                                  MD5 hash:91858001E25FE5FF6E1C650BB4F24AB0
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:moderate

                                                  Chronological Activities

                                                  Analysis Process: CCProxy.exe PID: 6792 Parent PID: 6396

                                                  General

                                                  Start time:07:56:32
                                                  Start date:06/04/2021
                                                  Path:C:\CCProxy\CCProxy.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:C:\CCProxy\CCProxy.exe -Upgrade '-UpdateUrl=http%3A%2F%2Fupdate.youngzsoft.com%2Fupdatesystem%2Fupdate.php' '-Silent' '-CheckUpdate' '-ProductName=CCProxy' '-ReleaseTime=2016-07-22+09%3A57%3A12' '-MachineID=90cf1f244918b5ca' '-License='
                                                  Imagebase:0x400000
                                                  File size:2624880 bytes
                                                  MD5 hash:3E0C02558BDF66E0A14F463013BB0F26
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:low

                                                  Chronological Activities

                                                  Disassembly

                                                  Code Analysis

                                                  Reset < >

                                                    Analysis Process: ccproxysetup-free.exe PID: 6048 Parent PID: 5696 ccproxysetup-free.exeCOMMON

                                                    Execution Graph

                                                    Execution Coverage:24.1%
                                                    Dynamic/Decrypted Code Coverage:0%
                                                    Signature Coverage:2.4%
                                                    Total number of Nodes:1485
                                                    Total number of Limit Nodes:35

                                                    Graph

                                                    execution_graph 5175 407548 5176 407554 CloseHandle 5175->5176 5177 40755d 5175->5177 5176->5177 6662 402b48 RaiseException 5178 407749 5179 4076dc WriteFile 5178->5179 5188 407724 5178->5188 5180 4076e8 5179->5180 5181 4076ef 5179->5181 5182 40748c 21 API calls 5180->5182 5183 407700 5181->5183 5184 4073ec 20 API calls 5181->5184 5182->5181 5184->5183 5185 4077e0 5186 4078db InterlockedExchange 5185->5186 5189 407890 5185->5189 5187 4078e7 5186->5187 5188->5178 5188->5185 6663 40294a 6664 402952 6663->6664 6665 402967 6664->6665 6666 403554 4 API calls 6664->6666 6666->6664 6667 403f4a 6668 403f53 6667->6668 6669 403f5c 6667->6669 6670 403f07 4 API calls 6668->6670 6670->6669 5201 40ac4f 5202 40abc1 5201->5202 5205 40abed 5202->5205 5213 4094d8 5202->5213 5204 40ac06 5206 40ac1a 5204->5206 5207 40ac0f DestroyWindow 5204->5207 5205->5204 5208 40ac00 RemoveDirectoryA 5205->5208 5209 40ac42 5206->5209 5221 40357c 5206->5221 5207->5206 5208->5204 5211 40ac38 5212 4025ac 4 API calls 5211->5212 5212->5209 5214 409532 5213->5214 5218 4094eb 5213->5218 5214->5205 5215 4094f3 Sleep 5215->5218 5216 409503 Sleep 5216->5218 5218->5214 5218->5215 5218->5216 5219 40951a GetLastError 5218->5219 5234 408fbc 5218->5234 5219->5214 5220 409524 GetLastError 5219->5220 5220->5214 5220->5218 5224 403591 5221->5224 5230 4035a0 5221->5230 5222 4035b1 5225 403198 4 API calls 5222->5225 5223 4035b8 5226 4031b8 4 API calls 5223->5226 5227 4035d0 5224->5227 5228 40359b 5224->5228 5229 4035b6 5224->5229 5225->5229 5226->5229 5227->5229 5232 40357c 4 API calls 5227->5232 5228->5230 5231 4035ec 5228->5231 5229->5211 5230->5222 5230->5223 5231->5229 5251 403554 5231->5251 5232->5227 5242 408f70 5234->5242 5236 408fd2 5237 408fd6 5236->5237 5238 408ff2 DeleteFileA GetLastError 5236->5238 5237->5218 5239 409010 5238->5239 5248 408fac 5239->5248 5243 408f7a 5242->5243 5244 408f7e 5242->5244 5243->5236 5245 408fa0 SetLastError 5244->5245 5246 408f87 Wow64DisableWow64FsRedirection 5244->5246 5247 408f9b 5245->5247 5246->5247 5247->5236 5249 408fb1 Wow64RevertWow64FsRedirection 5248->5249 5250 408fbb 5248->5250 5249->5250 5250->5218 5252 403566 5251->5252 5254 403578 5252->5254 5255 403604 5252->5255 5254->5231 5256 40357c 5255->5256 5257 4035a0 5256->5257 5260 4035b6 5256->5260 5263 4035d0 5256->5263 5264 40359b 5256->5264 5258 4035b1 5257->5258 5259 4035b8 5257->5259 5261 403198 4 API calls 5258->5261 5262 4031b8 4 API calls 5259->5262 5260->5252 5261->5260 5262->5260 5263->5260 5266 40357c 4 API calls 5263->5266 5264->5257 5265 4035ec 5264->5265 5265->5260 5267 403554 4 API calls 5265->5267 5266->5263 5267->5265 6288 403a52 6289 403a5a WriteFile 6288->6289 6291 403a74 6288->6291 6290 403a78 GetLastError 6289->6290 6289->6291 6290->6291 6292 402654 6293 403154 4 API calls 6292->6293 6294 402614 6293->6294 6295 402632 6294->6295 6296 403154 4 API calls 6294->6296 6296->6295 6297 40ac56 6298 40ac5d 6297->6298 6300 40ac88 6297->6300 6307 409448 6298->6307 6302 403198 4 API calls 6300->6302 6301 40ac62 6301->6300 6304 40ac80 MessageBoxA 6301->6304 6303 40acc0 6302->6303 6305 403198 4 API calls 6303->6305 6304->6300 6306 40acc8 6305->6306 6308 409454 GetCurrentProcess OpenProcessToken 6307->6308 6309 4094af ExitWindowsEx 6307->6309 6310 409466 6308->6310 6311 40946a LookupPrivilegeValueA AdjustTokenPrivileges GetLastError 6308->6311 6309->6310 6310->6301 6311->6309 6311->6310 6679 40995e 6681 409960 6679->6681 6680 409982 6681->6680 6682 40999e CallWindowProcA 6681->6682 6682->6680 6683 409960 6684 409982 6683->6684 6686 40996f 6683->6686 6685 40999e CallWindowProcA 6685->6684 6686->6684 6686->6685 6687 405160 6688 405173 6687->6688 6689 404e58 19 API calls 6688->6689 6690 405187 6689->6690 6312 402e64 6313 402e69 6312->6313 6314 402e7a RtlUnwind 6313->6314 6315 402e5e 6313->6315 6316 402e9d 6314->6316 5190 40766c SetFilePointer 5191 4076a3 5190->5191 5192 407693 GetLastError 5190->5192 5192->5191 5193 40769c 5192->5193 5194 40748c 21 API calls 5193->5194 5194->5191 6329 40667c IsDBCSLeadByte 6330 406694 6329->6330 6703 403f7d 6705 403fa2 6703->6705 6707 403f84 6703->6707 6704 403f8c 6706 403e8e 4 API calls 6705->6706 6705->6707 6706->6707 6707->6704 6708 402674 4 API calls 6707->6708 6709 403fca 6708->6709 4912 403d02 4918 403d12 4912->4918 4913 403ddf ExitProcess 4914 403db8 4928 403cc8 4914->4928 4916 403dea 4918->4913 4918->4914 4918->4916 4918->4918 4922 403da4 4918->4922 4923 403d8f MessageBoxA 4918->4923 4919 403cc8 4 API calls 4920 403dcc 4919->4920 4932 4019dc 4920->4932 4944 403fe4 4922->4944 4923->4914 4924 403dd1 4924->4913 4924->4916 4929 403cd6 4928->4929 4931 403ceb 4929->4931 4948 402674 4929->4948 4931->4919 4933 401abb 4932->4933 4934 4019ed 4932->4934 4933->4924 4935 401a04 RtlEnterCriticalSection 4934->4935 4936 401a0e LocalFree 4934->4936 4935->4936 4937 401a41 4936->4937 4938 401a2f VirtualFree 4937->4938 4939 401a49 4937->4939 4938->4937 4940 401a70 LocalFree 4939->4940 4941 401a87 4939->4941 4940->4940 4940->4941 4942 401aa9 RtlDeleteCriticalSection 4941->4942 4943 401a9f RtlLeaveCriticalSection 4941->4943 4942->4924 4943->4942 4945 403fe8 4944->4945 4964 403f07 4945->4964 4947 404006 4951 403154 4948->4951 4950 40267a 4950->4931 4952 403164 4951->4952 4953 40318c TlsGetValue 4951->4953 4952->4950 4954 403196 4953->4954 4955 40316f 4953->4955 4954->4950 4959 40310c 4955->4959 4957 403174 TlsGetValue 4958 403184 4957->4958 4958->4950 4960 403120 LocalAlloc 4959->4960 4961 403116 4959->4961 4962 40313e TlsSetValue 4960->4962 4963 403132 4960->4963 4961->4960 4962->4963 4963->4957 4967 403f09 4964->4967 4965 403f3c 4965->4947 4968 403154 4 API calls 4967->4968 4970 403e9c 4967->4970 4974 403f3d 4967->4974 4987 403e9c 4967->4987 4968->4967 4969 403ef2 4973 402674 4 API calls 4969->4973 4970->4965 4970->4969 4976 403ea9 4970->4976 4978 403e8e 4970->4978 4971 403ecf 4971->4947 4973->4971 4974->4947 4976->4971 4977 402674 4 API calls 4976->4977 4977->4971 4979 403e4c 4978->4979 4980 403e62 4979->4980 4981 403e7b 4979->4981 4984 403e67 4979->4984 4982 403cc8 4 API calls 4980->4982 4983 402674 4 API calls 4981->4983 4982->4984 4985 403e78 4983->4985 4984->4985 4986 402674 4 API calls 4984->4986 4985->4969 4985->4976 4986->4985 4988 403ed7 4987->4988 4994 403ea9 4987->4994 4989 403ef2 4988->4989 4991 403e8e 4 API calls 4988->4991 4992 402674 4 API calls 4989->4992 4990 403ecf 4990->4967 4993 403ee6 4991->4993 4992->4990 4993->4989 4993->4994 4994->4990 4995 402674 4 API calls 4994->4995 4995->4990 6335 402c08 6336 402c82 6335->6336 6339 402c19 6335->6339 6337 402c56 RtlUnwind 6338 403154 4 API calls 6337->6338 6338->6336 6339->6336 6339->6337 6342 402b28 6339->6342 6343 402b31 RaiseException 6342->6343 6344 402b47 6342->6344 6343->6344 6344->6337 6345 408c10 6346 408c17 6345->6346 6347 403198 4 API calls 6346->6347 6355 408cb1 6347->6355 6348 408cdc 6349 4031b8 4 API calls 6348->6349 6350 408d69 6349->6350 6351 408cc8 6353 4032fc 4 API calls 6351->6353 6352 403278 4 API calls 6352->6355 6353->6348 6354 4032fc LocalAlloc TlsSetValue TlsGetValue TlsGetValue 6354->6355 6355->6348 6355->6351 6355->6352 6355->6354 6360 40a814 6361 40a839 6360->6361 6362 40993c 15 API calls 6361->6362 6365 40a83e 6362->6365 6363 40a891 6394 4026c4 GetSystemTime 6363->6394 6365->6363 6368 408dd8 4 API calls 6365->6368 6366 40a896 6367 409330 32 API calls 6366->6367 6369 40a89e 6367->6369 6370 40a86d 6368->6370 6371 4031e8 4 API calls 6369->6371 6374 40a875 MessageBoxA 6370->6374 6372 40a8ab 6371->6372 6373 406928 5 API calls 6372->6373 6375 40a8b8 6373->6375 6374->6363 6376 40a882 6374->6376 6377 4066c0 5 API calls 6375->6377 6378 405864 5 API calls 6376->6378 6379 40a8c8 6377->6379 6378->6363 6380 406638 5 API calls 6379->6380 6381 40a8d9 6380->6381 6382 403340 4 API calls 6381->6382 6383 40a8e7 6382->6383 6384 4031e8 4 API calls 6383->6384 6385 40a8f7 6384->6385 6386 4074e0 23 API calls 6385->6386 6387 40a936 6386->6387 6388 402594 4 API calls 6387->6388 6389 40a956 6388->6389 6390 407a28 5 API calls 6389->6390 6391 40a998 6390->6391 6392 407cb8 21 API calls 6391->6392 6393 40a9bf 6392->6393 6394->6366 6039 407017 6040 407008 SetErrorMode 6039->6040 6395 403018 6396 403070 6395->6396 6397 403025 6395->6397 6398 40302a RtlUnwind 6397->6398 6399 40304e 6398->6399 6401 402f78 6399->6401 6402 402be8 6399->6402 6403 402bf1 RaiseException 6402->6403 6404 402c04 6402->6404 6403->6404 6404->6396 6409 40901e 6410 409010 6409->6410 6411 408fac Wow64RevertWow64FsRedirection 6410->6411 6412 409018 6411->6412 6413 409020 SetLastError 6414 409029 6413->6414 6429 403a28 ReadFile 6430 403a46 6429->6430 6431 403a49 GetLastError 6429->6431 5195 40762c ReadFile 5196 407663 5195->5196 5197 40764c 5195->5197 5198 407652 GetLastError 5197->5198 5199 40765c 5197->5199 5198->5196 5198->5199 5200 40748c 21 API calls 5199->5200 5200->5196 6720 40712e 6721 407118 6720->6721 6722 403198 4 API calls 6721->6722 6723 407120 6722->6723 6724 403198 4 API calls 6723->6724 6725 407128 6724->6725 5268 40a82f 5305 409ae8 5268->5305 5270 40a834 5271 40a839 5270->5271 5395 402f24 5270->5395 5312 40993c 5271->5312 5274 40a891 5317 4026c4 GetSystemTime 5274->5317 5276 40a83e 5276->5274 5400 408dd8 5276->5400 5277 40a896 5318 409330 5277->5318 5281 40a86d 5285 40a875 MessageBoxA 5281->5285 5282 4031e8 4 API calls 5283 40a8ab 5282->5283 5336 406928 5283->5336 5285->5274 5287 40a882 5285->5287 5403 405864 5287->5403 5292 40a8d9 5363 403340 5292->5363 5294 40a8e7 5295 4031e8 4 API calls 5294->5295 5296 40a8f7 5295->5296 5378 4074e0 5296->5378 5299 402594 4 API calls 5300 40a956 5299->5300 5385 407a28 5300->5385 5302 40a998 5407 407cb8 5302->5407 5304 40a9bf 5306 409af1 5305->5306 5307 409b09 5305->5307 5308 405890 4 API calls 5306->5308 5309 405890 4 API calls 5307->5309 5310 409b03 5308->5310 5311 409b1a 5309->5311 5310->5270 5311->5270 5413 40953c 5312->5413 5317->5277 5330 409350 5318->5330 5321 409375 CreateDirectoryA 5322 4093ed 5321->5322 5323 40937f GetLastError 5321->5323 5324 40322c 4 API calls 5322->5324 5323->5330 5325 4093f7 5324->5325 5327 4031b8 4 API calls 5325->5327 5326 408dd8 4 API calls 5326->5330 5329 409411 5327->5329 5331 4031b8 4 API calls 5329->5331 5330->5321 5330->5326 5332 407284 5 API calls 5330->5332 5335 405890 4 API calls 5330->5335 5533 406cf4 5330->5533 5556 409224 5330->5556 5575 404c94 5330->5575 5578 408da8 5330->5578 5333 40941e 5331->5333 5332->5330 5333->5282 5335->5330 5687 406820 5336->5687 5339 403454 4 API calls 5340 40694a 5339->5340 5341 4066c0 5340->5341 5692 4068e4 5341->5692 5344 4066f0 5347 403340 4 API calls 5344->5347 5345 4066fe 5346 403454 4 API calls 5345->5346 5348 406711 5346->5348 5350 4066fc 5347->5350 5349 403340 4 API calls 5348->5349 5349->5350 5351 403198 4 API calls 5350->5351 5352 406733 5351->5352 5353 406638 5352->5353 5354 406642 5353->5354 5355 406665 5353->5355 5698 406950 5354->5698 5357 40322c 4 API calls 5355->5357 5359 40666e 5357->5359 5358 406649 5358->5355 5360 406654 5358->5360 5359->5292 5361 403340 4 API calls 5360->5361 5362 406662 5361->5362 5362->5292 5364 403344 5363->5364 5366 4033a5 5363->5366 5365 40334c 5364->5365 5367 4031e8 5364->5367 5365->5366 5368 40335b 5365->5368 5371 4031e8 4 API calls 5365->5371 5370 403254 4 API calls 5367->5370 5373 4031fc 5367->5373 5372 403254 4 API calls 5368->5372 5369 403228 5369->5294 5370->5373 5371->5368 5375 403375 5372->5375 5373->5369 5374 4025ac 4 API calls 5373->5374 5374->5369 5376 4031e8 4 API calls 5375->5376 5377 4033a1 5376->5377 5377->5294 5379 4074ea 5378->5379 5704 407576 5379->5704 5707 407578 5379->5707 5380 407516 5381 40752a 5380->5381 5382 40748c 21 API calls 5380->5382 5381->5299 5382->5381 5386 407a35 5385->5386 5387 405890 4 API calls 5386->5387 5388 407a89 5386->5388 5387->5388 5389 407918 InterlockedExchange 5388->5389 5390 407a9b 5389->5390 5391 405890 4 API calls 5390->5391 5392 407ab1 5390->5392 5391->5392 5393 407af4 5392->5393 5394 405890 4 API calls 5392->5394 5393->5302 5394->5393 5396 403154 4 API calls 5395->5396 5397 402f29 5396->5397 5710 402bcc 5397->5710 5399 402f51 5399->5399 5401 408da8 4 API calls 5400->5401 5402 408df4 5401->5402 5402->5281 5404 405869 5403->5404 5405 405940 5 API calls 5404->5405 5406 40587b 5405->5406 5406->5406 5408 407cd3 5407->5408 5410 407cc8 5407->5410 5713 407c5c 5408->5713 5410->5304 5412 405890 4 API calls 5412->5410 5420 40955b 5413->5420 5414 409590 5416 40959d GetUserDefaultLangID 5414->5416 5421 409592 5414->5421 5415 409594 5431 407024 GetModuleHandleA GetProcAddress 5415->5431 5416->5421 5419 40956f 5425 4098cc 5419->5425 5420->5414 5420->5415 5420->5419 5421->5419 5422 4095cb GetACP 5421->5422 5423 4095ef 5421->5423 5422->5419 5422->5421 5423->5419 5424 409615 GetACP 5423->5424 5424->5419 5424->5423 5426 40990e 5425->5426 5427 4098d4 5425->5427 5426->5276 5427->5426 5428 403420 4 API calls 5427->5428 5429 409908 5428->5429 5510 408e80 5429->5510 5432 407067 5431->5432 5433 40705e 5431->5433 5434 407070 5432->5434 5435 4070a8 5432->5435 5442 403198 4 API calls 5433->5442 5452 406f68 5434->5452 5436 406f68 RegOpenKeyExA 5435->5436 5440 4070c1 5436->5440 5438 407089 5439 4070de 5438->5439 5455 406f5c 5438->5455 5458 40322c 5439->5458 5440->5439 5443 406f5c 6 API calls 5440->5443 5446 407120 5442->5446 5447 4070d5 RegCloseKey 5443->5447 5449 403198 4 API calls 5446->5449 5447->5439 5451 407128 5449->5451 5451->5421 5453 406f73 5452->5453 5454 406f79 RegOpenKeyExA 5452->5454 5453->5454 5454->5438 5476 406e10 5455->5476 5459 403230 5458->5459 5460 403252 5459->5460 5461 4025ac 4 API calls 5459->5461 5462 4032fc 5460->5462 5461->5460 5463 403300 5462->5463 5464 40333f 5462->5464 5465 4031e8 5463->5465 5466 40330a 5463->5466 5464->5433 5472 403254 4 API calls 5465->5472 5473 4031fc 5465->5473 5467 403334 5466->5467 5468 40331d 5466->5468 5469 4034f0 4 API calls 5467->5469 5471 4034f0 4 API calls 5468->5471 5475 403322 5469->5475 5470 403228 5470->5433 5471->5475 5472->5473 5473->5470 5474 4025ac 4 API calls 5473->5474 5474->5470 5475->5433 5477 406e36 RegQueryValueExA 5476->5477 5478 406e59 5477->5478 5484 406e7b 5477->5484 5479 406e73 5478->5479 5483 403278 4 API calls 5478->5483 5478->5484 5493 403420 5478->5493 5481 403198 4 API calls 5479->5481 5480 403198 4 API calls 5482 406f47 RegCloseKey 5480->5482 5481->5484 5482->5439 5483->5478 5484->5480 5486 406eb0 RegQueryValueExA 5486->5477 5487 406ecc 5486->5487 5487->5484 5497 4034f0 5487->5497 5490 406f20 5491 4031e8 4 API calls 5490->5491 5491->5484 5492 403420 4 API calls 5492->5490 5494 403426 5493->5494 5496 403437 5493->5496 5495 403254 4 API calls 5494->5495 5494->5496 5495->5496 5496->5486 5498 4034fd 5497->5498 5505 40352d 5497->5505 5500 403526 5498->5500 5503 403509 5498->5503 5499 403198 4 API calls 5502 403517 5499->5502 5501 403254 4 API calls 5500->5501 5501->5505 5502->5490 5502->5492 5506 4025c4 5503->5506 5505->5499 5507 4025ca 5506->5507 5508 4025dc 5507->5508 5509 403154 4 API calls 5507->5509 5508->5502 5508->5508 5509->5508 5511 408e8e 5510->5511 5514 408ea6 5511->5514 5523 408e18 5511->5523 5513 408e18 4 API calls 5515 408eca 5513->5515 5514->5513 5514->5515 5526 407918 5515->5526 5518 408e18 4 API calls 5520 408ef8 5518->5520 5519 408e18 4 API calls 5519->5520 5520->5519 5521 403278 4 API calls 5520->5521 5522 408f27 5520->5522 5521->5520 5522->5426 5524 405890 4 API calls 5523->5524 5525 408e29 5524->5525 5525->5514 5529 4078c4 5526->5529 5530 4078d6 5529->5530 5531 4078e7 5529->5531 5532 4078db InterlockedExchange 5530->5532 5531->5518 5531->5520 5532->5531 5582 406a58 5533->5582 5537 406a58 5 API calls 5539 406d36 5537->5539 5538 406d26 5538->5537 5540 406d72 5538->5540 5541 406d42 5539->5541 5543 406a34 7 API calls 5539->5543 5590 406888 5540->5590 5541->5540 5544 406d67 5541->5544 5547 406a58 5 API calls 5541->5547 5543->5541 5544->5540 5602 406cc8 GetWindowsDirectoryA 5544->5602 5549 406d5b 5547->5549 5548 406638 5 API calls 5550 406d87 5548->5550 5549->5544 5551 406a34 7 API calls 5549->5551 5552 40322c 4 API calls 5550->5552 5551->5544 5553 406d91 5552->5553 5554 4031b8 4 API calls 5553->5554 5555 406dab 5554->5555 5555->5330 5557 409244 5556->5557 5558 406638 5 API calls 5557->5558 5559 40925d 5558->5559 5560 40322c 4 API calls 5559->5560 5561 409268 5560->5561 5562 406978 6 API calls 5561->5562 5564 408dd8 4 API calls 5561->5564 5567 405890 4 API calls 5561->5567 5568 4092e4 5561->5568 5644 4091b0 5561->5644 5652 4033b4 5561->5652 5658 409034 5561->5658 5562->5561 5564->5561 5567->5561 5569 40322c 4 API calls 5568->5569 5570 4092ef 5569->5570 5571 4031b8 4 API calls 5570->5571 5572 409309 5571->5572 5573 403198 4 API calls 5572->5573 5574 409311 5573->5574 5574->5330 5576 4051a8 19 API calls 5575->5576 5577 404cb2 5576->5577 5577->5330 5579 408dc8 5578->5579 5677 408c80 5579->5677 5583 4034f0 4 API calls 5582->5583 5584 406a6b 5583->5584 5585 406a82 GetEnvironmentVariableA 5584->5585 5589 406a95 5584->5589 5604 406dec 5584->5604 5585->5584 5586 406a8e 5585->5586 5587 403198 4 API calls 5586->5587 5587->5589 5589->5538 5599 406a34 5589->5599 5608 403414 5590->5608 5593 4068b7 5594 4068ce 5593->5594 5595 4068bf 5593->5595 5596 40322c 4 API calls 5594->5596 5597 403278 4 API calls 5595->5597 5598 4068cc 5596->5598 5597->5598 5598->5548 5610 4069dc 5599->5610 5603 406ce9 5602->5603 5603->5540 5605 406dfa 5604->5605 5606 4034f0 4 API calls 5605->5606 5607 406e08 5606->5607 5607->5584 5609 403418 GetFullPathNameA 5608->5609 5609->5593 5609->5594 5617 406978 5610->5617 5612 4069fe 5613 406a06 GetFileAttributesA 5612->5613 5614 406a1b 5613->5614 5615 403198 4 API calls 5614->5615 5616 406a23 5615->5616 5616->5538 5627 406744 5617->5627 5619 4069b0 5622 4069c6 5619->5622 5623 4069bb 5619->5623 5621 406989 5621->5619 5634 406970 CharPrevA 5621->5634 5635 403454 5622->5635 5624 40322c 4 API calls 5623->5624 5626 4069c4 5624->5626 5626->5612 5631 406755 5627->5631 5628 4067b9 5629 406680 IsDBCSLeadByte 5628->5629 5630 4067b4 5628->5630 5629->5630 5630->5621 5631->5628 5633 406773 5631->5633 5633->5630 5642 406680 IsDBCSLeadByte 5633->5642 5634->5621 5636 403486 5635->5636 5637 403459 5635->5637 5638 403198 4 API calls 5636->5638 5637->5636 5640 40346d 5637->5640 5639 40347c 5638->5639 5639->5626 5641 403278 4 API calls 5640->5641 5641->5639 5643 406694 5642->5643 5643->5633 5645 403198 4 API calls 5644->5645 5648 4091d1 5645->5648 5649 4091fe 5648->5649 5667 4032a8 5648->5667 5670 403494 5648->5670 5650 403198 4 API calls 5649->5650 5651 409213 5650->5651 5651->5561 5653 4033bc 5652->5653 5654 403254 4 API calls 5653->5654 5655 4033cf 5654->5655 5656 4031e8 4 API calls 5655->5656 5657 4033f7 5656->5657 5659 408f70 2 API calls 5658->5659 5660 40904a 5659->5660 5661 40904e 5660->5661 5674 406a48 5660->5674 5661->5561 5664 409081 5665 408fac Wow64RevertWow64FsRedirection 5664->5665 5666 409089 5665->5666 5666->5561 5668 403278 4 API calls 5667->5668 5669 4032b5 5668->5669 5669->5648 5671 403498 5670->5671 5673 4034c3 5670->5673 5672 4034f0 4 API calls 5671->5672 5672->5673 5673->5648 5675 4069dc 7 API calls 5674->5675 5676 406a52 GetLastError 5675->5676 5676->5664 5678 403198 4 API calls 5677->5678 5680 408cb1 5677->5680 5678->5680 5679 4031b8 4 API calls 5681 408d69 5679->5681 5682 408cc8 5680->5682 5683 403278 4 API calls 5680->5683 5685 408cdc 5680->5685 5686 4032fc LocalAlloc TlsSetValue TlsGetValue TlsGetValue 5680->5686 5681->5330 5684 4032fc 4 API calls 5682->5684 5683->5680 5684->5685 5685->5679 5686->5680 5688 406744 IsDBCSLeadByte 5687->5688 5690 406835 5688->5690 5689 40687f 5689->5339 5690->5689 5691 406680 IsDBCSLeadByte 5690->5691 5691->5690 5693 4068f3 5692->5693 5694 406820 IsDBCSLeadByte 5693->5694 5696 4068fe 5694->5696 5695 4066ea 5695->5344 5695->5345 5696->5695 5697 406680 IsDBCSLeadByte 5696->5697 5697->5696 5699 406957 5698->5699 5700 40695b 5698->5700 5699->5358 5703 406970 CharPrevA 5700->5703 5702 40696c 5702->5358 5703->5702 5705 407578 5704->5705 5706 4075b7 CreateFileA 5705->5706 5706->5380 5708 403414 5707->5708 5709 4075b7 CreateFileA 5708->5709 5709->5380 5711 402bd5 RaiseException 5710->5711 5712 402be6 5710->5712 5711->5712 5712->5399 5714 407c70 5713->5714 5715 407caf 5713->5715 5714->5715 5717 407bac 5714->5717 5715->5410 5715->5412 5718 407bb7 5717->5718 5721 407bc8 5717->5721 5720 405890 4 API calls 5718->5720 5720->5721 5729 4074a0 5721->5729 5723 4074a0 20 API calls 5724 407bfd 5723->5724 5725 407918 InterlockedExchange 5724->5725 5726 407c12 5725->5726 5727 407c28 5726->5727 5728 405890 4 API calls 5726->5728 5727->5714 5728->5727 5730 4074b4 5729->5730 5731 4074c4 5730->5731 5732 4073ec 20 API calls 5730->5732 5731->5723 5732->5731 6726 408f30 6729 408dfc 6726->6729 6730 408e05 6729->6730 6731 403198 4 API calls 6730->6731 6732 408e13 6730->6732 6731->6730 6733 403932 6734 403924 6733->6734 6735 40374c VariantClear 6734->6735 6736 40392c 6735->6736 4996 4075c4 SetFilePointer 4997 4075f7 4996->4997 4998 4075e7 GetLastError 4996->4998 4998->4997 4999 4075f0 4998->4999 5001 40748c GetLastError 4999->5001 5004 4073ec 5001->5004 5013 407284 FormatMessageA 5004->5013 5007 407434 5020 405890 5007->5020 5010 407443 5024 403198 5010->5024 5014 4072aa 5013->5014 5028 403278 5014->5028 5017 405194 5043 4051a8 5017->5043 5021 405897 5020->5021 5022 4031e8 4 API calls 5021->5022 5023 4058af 5022->5023 5023->5010 5025 4031b7 5024->5025 5026 40319e 5024->5026 5025->4997 5026->5025 5171 4025ac 5026->5171 5033 403254 5028->5033 5030 403288 5031 403198 4 API calls 5030->5031 5032 4032a0 5031->5032 5032->5007 5032->5017 5034 403274 5033->5034 5035 403258 5033->5035 5034->5030 5038 402594 5035->5038 5039 4025a2 5038->5039 5041 402598 5038->5041 5039->5030 5040 402632 5040->5040 5041->5039 5041->5040 5042 403154 4 API calls 5041->5042 5042->5040 5044 4051c5 5043->5044 5051 404e58 5044->5051 5046 4051f1 5049 403278 4 API calls 5046->5049 5050 4051a3 5049->5050 5050->5007 5054 404e73 5051->5054 5052 404e85 5052->5046 5056 404be4 5052->5056 5054->5052 5059 404f7a 5054->5059 5066 404e4c 5054->5066 5163 405940 5056->5163 5058 404bf5 5058->5046 5060 404f8b 5059->5060 5063 404fd9 5059->5063 5062 40505f 5060->5062 5060->5063 5065 404ff7 5062->5065 5073 404e38 5062->5073 5063->5065 5069 404df4 5063->5069 5065->5054 5067 403198 4 API calls 5066->5067 5068 404e56 5067->5068 5068->5054 5070 404e02 5069->5070 5076 404bfc 5070->5076 5072 404e30 5072->5063 5102 4039a4 5073->5102 5079 4059b0 5076->5079 5078 404c15 5078->5072 5080 4059be 5079->5080 5089 404cdc LoadStringA 5080->5089 5083 405194 19 API calls 5084 4059f6 5083->5084 5092 4031e8 5084->5092 5090 403278 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 5089->5090 5091 404d09 5090->5091 5091->5083 5093 4031ec 5092->5093 5096 4031fc 5092->5096 5095 403254 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 5093->5095 5093->5096 5094 403228 5098 4031b8 5094->5098 5095->5096 5096->5094 5097 4025ac LocalAlloc TlsSetValue TlsGetValue TlsGetValue 5096->5097 5097->5094 5099 4031be 5098->5099 5100 4031e3 5099->5100 5101 4025ac LocalAlloc TlsSetValue TlsGetValue TlsGetValue 5099->5101 5100->5078 5101->5099 5103 4039ab 5102->5103 5108 4038b4 5103->5108 5105 4039cb 5106 403198 4 API calls 5105->5106 5107 4039d2 5106->5107 5107->5065 5109 4038d5 5108->5109 5110 4038c8 5108->5110 5112 403934 5109->5112 5113 4038db 5109->5113 5136 403780 5110->5136 5114 403993 5112->5114 5115 40393b 5112->5115 5116 4038e1 5113->5116 5117 4038ee 5113->5117 5118 4037f4 3 API calls 5114->5118 5119 403941 5115->5119 5120 40394b 5115->5120 5143 403894 5116->5143 5122 403894 6 API calls 5117->5122 5125 4038d0 5118->5125 5158 403864 5119->5158 5124 4037f4 3 API calls 5120->5124 5126 4038fc 5122->5126 5127 40395d 5124->5127 5125->5105 5148 4037f4 5126->5148 5130 403864 9 API calls 5127->5130 5129 403917 5154 40374c 5129->5154 5131 403976 5130->5131 5134 40374c VariantClear 5131->5134 5133 40392c 5133->5105 5135 40398b 5134->5135 5135->5105 5137 4037f0 5136->5137 5138 403744 5136->5138 5137->5125 5138->5136 5139 403793 VariantClear 5138->5139 5140 4037ab 5138->5140 5141 403198 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 5138->5141 5142 4037dc VariantCopyInd 5138->5142 5139->5138 5140->5125 5141->5138 5142->5137 5142->5138 5144 4036b8 MultiByteToWideChar SysAllocStringLen MultiByteToWideChar SysAllocStringLen MultiByteToWideChar 5143->5144 5145 4038a0 5144->5145 5146 40374c VariantClear 5145->5146 5147 4038a9 5146->5147 5147->5125 5149 403845 VariantChangeTypeEx 5148->5149 5150 40380a VariantChangeTypeEx 5148->5150 5153 403832 5149->5153 5151 403826 5150->5151 5152 40374c VariantClear 5151->5152 5152->5153 5153->5129 5155 403766 5154->5155 5156 403759 5154->5156 5155->5133 5156->5155 5157 403779 VariantClear 5156->5157 5157->5133 5159 40369c 8 API calls 5158->5159 5160 40387b 5159->5160 5161 40374c VariantClear 5160->5161 5162 403882 5161->5162 5162->5125 5164 40594c 5163->5164 5165 404cdc 5 API calls 5164->5165 5166 405972 5165->5166 5167 4031e8 4 API calls 5166->5167 5168 40597d 5167->5168 5169 403198 4 API calls 5168->5169 5170 405992 5169->5170 5170->5058 5172 4025ba 5171->5172 5173 4025b0 5171->5173 5172->5025 5172->5172 5173->5172 5174 403154 4 API calls 5173->5174 5174->5172 6440 4076c8 WriteFile 6441 4076e8 6440->6441 6442 4076ef 6440->6442 6443 40748c 21 API calls 6441->6443 6444 407700 6442->6444 6445 4073ec 20 API calls 6442->6445 6443->6442 6445->6444 6446 402ccc 6449 402cfe 6446->6449 6450 402cdd 6446->6450 6447 402d88 RtlUnwind 6448 403154 4 API calls 6447->6448 6448->6449 6450->6447 6450->6449 6451 402b28 RaiseException 6450->6451 6452 402d7f 6451->6452 6452->6447 6745 403fcd 6746 403f07 4 API calls 6745->6746 6747 403fd6 6746->6747 6748 403e9c 4 API calls 6747->6748 6749 403fe2 6748->6749 5733 4024d0 5734 4024e4 5733->5734 5735 4024f7 5733->5735 5772 401918 RtlInitializeCriticalSection 5734->5772 5736 402518 5735->5736 5737 40250e RtlEnterCriticalSection 5735->5737 5749 402300 5736->5749 5737->5736 5741 4024ed 5742 402525 5745 402581 5742->5745 5746 402577 RtlLeaveCriticalSection 5742->5746 5746->5745 5747 402531 5747->5742 5779 40215c 5747->5779 5750 402314 5749->5750 5751 402335 5750->5751 5753 4023b8 5750->5753 5752 402344 5751->5752 5793 401b74 5751->5793 5752->5742 5759 401fd4 5752->5759 5753->5752 5757 402455 5753->5757 5796 401d80 5753->5796 5804 401e84 5753->5804 5757->5752 5800 401d00 5757->5800 5760 401fe8 5759->5760 5761 401ffb 5759->5761 5762 401918 4 API calls 5760->5762 5763 402012 RtlEnterCriticalSection 5761->5763 5766 40201c 5761->5766 5764 401fed 5762->5764 5763->5766 5764->5761 5765 401ff1 5764->5765 5768 402052 5765->5768 5766->5768 5886 401ee0 5766->5886 5768->5747 5770 402147 5770->5747 5771 40213d RtlLeaveCriticalSection 5771->5770 5773 40193c RtlEnterCriticalSection 5772->5773 5774 401946 5772->5774 5773->5774 5775 401964 LocalAlloc 5774->5775 5776 40197e 5775->5776 5777 4019c3 RtlLeaveCriticalSection 5776->5777 5778 4019cd 5776->5778 5777->5778 5778->5735 5778->5741 5780 40217a 5779->5780 5781 402175 5779->5781 5783 4021ab RtlEnterCriticalSection 5780->5783 5784 40217e 5780->5784 5791 4021b5 5780->5791 5782 401918 4 API calls 5781->5782 5782->5780 5783->5791 5784->5742 5785 4021c1 5787 4022e3 RtlLeaveCriticalSection 5785->5787 5788 4022ed 5785->5788 5786 402244 5786->5784 5789 401d80 7 API calls 5786->5789 5787->5788 5788->5742 5789->5784 5790 402270 5790->5785 5792 401d00 7 API calls 5790->5792 5791->5785 5791->5786 5791->5790 5792->5785 5794 40215c 9 API calls 5793->5794 5795 401b95 5794->5795 5795->5752 5797 401d89 5796->5797 5799 401d92 5796->5799 5798 401b74 9 API calls 5797->5798 5797->5799 5798->5799 5799->5753 5801 401d4e 5800->5801 5802 401d1e 5800->5802 5801->5802 5809 401c68 5801->5809 5802->5752 5864 401768 5804->5864 5806 401e99 5807 401ea6 5806->5807 5875 401dcc 5806->5875 5807->5753 5810 401c7a 5809->5810 5811 401c9d 5810->5811 5812 401caf 5810->5812 5822 40188c 5811->5822 5814 40188c 3 API calls 5812->5814 5815 401cad 5814->5815 5821 401cc5 5815->5821 5832 401b44 5815->5832 5817 401cd4 5818 401cee 5817->5818 5837 401b98 5817->5837 5842 4013a0 5818->5842 5821->5802 5823 4018b2 5822->5823 5831 40190b 5822->5831 5846 401658 5823->5846 5829 4018e6 5830 4013a0 LocalAlloc 5829->5830 5829->5831 5830->5831 5831->5815 5833 401b52 5832->5833 5834 401b61 5832->5834 5835 401d00 9 API calls 5833->5835 5834->5817 5836 401b5f 5835->5836 5836->5817 5838 401bab 5837->5838 5839 401b9d 5837->5839 5838->5818 5840 401b74 9 API calls 5839->5840 5841 401baa 5840->5841 5841->5818 5844 4013ab 5842->5844 5843 4013c6 5843->5821 5844->5843 5845 4012e4 LocalAlloc 5844->5845 5845->5843 5847 40168f 5846->5847 5848 4016cf 5847->5848 5849 4016a9 VirtualFree 5847->5849 5850 40132c 5848->5850 5849->5847 5851 401348 5850->5851 5858 4012e4 5851->5858 5854 40150c 5857 40153b 5854->5857 5855 401594 5855->5829 5856 401568 VirtualFree 5856->5857 5857->5855 5857->5856 5861 40128c 5858->5861 5862 401298 LocalAlloc 5861->5862 5863 4012aa 5861->5863 5862->5863 5863->5829 5863->5854 5866 401787 5864->5866 5865 401494 LocalAlloc VirtualAlloc VirtualAlloc VirtualFree 5865->5866 5866->5865 5867 40183b 5866->5867 5869 40132c LocalAlloc 5866->5869 5870 401821 5866->5870 5871 4017d6 5866->5871 5872 4017e7 5867->5872 5882 4015c4 5867->5882 5869->5866 5873 40150c VirtualFree 5870->5873 5874 40150c VirtualFree 5871->5874 5872->5806 5873->5872 5874->5872 5876 401d80 9 API calls 5875->5876 5877 401de0 5876->5877 5878 40132c LocalAlloc 5877->5878 5879 401df0 5878->5879 5880 401b44 9 API calls 5879->5880 5881 401df8 5879->5881 5880->5881 5881->5807 5884 40160a 5882->5884 5883 40163a 5883->5872 5884->5883 5885 401626 VirtualAlloc 5884->5885 5885->5883 5885->5884 5889 401ef0 5886->5889 5887 401f1c 5888 401d00 9 API calls 5887->5888 5890 401f40 5887->5890 5888->5890 5889->5887 5889->5890 5892 401e58 5889->5892 5890->5770 5890->5771 5897 4016d8 5892->5897 5894 401e68 5895 401e75 5894->5895 5896 401dcc 9 API calls 5894->5896 5895->5889 5896->5895 5900 4016f4 5897->5900 5899 4016fe 5901 4015c4 VirtualAlloc 5899->5901 5900->5899 5902 40132c LocalAlloc 5900->5902 5903 40170a 5900->5903 5904 40174f 5900->5904 5906 401430 5900->5906 5901->5903 5902->5900 5903->5894 5905 40150c VirtualFree 5904->5905 5905->5903 5907 40143f VirtualAlloc 5906->5907 5909 40146c 5907->5909 5910 40148f 5907->5910 5911 4012e4 LocalAlloc 5909->5911 5910->5900 5912 401478 5911->5912 5912->5910 5913 40147c VirtualFree 5912->5913 5913->5910 6459 4028d2 6460 4028da 6459->6460 6461 403554 4 API calls 6460->6461 6462 4028ef 6460->6462 6461->6460 6463 4025ac 4 API calls 6462->6463 6464 4028f4 6463->6464 6750 4019d3 6751 4019ba 6750->6751 6752 4019c3 RtlLeaveCriticalSection 6751->6752 6753 4019cd 6751->6753 6752->6753 5993 407fd4 5994 407fe6 5993->5994 5996 407fed 5993->5996 6004 407f10 5994->6004 5998 408015 5996->5998 5999 408017 5996->5999 6002 408021 5996->6002 5997 40804e 6018 407e2c 5998->6018 6015 407d7c 5999->6015 6000 407d7c 19 API calls 6000->5997 6002->5997 6002->6000 6005 407f25 6004->6005 6006 407d7c 19 API calls 6005->6006 6007 407f34 6005->6007 6006->6007 6008 407f6e 6007->6008 6009 407d7c 19 API calls 6007->6009 6010 407f82 6008->6010 6011 407d7c 19 API calls 6008->6011 6009->6008 6014 407fae 6010->6014 6025 407eb8 6010->6025 6011->6010 6014->5996 6028 4058c4 6015->6028 6017 407d9e 6017->6002 6019 405194 19 API calls 6018->6019 6020 407e57 6019->6020 6036 407de4 6020->6036 6022 407e5f 6023 403198 4 API calls 6022->6023 6024 407e74 6023->6024 6024->6002 6026 407ec7 VirtualFree 6025->6026 6027 407ed9 VirtualAlloc 6025->6027 6026->6027 6027->6014 6030 4058d0 6028->6030 6029 405194 19 API calls 6031 4058fd 6029->6031 6030->6029 6032 4031e8 4 API calls 6031->6032 6033 405908 6032->6033 6034 403198 4 API calls 6033->6034 6035 40591d 6034->6035 6035->6017 6037 4058c4 19 API calls 6036->6037 6038 407e06 6037->6038 6038->6022 6465 405ad4 6466 405adc 6465->6466 6470 405ae4 6465->6470 6467 405aeb 6466->6467 6468 405ae2 6466->6468 6469 405940 5 API calls 6467->6469 6472 405a4c 6468->6472 6469->6470 6473 405a54 6472->6473 6474 405a6e 6473->6474 6475 403154 4 API calls 6473->6475 6476 405a73 6474->6476 6477 405a8a 6474->6477 6475->6473 6478 405940 5 API calls 6476->6478 6479 403154 4 API calls 6477->6479 6480 405a86 6478->6480 6481 405a8f 6479->6481 6483 403154 4 API calls 6480->6483 6482 4059b0 19 API calls 6481->6482 6482->6480 6484 405ab8 6483->6484 6485 403154 4 API calls 6484->6485 6486 405ac6 6485->6486 6486->6470 6274 40a9de 6275 40aa03 6274->6275 6276 407918 InterlockedExchange 6275->6276 6277 40aa2d 6276->6277 6278 409ae8 4 API calls 6277->6278 6279 40aa3d 6277->6279 6278->6279 6284 4076ac SetEndOfFile 6279->6284 6281 40aa59 6282 4025ac 4 API calls 6281->6282 6283 40aa90 6282->6283 6285 4076c3 6284->6285 6286 4076bc 6284->6286 6285->6281 6287 40748c 21 API calls 6286->6287 6287->6285 6757 402be9 RaiseException 6758 402c04 6757->6758 6500 402af2 6501 402afe 6500->6501 6504 402ed0 6501->6504 6505 403154 4 API calls 6504->6505 6507 402ee0 6505->6507 6506 402b03 6507->6506 6509 402b0c 6507->6509 6510 402b25 6509->6510 6511 402b15 RaiseException 6509->6511 6510->6506 6511->6510 6041 40a5f8 6084 4030dc 6041->6084 6043 40a60e 6087 4042e8 6043->6087 6045 40a613 6090 40457c GetModuleHandleA GetProcAddress 6045->6090 6049 40a61d 6098 4065c8 6049->6098 6051 40a622 6107 4090a4 GetModuleHandleA GetProcAddress GetModuleHandleA GetProcAddress 6051->6107 6061 40a665 6129 406c2c 6061->6129 6062 4031e8 4 API calls 6063 40a683 6062->6063 6064 4074e0 23 API calls 6063->6064 6065 40a69b 6064->6065 6143 409c34 FindResourceA 6065->6143 6068 409ae8 4 API calls 6070 40a710 6068->6070 6069 407918 InterlockedExchange 6072 40a6d2 6069->6072 6071 4074a0 20 API calls 6070->6071 6074 40a736 6071->6074 6072->6068 6072->6070 6073 40a751 6076 407a28 5 API calls 6073->6076 6074->6073 6075 409ae8 4 API calls 6074->6075 6075->6073 6077 40a776 6076->6077 6156 408b08 6077->6156 6081 40a7bc 6082 408b08 21 API calls 6081->6082 6083 40a7f5 6081->6083 6082->6081 6182 403094 6084->6182 6086 4030e1 GetModuleHandleA GetCommandLineA 6086->6043 6088 404323 6087->6088 6089 403154 4 API calls 6087->6089 6088->6045 6089->6088 6091 404598 6090->6091 6092 40459f GetProcAddress 6090->6092 6091->6092 6093 4045b5 GetProcAddress 6092->6093 6094 4045ae 6092->6094 6095 4045c4 SetProcessDEPPolicy 6093->6095 6096 4045c8 6093->6096 6094->6093 6095->6096 6097 404624 7035DB20 6096->6097 6097->6049 6183 405ca8 6098->6183 6108 4090f7 6107->6108 6263 406fa0 SetErrorMode 6108->6263 6111 407284 5 API calls 6112 409127 6111->6112 6113 403198 4 API calls 6112->6113 6114 40913c 6113->6114 6115 409b78 GetSystemInfo VirtualQuery 6114->6115 6116 409c2c 6115->6116 6119 409ba2 6115->6119 6121 409768 6116->6121 6117 409c0d VirtualQuery 6117->6116 6117->6119 6118 409bcc VirtualProtect 6118->6119 6119->6116 6119->6117 6119->6118 6120 409bfb VirtualProtect 6119->6120 6120->6117 6267 406bd0 GetCommandLineA 6121->6267 6123 409785 6124 409850 6123->6124 6125 406c2c 6 API calls 6123->6125 6128 403454 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 6123->6128 6126 4031b8 4 API calls 6124->6126 6125->6123 6127 40986a 6126->6127 6127->6061 6172 409c88 6127->6172 6128->6123 6130 406c53 GetModuleFileNameA 6129->6130 6131 406c77 GetCommandLineA 6129->6131 6132 403278 4 API calls 6130->6132 6139 406c7c 6131->6139 6133 406c75 6132->6133 6137 406ca4 6133->6137 6134 406c81 6135 403198 4 API calls 6134->6135 6138 406c89 6135->6138 6136 406af0 4 API calls 6136->6139 6140 403198 4 API calls 6137->6140 6141 40322c 4 API calls 6138->6141 6139->6134 6139->6136 6139->6138 6142 406cb9 6140->6142 6141->6137 6142->6062 6144 409c49 6143->6144 6145 409c4e SizeofResource 6143->6145 6146 409ae8 4 API calls 6144->6146 6147 409c60 LoadResource 6145->6147 6148 409c5b 6145->6148 6146->6145 6150 409c73 LockResource 6147->6150 6151 409c6e 6147->6151 6149 409ae8 4 API calls 6148->6149 6149->6147 6153 409c84 6150->6153 6154 409c7f 6150->6154 6152 409ae8 4 API calls 6151->6152 6152->6150 6153->6069 6153->6072 6155 409ae8 4 API calls 6154->6155 6155->6153 6166 408b82 6156->6166 6171 408b39 6156->6171 6157 408bcd 6159 407cb8 21 API calls 6157->6159 6158 407cb8 21 API calls 6158->6171 6161 408be4 6159->6161 6160 407cb8 21 API calls 6160->6166 6164 4031b8 4 API calls 6161->6164 6162 4034f0 4 API calls 6162->6171 6163 4034f0 4 API calls 6163->6166 6167 408bfe 6164->6167 6165 4031e8 4 API calls 6165->6171 6166->6157 6166->6160 6166->6163 6169 403420 4 API calls 6166->6169 6170 4031e8 4 API calls 6166->6170 6179 404c20 6167->6179 6168 403420 4 API calls 6168->6171 6169->6166 6170->6166 6171->6158 6171->6162 6171->6165 6171->6166 6171->6168 6173 40322c 4 API calls 6172->6173 6174 409cab 6173->6174 6175 409cba MessageBoxA 6174->6175 6176 409ccf 6175->6176 6177 403198 4 API calls 6176->6177 6178 409cd7 6177->6178 6178->6061 6180 402594 4 API calls 6179->6180 6181 404c2b 6180->6181 6181->6081 6182->6086 6184 405940 5 API calls 6183->6184 6185 405cb9 6184->6185 6186 405280 GetSystemDefaultLCID 6185->6186 6190 4052b6 6186->6190 6187 404cdc LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 6187->6190 6188 40520c LocalAlloc TlsSetValue TlsGetValue TlsGetValue GetLocaleInfoA 6188->6190 6189 4031e8 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 6189->6190 6190->6187 6190->6188 6190->6189 6194 405318 6190->6194 6191 404cdc LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 6191->6194 6192 40520c LocalAlloc TlsSetValue TlsGetValue TlsGetValue GetLocaleInfoA 6192->6194 6193 4031e8 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 6193->6194 6194->6191 6194->6192 6194->6193 6195 40539b 6194->6195 6196 4031b8 4 API calls 6195->6196 6197 4053b5 6196->6197 6198 4053c4 GetSystemDefaultLCID 6197->6198 6255 40520c GetLocaleInfoA 6198->6255 6201 4031e8 4 API calls 6202 405404 6201->6202 6203 40520c 5 API calls 6202->6203 6204 405419 6203->6204 6205 40520c 5 API calls 6204->6205 6206 40543d 6205->6206 6261 405258 GetLocaleInfoA 6206->6261 6209 405258 GetLocaleInfoA 6210 40546d 6209->6210 6211 40520c 5 API calls 6210->6211 6212 405487 6211->6212 6213 405258 GetLocaleInfoA 6212->6213 6214 4054a4 6213->6214 6215 40520c 5 API calls 6214->6215 6216 4054be 6215->6216 6217 4031e8 4 API calls 6216->6217 6218 4054cb 6217->6218 6219 40520c 5 API calls 6218->6219 6220 4054e0 6219->6220 6221 4031e8 4 API calls 6220->6221 6222 4054ed 6221->6222 6223 405258 GetLocaleInfoA 6222->6223 6224 4054fb 6223->6224 6225 40520c 5 API calls 6224->6225 6226 405515 6225->6226 6227 4031e8 4 API calls 6226->6227 6228 405522 6227->6228 6229 40520c 5 API calls 6228->6229 6230 405537 6229->6230 6231 4031e8 4 API calls 6230->6231 6232 405544 6231->6232 6233 40520c 5 API calls 6232->6233 6234 405559 6233->6234 6235 405576 6234->6235 6236 405567 6234->6236 6238 40322c 4 API calls 6235->6238 6237 40322c 4 API calls 6236->6237 6239 405574 6237->6239 6238->6239 6240 40520c 5 API calls 6239->6240 6241 405598 6240->6241 6242 4055b5 6241->6242 6243 4055a6 6241->6243 6244 403198 4 API calls 6242->6244 6245 40322c 4 API calls 6243->6245 6246 4055b3 6244->6246 6245->6246 6247 4033b4 4 API calls 6246->6247 6248 4055d7 6247->6248 6249 4033b4 4 API calls 6248->6249 6250 4055f1 6249->6250 6251 4031b8 4 API calls 6250->6251 6252 40560b 6251->6252 6253 405cf4 GetVersionExA 6252->6253 6254 405d0b 6253->6254 6254->6051 6256 405233 6255->6256 6257 405245 6255->6257 6258 403278 4 API calls 6256->6258 6259 40322c 4 API calls 6257->6259 6260 405243 6258->6260 6259->6260 6260->6201 6262 405274 6261->6262 6262->6209 6264 403414 6263->6264 6265 406fd8 LoadLibraryA 6264->6265 6266 406fee 6265->6266 6266->6111 6268 406af0 4 API calls 6267->6268 6269 406bf3 6268->6269 6270 406c05 6269->6270 6271 406af0 4 API calls 6269->6271 6272 403198 4 API calls 6270->6272 6271->6269 6273 406c1a 6272->6273 6273->6123 6759 402dfa 6760 402e26 6759->6760 6761 402e0d 6759->6761 6763 402ba4 6761->6763 6764 402bc9 6763->6764 6765 402bad 6763->6765 6764->6760 6766 402bb5 RaiseException 6765->6766 6766->6764 6767 4075fa GetFileSize 6768 407626 6767->6768 6769 407616 GetLastError 6767->6769 6769->6768 6770 40761f 6769->6770 6771 40748c 21 API calls 6770->6771 6771->6768 6772 406ffb 6773 407008 SetErrorMode 6772->6773 6516 403a80 CloseHandle 6517 403a90 6516->6517 6518 403a91 GetLastError 6516->6518 6519 403e87 6520 403e4c 6519->6520 6521 403e67 6520->6521 6522 403e62 6520->6522 6523 403e7b 6520->6523 6526 403e78 6521->6526 6527 402674 4 API calls 6521->6527 6524 403cc8 4 API calls 6522->6524 6525 402674 4 API calls 6523->6525 6524->6521 6525->6526 6527->6526 6536 407e90 6537 407eb8 VirtualFree 6536->6537 6538 407e9d 6537->6538 6550 40ac97 6559 4096fc 6550->6559 6553 402f24 5 API calls 6554 40aca1 6553->6554 6555 403198 4 API calls 6554->6555 6556 40acc0 6555->6556 6557 403198 4 API calls 6556->6557 6558 40acc8 6557->6558 6568 4056ac 6559->6568 6561 409745 6564 403198 4 API calls 6561->6564 6562 409717 6562->6561 6574 40720c 6562->6574 6565 40975a 6564->6565 6565->6553 6565->6554 6566 409735 6567 40973d MessageBoxA 6566->6567 6567->6561 6569 403154 4 API calls 6568->6569 6570 4056b1 6569->6570 6571 4056c9 6570->6571 6572 403154 4 API calls 6570->6572 6571->6562 6573 4056bf 6572->6573 6573->6562 6575 4056ac 4 API calls 6574->6575 6576 40721b 6575->6576 6577 407221 6576->6577 6578 40722f 6576->6578 6579 40322c 4 API calls 6577->6579 6580 40723f 6578->6580 6583 40724b 6578->6583 6581 40722d 6579->6581 6585 4071d0 6580->6585 6581->6566 6592 4032b8 6583->6592 6586 40322c 4 API calls 6585->6586 6587 4071df 6586->6587 6588 4071fc 6587->6588 6589 406950 CharPrevA 6587->6589 6588->6581 6590 4071eb 6589->6590 6590->6588 6591 4032fc 4 API calls 6590->6591 6591->6588 6593 403278 4 API calls 6592->6593 6594 4032c2 6593->6594 6594->6581 6595 403a97 6596 403aac 6595->6596 6597 403bbc GetStdHandle 6596->6597 6598 403b0e CreateFileA 6596->6598 6607 403ab2 6596->6607 6599 403c17 GetLastError 6597->6599 6612 403bba 6597->6612 6598->6599 6600 403b2c 6598->6600 6599->6607 6602 403b3b GetFileSize 6600->6602 6600->6612 6602->6599 6603 403b4e SetFilePointer 6602->6603 6603->6599 6608 403b6a ReadFile 6603->6608 6604 403be7 GetFileType 6606 403c02 CloseHandle 6604->6606 6604->6607 6606->6607 6608->6599 6609 403b8c 6608->6609 6610 403b9f SetFilePointer 6609->6610 6609->6612 6610->6599 6611 403bb0 SetEndOfFile 6610->6611 6611->6599 6611->6612 6612->6604 6612->6607 6617 40aaa2 6618 40aad2 6617->6618 6619 40aadc CreateWindowExA SetWindowLongA 6618->6619 6620 405194 19 API calls 6619->6620 6621 40ab5f 6620->6621 6622 4032fc 4 API calls 6621->6622 6623 40ab6d 6622->6623 6624 4032fc 4 API calls 6623->6624 6625 40ab7a 6624->6625 6626 406b7c 5 API calls 6625->6626 6627 40ab86 6626->6627 6628 4032fc 4 API calls 6627->6628 6629 40ab8f 6628->6629 6630 4099ec 29 API calls 6629->6630 6631 40aba1 6630->6631 6632 4098cc 5 API calls 6631->6632 6633 40abb4 6631->6633 6632->6633 6634 40abed 6633->6634 6635 4094d8 9 API calls 6633->6635 6636 40ac06 6634->6636 6639 40ac00 RemoveDirectoryA 6634->6639 6635->6634 6637 40ac1a 6636->6637 6638 40ac0f DestroyWindow 6636->6638 6640 40ac42 6637->6640 6641 40357c 4 API calls 6637->6641 6638->6637 6639->6636 6642 40ac38 6641->6642 6643 4025ac 4 API calls 6642->6643 6643->6640 6786 405ba2 6788 405ba4 6786->6788 6787 405be0 6791 405940 5 API calls 6787->6791 6788->6787 6789 405bf7 6788->6789 6790 405bda 6788->6790 6795 404cdc 5 API calls 6789->6795 6790->6787 6792 405c4c 6790->6792 6793 405bf3 6791->6793 6794 4059b0 19 API calls 6792->6794 6796 403198 4 API calls 6793->6796 6794->6793 6797 405c20 6795->6797 6798 405c86 6796->6798 6799 4059b0 19 API calls 6797->6799 6799->6793 6818 4011aa 6819 4011ac GetStdHandle 6818->6819 6647 4028ac 6648 402594 4 API calls 6647->6648 6649 4028b6 6648->6649 5914 40aab4 5915 40aab8 SetLastError 5914->5915 5945 409648 GetLastError 5915->5945 5918 40aad2 5920 40aadc CreateWindowExA SetWindowLongA 5918->5920 5919 402f24 5 API calls 5919->5918 5921 405194 19 API calls 5920->5921 5922 40ab5f 5921->5922 5923 4032fc 4 API calls 5922->5923 5924 40ab6d 5923->5924 5925 4032fc 4 API calls 5924->5925 5926 40ab7a 5925->5926 5958 406b7c GetCommandLineA 5926->5958 5929 4032fc 4 API calls 5930 40ab8f 5929->5930 5963 4099ec 5930->5963 5933 4098cc 5 API calls 5934 40abb4 5933->5934 5935 40abed 5934->5935 5936 4094d8 9 API calls 5934->5936 5937 40ac06 5935->5937 5940 40ac00 RemoveDirectoryA 5935->5940 5936->5935 5938 40ac1a 5937->5938 5939 40ac0f DestroyWindow 5937->5939 5941 40ac42 5938->5941 5942 40357c 4 API calls 5938->5942 5939->5938 5940->5937 5943 40ac38 5942->5943 5944 4025ac 4 API calls 5943->5944 5944->5941 5946 404c94 19 API calls 5945->5946 5947 40968f 5946->5947 5948 407284 5 API calls 5947->5948 5949 40969f 5948->5949 5950 408da8 4 API calls 5949->5950 5951 4096b4 5950->5951 5952 405890 4 API calls 5951->5952 5953 4096c3 5952->5953 5954 4031b8 4 API calls 5953->5954 5955 4096e2 5954->5955 5956 403198 4 API calls 5955->5956 5957 4096ea 5956->5957 5957->5918 5957->5919 5979 406af0 5958->5979 5960 406ba1 5961 403198 4 API calls 5960->5961 5962 406bbf 5961->5962 5962->5929 5964 4033b4 4 API calls 5963->5964 5965 409a27 5964->5965 5966 409a59 CreateProcessA 5965->5966 5967 409a65 5966->5967 5968 409a6c CloseHandle 5966->5968 5969 409648 21 API calls 5967->5969 5970 409a75 5968->5970 5969->5968 5989 4099c0 5970->5989 5973 409a91 5974 4099c0 3 API calls 5973->5974 5975 409a96 GetExitCodeProcess CloseHandle 5974->5975 5976 409ab6 5975->5976 5977 403198 4 API calls 5976->5977 5978 409abe 5977->5978 5978->5933 5978->5934 5980 406b1c 5979->5980 5981 403278 4 API calls 5980->5981 5982 406b29 5981->5982 5983 403420 4 API calls 5982->5983 5984 406b31 5983->5984 5985 4031e8 4 API calls 5984->5985 5986 406b49 5985->5986 5987 403198 4 API calls 5986->5987 5988 406b6b 5987->5988 5988->5960 5990 4099d4 PeekMessageA 5989->5990 5991 4099e6 MsgWaitForMultipleObjects 5990->5991 5992 4099c8 TranslateMessage DispatchMessageA 5990->5992 5991->5970 5991->5973 5992->5990 6650 401ab9 6651 401a96 6650->6651 6652 401aa9 RtlDeleteCriticalSection 6651->6652 6653 401a9f RtlLeaveCriticalSection 6651->6653 6653->6652 6824 4053bb 6825 4053a8 6824->6825 6826 4031b8 4 API calls 6825->6826 6827 4053b5 6826->6827

                                                    Executed Functions

                                                    Function 00409B78, Relevance: 7.6, APIs: 5, Instructions: 78memoryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 135 409b78-409b9c GetSystemInfo VirtualQuery 136 409ba2 135->136 137 409c2c-409c33 135->137 138 409c21-409c26 136->138 138->137 139 409ba4-409bab 138->139 140 409c0d-409c1f VirtualQuery 139->140 141 409bad-409bb1 139->141 140->137 140->138 141->140 142 409bb3-409bbb 141->142 143 409bcc-409bdd VirtualProtect 142->143 144 409bbd-409bc0 142->144 146 409be1-409be3 143->146 147 409bdf 143->147 144->143 145 409bc2-409bc5 144->145 145->143 148 409bc7-409bca 145->148 149 409bf2-409bf5 146->149 147->146 148->143 148->146 150 409be5-409bee call 409b70 149->150 151 409bf7-409bf9 149->151 150->149 151->140 153 409bfb-409c08 VirtualProtect 151->153 153->140
                                                    C-Code - Quality: 100%
                                                    			E00409B78(void* __eax) {
				char _v44;
				struct _SYSTEM_INFO _v80;
				long _v84;
				long _t17;
				long _t20;
				int _t23;
				void* _t33;
				void* _t34;
				struct _MEMORY_BASIC_INFORMATION* _t35;
				void* _t36;
				DWORD* _t37;

				_t34 = __eax;
				_t35 =  &_v44;
				GetSystemInfo( &_v80); // executed
				_t17 = VirtualQuery(_t34, _t35, 0x1c);
				if(_t17 == 0) {
					L17:
					return _t17;
				} else {
					while(1) {
						_t17 = _t35->AllocationBase;
						if(_t17 != _t34) {
							goto L17;
						}
						if(_t35->State != 0x1000 || (_t35->Protect & 0x00000001) != 0) {
							L15:
							_t17 = VirtualQuery(_t35->BaseAddress + _t35->RegionSize, _t35, 0x1c);
							if(_t17 == 0) {
								goto L17;
							}
							continue;
						} else {
							_t33 = 0;
							_t20 = _t35->Protect;
							if(_t20 == 1 || _t20 == 2 || _t20 == 0x10 || _t20 == 0x20) {
								_t23 = VirtualProtect(_t35->BaseAddress, _t35->RegionSize, 0x40, _t37); // executed
								if(_t23 != 0) {
									_t33 = 1;
								}
							}
							_t36 = 0;
							while(_t36 < _t35->RegionSize) {
								E00409B70(_t35->BaseAddress + _t36);
								_t36 = _t36 + _v80.dwPageSize;
							}
							if(_t33 != 0) {
								VirtualProtect( *_t35, _t35->RegionSize, _v84, _t37); // executed
							}
							goto L15;
						}
					}
					goto L17;
				}
			}














                                                    0x00409b7f
                                                    0x00409b81
                                                    0x00409b8a
                                                    0x00409b95
                                                    0x00409b9c
                                                    0x00409c33
                                                    0x00409c33
                                                    0x00409ba2
                                                    0x00409c21
                                                    0x00409c21
                                                    0x00409c26
                                                    0x00000000
                                                    0x00000000
                                                    0x00409bab
                                                    0x00409c0d
                                                    0x00409c18
                                                    0x00409c1f
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00409bb3
                                                    0x00409bb3
                                                    0x00409bb5
                                                    0x00409bbb
                                                    0x00409bd6
                                                    0x00409bdd
                                                    0x00409bdf
                                                    0x00409bdf
                                                    0x00409bdd
                                                    0x00409be1
                                                    0x00409bf2
                                                    0x00409be9
                                                    0x00409bee
                                                    0x00409bee
                                                    0x00409bf9
                                                    0x00409c08
                                                    0x00409c08
                                                    0x00000000
                                                    0x00409bf9
                                                    0x00409bab
                                                    0x00000000
                                                    0x00409c21

                                                    APIs
                                                    • GetSystemInfo.KERNEL32(?), ref: 00409B8A
                                                    • VirtualQuery.KERNEL32(00400000,?,0000001C,?), ref: 00409B95
                                                    • VirtualProtect.KERNEL32(?,?,00000040,?,00400000,?,0000001C,?), ref: 00409BD6
                                                    • VirtualProtect.KERNEL32(?,?,?,?,?,?,00000040,?,00400000,?,0000001C,?), ref: 00409C08
                                                    • VirtualQuery.KERNEL32(?,?,0000001C,00400000,?,0000001C,?), ref: 00409C18
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.283407680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.283396024.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283452234.000000000040B000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283480984.0000000000411000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Virtual$ProtectQuery$InfoSystem
                                                    • String ID:
                                                    • API String ID: 2441996862-0
                                                    • Opcode ID: 69cc1b0b9b744b29044eea84e4744ba7a66f7205e02ae19cc0529fdcfa929845
                                                    • Instruction ID: 4a1d84bb43d4a47cf168f169447d483ed62c711ee8ccb48f5bfbfd053dbeaed9
                                                    • Opcode Fuzzy Hash: 69cc1b0b9b744b29044eea84e4744ba7a66f7205e02ae19cc0529fdcfa929845
                                                    • Instruction Fuzzy Hash: D421A1B16043006BDA309AA99C85E57B7E8AF45360F144C2BFA99E72C3D239FC40C669
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0040520C, Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E0040520C(int __eax, void* __ecx, int __edx, intOrPtr _a4) {
				char _v260;
				int _t5;
				intOrPtr _t10;
				void* _t18;

				_t18 = __ecx;
				_t10 = _a4;
				_t5 = GetLocaleInfoA(__eax, __edx,  &_v260, 0x100); // executed
				_t19 = _t5;
				if(_t5 <= 0) {
					return E0040322C(_t10, _t18);
				}
				return E00403278(_t10, _t5 - 1,  &_v260, _t19);
			}







                                                    0x00405217
                                                    0x00405219
                                                    0x0040522a
                                                    0x0040522f
                                                    0x00405231
                                                    0x00000000
                                                    0x00405249
                                                    0x00000000

                                                    APIs
                                                    • GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0040C4BC,00000001,?,004052D7,?,00000000,004053B6), ref: 0040522A
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.283407680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.283396024.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283452234.000000000040B000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283480984.0000000000411000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: InfoLocale
                                                    • String ID:
                                                    • API String ID: 2299586839-0
                                                    • Opcode ID: 08facca5f8c818d7ae0117448837c5e97f15c9e55cb3aedc2694e0bc5091a832
                                                    • Instruction ID: 1248db9972fbf410c55bf070b604c98f5d62b90992f8f49b6b6440a9954d2c50
                                                    • Opcode Fuzzy Hash: 08facca5f8c818d7ae0117448837c5e97f15c9e55cb3aedc2694e0bc5091a832
                                                    • Instruction Fuzzy Hash: E2E0927170021427D710A9A99C86AEB725CEB58310F0002BFB904E73C6EDB49E804AED
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0040457C, Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 27libraryloaderCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    C-Code - Quality: 46%
                                                    			E0040457C() {
				_Unknown_base(*)()* _t2;
				_Unknown_base(*)()* _t3;
				_Unknown_base(*)()* _t4;
				void* _t5;
				struct HINSTANCE__* _t8;

				_t8 = GetModuleHandleA("kernel32.dll");
				_t2 = GetProcAddress(_t8, "SetDllDirectoryW");
				if(_t2 != 0) {
					 *_t2(0x4045f0);
				}
				_t3 = GetProcAddress(_t8, "SetSearchPathMode");
				if(_t3 != 0) {
					 *_t3(0x8001);
				}
				_t4 = GetProcAddress(_t8, "SetProcessDEPPolicy");
				if(_t4 != 0) {
					_t5 =  *_t4(1); // executed
					return _t5;
				}
				return _t4;
			}








                                                    0x00404587
                                                    0x0040458f
                                                    0x00404596
                                                    0x0040459d
                                                    0x0040459d
                                                    0x004045a5
                                                    0x004045ac
                                                    0x004045b3
                                                    0x004045b3
                                                    0x004045bb
                                                    0x004045c2
                                                    0x004045c6
                                                    0x00000000
                                                    0x004045c6
                                                    0x004045c9

                                                    APIs
                                                    • GetModuleHandleA.KERNEL32(kernel32.dll,?,0040A618), ref: 00404582
                                                    • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 0040458F
                                                    • GetProcAddress.KERNEL32(00000000,SetSearchPathMode), ref: 004045A5
                                                    • GetProcAddress.KERNEL32(00000000,SetProcessDEPPolicy), ref: 004045BB
                                                    • SetProcessDEPPolicy.KERNEL32(00000001,00000000,SetProcessDEPPolicy,00000000,SetSearchPathMode,kernel32.dll,?,0040A618), ref: 004045C6
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.283407680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.283396024.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283452234.000000000040B000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283480984.0000000000411000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: AddressProc$HandleModulePolicyProcess
                                                    • String ID: SetDllDirectoryW$SetProcessDEPPolicy$SetSearchPathMode$kernel32.dll
                                                    • API String ID: 3256987805-3653653586
                                                    • Opcode ID: 5152b1c660b0fef0348360efae9d442e0d6811f491f57bfacbbc157bf84edc67
                                                    • Instruction ID: 1f393095ee8ecda9e1e01b6ca7d440447e938bbc9796bcd5dbe8d266940e5f64
                                                    • Opcode Fuzzy Hash: 5152b1c660b0fef0348360efae9d442e0d6811f491f57bfacbbc157bf84edc67
                                                    • Instruction Fuzzy Hash: 5FE02DD03813013AEA5032F20D83B2B20884AD0B49B2414377F25B61C3EDBDDA40587E
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0040AAB4, Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 109COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    C-Code - Quality: 47%
                                                    			E0040AAB4(void* __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi) {
				void* _t22;
				struct HWND__* _t23;
				struct HWND__* _t24;
				struct HWND__* _t27;
				intOrPtr _t28;
				intOrPtr _t30;
				void* _t41;
				intOrPtr _t43;
				intOrPtr _t46;
				int _t47;
				intOrPtr _t48;
				intOrPtr _t50;
				struct HWND__* _t53;
				intOrPtr _t54;
				intOrPtr _t57;
				intOrPtr _t65;
				void* _t67;
				intOrPtr _t72;
				intOrPtr _t76;
				intOrPtr _t80;
				intOrPtr _t82;
				void* _t85;

				_t84 = __esi;
				_t83 = __edi;
				_t67 = __ecx;
				_t66 = __ebx;
				_t22 = __eax + __eax;
				if(_t22 < 0) {
					 *((intOrPtr*)(_t85 - 0x74ffbf56)) =  *((intOrPtr*)(_t85 - 0x74ffbf56)) + __ebx;
					_t87 = _t22 + 0x00000001 | 0x00000050;
					SetLastError(??);
					E00409648(0x69, __ebx, _t67, __edi, __esi, _t22 + 0x00000001 | 0x00000050);
					E00402F24();
					E00406F90(0x40ce2c);
					_push(0);
					_t65 =  *0x40c014; // 0x400000
					_push(_t65);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push("InnoSetupLdrWindow");
					_push("STATIC");
				}
				 *((intOrPtr*)(_t85 + 0x6a0040)) =  *((intOrPtr*)(_t85 + 0x6a0040)) + _t67;
				_t23 = CreateWindowExA(??, ??, ??, ??, ??, ??, ??, ??, ??, ??, ??, ??); // executed
				 *0x40b248 = _t23;
				_t24 =  *0x40b248; // 0x110082
				 *0x40ce24 = SetWindowLongA(_t24, 0xfffffffc, E00409960);
				_t27 =  *0x40b248; // 0x110082
				 *(_t85 - 0x3c) = _t27;
				 *((char*)(_t85 - 0x38)) = 0;
				_t28 =  *0x40ce34; // 0x413010
				_t8 = _t28 + 0x20; // 0xcc2a5
				 *((intOrPtr*)(_t85 - 0x34)) =  *_t8;
				 *((char*)(_t85 - 0x30)) = 0;
				_t30 =  *0x40ce34; // 0x413010
				_t11 = _t30 + 0x24; // 0xde00
				 *((intOrPtr*)(_t85 - 0x2c)) =  *_t11;
				 *((char*)(_t85 - 0x28)) = 0;
				E00405194("/SL5=\"$%x,%d,%d,", 2, _t85 - 0x3c, _t85 - 0x10);
				_t76 =  *0x40ce28; // 0x21e03cc
				E004032FC(_t85 - 0x10, _t76);
				E004032FC(_t85 - 0x10, 0x40ad2c);
				_push(_t85 - 0x10);
				E00406B7C(_t85 - 0x24, _t66, 2, _t83, _t84, _t87);
				_pop(_t41);
				E004032FC(_t41,  *((intOrPtr*)(_t85 - 0x24)));
				_t43 =  *0x40ce40; // 0x21e0494, executed
				E004099EC(_t43, _t66, 0x40b244,  *((intOrPtr*)(_t85 - 0x10)), _t83, _t84, _t87); // executed
				if( *0x40b240 != 0xffffffff) {
					_t57 =  *0x40b240; // 0x0
					E004098CC(_t57, 0x40b244);
				}
				_pop(_t80);
				 *[fs:eax] = _t80;
				_push(0x40ac54);
				_t46 =  *0x40ce2c; // 0x0
				_t47 = E00402924(_t46);
				if( *0x40ce40 != 0) {
					_t82 =  *0x40ce40; // 0x21e0494
					_t47 = E004094D8(0, _t82, 0xfa, 0x32); // executed
				}
				if( *0x40ce38 != 0) {
					_t54 =  *0x40ce38; // 0x21e0418
					_t47 = RemoveDirectoryA(E00403414(_t54)); // executed
				}
				if( *0x40b248 != 0) {
					_t53 =  *0x40b248; // 0x110082
					_t47 = DestroyWindow(_t53); // executed
				}
				if( *0x40ce1c != 0) {
					_t48 =  *0x40ce1c; // 0x0
					_t72 =  *0x40ce20; // 0x1
					E0040357C(_t48, _t66, _t72, E00408C10, _t83, _t84);
					_t50 =  *0x40ce1c; // 0x0
					E004025AC(_t50);
					 *0x40ce1c = 0;
					return 0;
				}
				return _t47;
			}

























                                                    0x0040aab4
                                                    0x0040aab4
                                                    0x0040aab4
                                                    0x0040aab4
                                                    0x0040aab4
                                                    0x0040aab6
                                                    0x0040aab8
                                                    0x0040aabf
                                                    0x0040aac1
                                                    0x0040aac8
                                                    0x0040aacd
                                                    0x0040aad7
                                                    0x0040aadc
                                                    0x0040aade
                                                    0x0040aae3
                                                    0x0040aae4
                                                    0x0040aae6
                                                    0x0040aae8
                                                    0x0040aaea
                                                    0x0040aaec
                                                    0x0040aaee
                                                    0x0040aaf0
                                                    0x0040aaf2
                                                    0x0040aaf7
                                                    0x0040aaf7
                                                    0x0040aaf8
                                                    0x0040aafe
                                                    0x0040ab03
                                                    0x0040ab0f
                                                    0x0040ab1a
                                                    0x0040ab23
                                                    0x0040ab28
                                                    0x0040ab2b
                                                    0x0040ab2f
                                                    0x0040ab34
                                                    0x0040ab37
                                                    0x0040ab3a
                                                    0x0040ab3e
                                                    0x0040ab43
                                                    0x0040ab46
                                                    0x0040ab49
                                                    0x0040ab5a
                                                    0x0040ab62
                                                    0x0040ab68
                                                    0x0040ab75
                                                    0x0040ab7d
                                                    0x0040ab81
                                                    0x0040ab89
                                                    0x0040ab8a
                                                    0x0040ab97
                                                    0x0040ab9c
                                                    0x0040aba8
                                                    0x0040abaa
                                                    0x0040abaf
                                                    0x0040abaf
                                                    0x0040abb6
                                                    0x0040abb9
                                                    0x0040abbc
                                                    0x0040abc1
                                                    0x0040abc6
                                                    0x0040abd2
                                                    0x0040abe0
                                                    0x0040abe8
                                                    0x0040abe8
                                                    0x0040abf4
                                                    0x0040abf6
                                                    0x0040ac01
                                                    0x0040ac01
                                                    0x0040ac0d
                                                    0x0040ac0f
                                                    0x0040ac15
                                                    0x0040ac15
                                                    0x0040ac21
                                                    0x0040ac23
                                                    0x0040ac28
                                                    0x0040ac33
                                                    0x0040ac38
                                                    0x0040ac3d
                                                    0x0040ac44
                                                    0x00000000
                                                    0x0040ac44
                                                    0x0040ac49

                                                    APIs
                                                    • SetLastError.KERNEL32 ref: 0040AAC1
                                                      • Part of subcall function 00409648: GetLastError.KERNEL32(00000000,004096EB,?,0040B244,?,021E0494), ref: 0040966C
                                                    • CreateWindowExA.USER32 ref: 0040AAFE
                                                    • SetWindowLongA.USER32 ref: 0040AB15
                                                    • RemoveDirectoryA.KERNEL32(00000000,0040AC54,00409960,00000000,STATIC,InnoSetupLdrWindow,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 0040AC01
                                                    • DestroyWindow.USER32(00110082,0040AC54,00409960,00000000,STATIC,InnoSetupLdrWindow,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 0040AC15
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.283407680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.283396024.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283452234.000000000040B000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283480984.0000000000411000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Window$ErrorLast$CreateDestroyDirectoryLongRemove
                                                    • String ID: /SL5="$%x,%d,%d,$InnoSetupLdrWindow$STATIC
                                                    • API String ID: 3757039580-3001827809
                                                    • Opcode ID: 7bc9c0c8e9dfd2478b94306391eafe1fb51b7566d8199cdbb2b2653dcbc3d95c
                                                    • Instruction ID: 81987b3bab642c92fe87a7372e0454594c4b8fe140ce311e0f93b1eeebf6ab37
                                                    • Opcode Fuzzy Hash: 7bc9c0c8e9dfd2478b94306391eafe1fb51b7566d8199cdbb2b2653dcbc3d95c
                                                    • Instruction Fuzzy Hash: 25412E70604204DBDB10EBA9EE89B9E37A5EB44304F10467FF510B72E2D7B89855CB9D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004090A4, Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 46libraryloaderCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    C-Code - Quality: 53%
                                                    			E004090A4(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				char _v8;
				char _t8;
				intOrPtr _t22;
				intOrPtr _t27;

				_t16 = __ebx;
				_push(0);
				_push(__ebx);
				_push(_t27);
				_push(0x40913d);
				_push( *[fs:eax]);
				 *[fs:eax] = _t27;
				 *0x40ccd0 = GetProcAddress(GetModuleHandleA("kernel32.dll"), "Wow64DisableWow64FsRedirection");
				 *0x40ccd4 = GetProcAddress(GetModuleHandleA("kernel32.dll"), "Wow64RevertWow64FsRedirection");
				if( *0x40ccd0 == 0 ||  *0x40ccd4 == 0) {
					_t8 = 0;
				} else {
					_t8 = 1;
				}
				 *0x40ccd8 = _t8;
				E00406FA0("shell32.dll", _t16, 0x8000); // executed
				E00407284(0x4c783afb,  &_v8);
				_pop(_t22);
				 *[fs:eax] = _t22;
				_push(E00409144);
				return E00403198( &_v8);
			}







                                                    0x004090a4
                                                    0x004090a7
                                                    0x004090a9
                                                    0x004090ae
                                                    0x004090af
                                                    0x004090b4
                                                    0x004090b7
                                                    0x004090cf
                                                    0x004090e9
                                                    0x004090f5
                                                    0x00409100
                                                    0x00409104
                                                    0x00409104
                                                    0x00409104
                                                    0x00409106
                                                    0x00409115
                                                    0x00409122
                                                    0x00409129
                                                    0x0040912c
                                                    0x0040912f
                                                    0x0040913c

                                                    APIs
                                                    • GetModuleHandleA.KERNEL32(kernel32.dll,Wow64DisableWow64FsRedirection,00000000,0040913D,?,?,?,?,00000000,?,0040A62C), ref: 004090C4
                                                    • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 004090CA
                                                    • GetModuleHandleA.KERNEL32(kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000,0040913D,?,?,?,?,00000000,?,0040A62C), ref: 004090DE
                                                    • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 004090E4
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.283407680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.283396024.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283452234.000000000040B000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283480984.0000000000411000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: AddressHandleModuleProc
                                                    • String ID: Wow64DisableWow64FsRedirection$Wow64RevertWow64FsRedirection$kernel32.dll$shell32.dll
                                                    • API String ID: 1646373207-2130885113
                                                    • Opcode ID: 0414f1d66f28dc470df4633e5994336701384173b3f6f66b470f3ad827f759f7
                                                    • Instruction ID: 214dda5481ef482ebe311b1329301f35405b1013d97e3062c17ffb2c8286d57d
                                                    • Opcode Fuzzy Hash: 0414f1d66f28dc470df4633e5994336701384173b3f6f66b470f3ad827f759f7
                                                    • Instruction Fuzzy Hash: 21017C70748342AEFB00BB76DD4AB163A68E785704F60457BF640BA2D3DABD4C04D66E
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0040AAA2, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 105COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    C-Code - Quality: 43%
                                                    			E0040AAA2(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t22;
				struct HWND__* _t23;
				struct HWND__* _t24;
				struct HWND__* _t27;
				intOrPtr _t28;
				intOrPtr _t30;
				void* _t41;
				intOrPtr _t43;
				intOrPtr _t46;
				int _t47;
				intOrPtr _t48;
				intOrPtr _t50;
				struct HWND__* _t53;
				intOrPtr _t54;
				intOrPtr _t57;
				void* _t61;
				intOrPtr _t66;
				intOrPtr _t68;
				intOrPtr _t70;
				intOrPtr _t74;
				intOrPtr _t76;
				void* _t79;
				void* _t80;

				_t80 = __eflags;
				_t78 = __esi;
				_t77 = __edi;
				_t59 = __ebx;
				_pop(_t68);
				_pop(_t61);
				 *[fs:eax] = _t68;
				E00406F90(0x40ce2c);
				_push(0);
				_t22 =  *0x40c014; // 0x400000
				_push(_t22);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push("InnoSetupLdrWindow");
				_push("STATIC");
				 *((intOrPtr*)(_t79 + 0x6a0040)) =  *((intOrPtr*)(_t79 + 0x6a0040)) + _t61;
				_t23 = CreateWindowExA(??, ??, ??, ??, ??, ??, ??, ??, ??, ??, ??, ??); // executed
				 *0x40b248 = _t23;
				_t24 =  *0x40b248; // 0x110082
				 *0x40ce24 = SetWindowLongA(_t24, 0xfffffffc, E00409960);
				_t27 =  *0x40b248; // 0x110082
				 *(_t79 - 0x3c) = _t27;
				 *((char*)(_t79 - 0x38)) = 0;
				_t28 =  *0x40ce34; // 0x413010
				_t6 = _t28 + 0x20; // 0xcc2a5
				 *((intOrPtr*)(_t79 - 0x34)) =  *_t6;
				 *((char*)(_t79 - 0x30)) = 0;
				_t30 =  *0x40ce34; // 0x413010
				_t9 = _t30 + 0x24; // 0xde00
				 *((intOrPtr*)(_t79 - 0x2c)) =  *_t9;
				 *((char*)(_t79 - 0x28)) = 0;
				E00405194("/SL5=\"$%x,%d,%d,", 2, _t79 - 0x3c, _t79 - 0x10);
				_t70 =  *0x40ce28; // 0x21e03cc
				E004032FC(_t79 - 0x10, _t70);
				E004032FC(_t79 - 0x10, 0x40ad2c);
				_push(_t79 - 0x10);
				E00406B7C(_t79 - 0x24, __ebx, 2, __edi, __esi, _t80);
				_pop(_t41);
				E004032FC(_t41,  *((intOrPtr*)(_t79 - 0x24)));
				_t43 =  *0x40ce40; // 0x21e0494, executed
				E004099EC(_t43, __ebx, 0x40b244,  *((intOrPtr*)(_t79 - 0x10)), __edi, __esi, _t80); // executed
				if( *0x40b240 != 0xffffffff) {
					_t57 =  *0x40b240; // 0x0
					E004098CC(_t57, 0x40b244);
				}
				_pop(_t74);
				 *[fs:eax] = _t74;
				_push(0x40ac54);
				_t46 =  *0x40ce2c; // 0x0
				_t47 = E00402924(_t46);
				if( *0x40ce40 != 0) {
					_t76 =  *0x40ce40; // 0x21e0494
					_t47 = E004094D8(0, _t76, 0xfa, 0x32); // executed
				}
				if( *0x40ce38 != 0) {
					_t54 =  *0x40ce38; // 0x21e0418
					_t47 = RemoveDirectoryA(E00403414(_t54)); // executed
				}
				if( *0x40b248 != 0) {
					_t53 =  *0x40b248; // 0x110082
					_t47 = DestroyWindow(_t53); // executed
				}
				if( *0x40ce1c != 0) {
					_t48 =  *0x40ce1c; // 0x0
					_t66 =  *0x40ce20; // 0x1
					E0040357C(_t48, _t59, _t66, E00408C10, _t77, _t78);
					_t50 =  *0x40ce1c; // 0x0
					E004025AC(_t50);
					 *0x40ce1c = 0;
					return 0;
				}
				return _t47;
			}


























                                                    0x0040aaa2
                                                    0x0040aaa2
                                                    0x0040aaa2
                                                    0x0040aaa2
                                                    0x0040aaa4
                                                    0x0040aaa6
                                                    0x0040aaa7
                                                    0x0040aad7
                                                    0x0040aadc
                                                    0x0040aade
                                                    0x0040aae3
                                                    0x0040aae4
                                                    0x0040aae6
                                                    0x0040aae8
                                                    0x0040aaea
                                                    0x0040aaec
                                                    0x0040aaee
                                                    0x0040aaf0
                                                    0x0040aaf2
                                                    0x0040aaf7
                                                    0x0040aaf8
                                                    0x0040aafe
                                                    0x0040ab03
                                                    0x0040ab0f
                                                    0x0040ab1a
                                                    0x0040ab23
                                                    0x0040ab28
                                                    0x0040ab2b
                                                    0x0040ab2f
                                                    0x0040ab34
                                                    0x0040ab37
                                                    0x0040ab3a
                                                    0x0040ab3e
                                                    0x0040ab43
                                                    0x0040ab46
                                                    0x0040ab49
                                                    0x0040ab5a
                                                    0x0040ab62
                                                    0x0040ab68
                                                    0x0040ab75
                                                    0x0040ab7d
                                                    0x0040ab81
                                                    0x0040ab89
                                                    0x0040ab8a
                                                    0x0040ab97
                                                    0x0040ab9c
                                                    0x0040aba8
                                                    0x0040abaa
                                                    0x0040abaf
                                                    0x0040abaf
                                                    0x0040abb6
                                                    0x0040abb9
                                                    0x0040abbc
                                                    0x0040abc1
                                                    0x0040abc6
                                                    0x0040abd2
                                                    0x0040abe0
                                                    0x0040abe8
                                                    0x0040abe8
                                                    0x0040abf4
                                                    0x0040abf6
                                                    0x0040ac01
                                                    0x0040ac01
                                                    0x0040ac0d
                                                    0x0040ac0f
                                                    0x0040ac15
                                                    0x0040ac15
                                                    0x0040ac21
                                                    0x0040ac23
                                                    0x0040ac28
                                                    0x0040ac33
                                                    0x0040ac38
                                                    0x0040ac3d
                                                    0x0040ac44
                                                    0x00000000
                                                    0x0040ac44
                                                    0x0040ac49

                                                    APIs
                                                    • CreateWindowExA.USER32 ref: 0040AAFE
                                                    • SetWindowLongA.USER32 ref: 0040AB15
                                                      • Part of subcall function 00406B7C: GetCommandLineA.KERNEL32(00000000,00406BC0,?,?,?,?,00000000,?,0040AB86,?,?,00110082,000000FC,00409960,00000000,STATIC), ref: 00406B94
                                                      • Part of subcall function 004099EC: CreateProcessA.KERNEL32 ref: 00409A5C
                                                      • Part of subcall function 004099EC: CloseHandle.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409AE4,021E0494,00409AD8,00000000), ref: 00409A70
                                                      • Part of subcall function 004099EC: MsgWaitForMultipleObjects.USER32 ref: 00409A89
                                                      • Part of subcall function 004099EC: GetExitCodeProcess.KERNEL32 ref: 00409A9B
                                                      • Part of subcall function 004099EC: CloseHandle.KERNEL32(?,?,0040B244,00000001,?,00000000,000000FF,000000FF,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00409AA4
                                                    • RemoveDirectoryA.KERNEL32(00000000,0040AC54,00409960,00000000,STATIC,InnoSetupLdrWindow,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 0040AC01
                                                    • DestroyWindow.USER32(00110082,0040AC54,00409960,00000000,STATIC,InnoSetupLdrWindow,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 0040AC15
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.283407680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.283396024.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283452234.000000000040B000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283480984.0000000000411000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Window$CloseCreateHandleProcess$CodeCommandDestroyDirectoryExitLineLongMultipleObjectsRemoveWait
                                                    • String ID: /SL5="$%x,%d,%d,$InnoSetupLdrWindow$STATIC
                                                    • API String ID: 3586484885-3001827809
                                                    • Opcode ID: c367800830601d7b7bb1e4b9cc729c69669d466ec6c890b8506752b9ad64910a
                                                    • Instruction ID: d3376fcde1141b4290a3dca450fc2844fa47922897975e075ebf06e3b6db64eb
                                                    • Opcode Fuzzy Hash: c367800830601d7b7bb1e4b9cc729c69669d466ec6c890b8506752b9ad64910a
                                                    • Instruction Fuzzy Hash: 77411A71604204DFD714EBA9EE85B5A37B5EB48304F20427BF500BB2E1D7B8A855CB9D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004099EC, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 77processCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    C-Code - Quality: 61%
                                                    			E004099EC(void* __eax, void* __ebx, DWORD* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				char _v8;
				struct _STARTUPINFOA _v76;
				void* _v88;
				void* _v92;
				int _t22;
				intOrPtr _t49;
				DWORD* _t51;
				void* _t56;

				_v8 = 0;
				_t51 = __ecx;
				_t53 = __edx;
				_t41 = __eax;
				_push(_t56);
				_push(0x409abf);
				_push( *[fs:eax]);
				 *[fs:eax] = _t56 + 0xffffffa8;
				_push(0x409ad8);
				_push(__eax);
				_push(0x409ae4);
				_push(__edx);
				E004033B4();
				E0040277C( &_v76, 0x44);
				_v76.cb = 0x44;
				_t22 = CreateProcessA(0, E00403414(_v8), 0, 0, 0, 0, 0, 0,  &_v76,  &_v92); // executed
				_t59 = _t22;
				if(_t22 == 0) {
					E00409648(0x6a, _t41, 0, _t51, _t53, _t59);
				}
				CloseHandle(_v88);
				do {
					E004099C0();
				} while (MsgWaitForMultipleObjects(1,  &_v92, 0, 0xffffffff, 0xff) == 1);
				E004099C0();
				GetExitCodeProcess(_v92, _t51); // executed
				CloseHandle(_v92);
				_pop(_t49);
				 *[fs:eax] = _t49;
				_push(E00409AC6);
				return E00403198( &_v8);
			}











                                                    0x004099f7
                                                    0x004099fa
                                                    0x004099fc
                                                    0x004099fe
                                                    0x00409a02
                                                    0x00409a03
                                                    0x00409a08
                                                    0x00409a0b
                                                    0x00409a0e
                                                    0x00409a13
                                                    0x00409a14
                                                    0x00409a19
                                                    0x00409a22
                                                    0x00409a31
                                                    0x00409a36
                                                    0x00409a5c
                                                    0x00409a61
                                                    0x00409a63
                                                    0x00409a67
                                                    0x00409a67
                                                    0x00409a70
                                                    0x00409a75
                                                    0x00409a75
                                                    0x00409a8e
                                                    0x00409a91
                                                    0x00409a9b
                                                    0x00409aa4
                                                    0x00409aab
                                                    0x00409aae
                                                    0x00409ab1
                                                    0x00409abe

                                                    APIs
                                                    • CreateProcessA.KERNEL32 ref: 00409A5C
                                                    • CloseHandle.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409AE4,021E0494,00409AD8,00000000), ref: 00409A70
                                                    • MsgWaitForMultipleObjects.USER32 ref: 00409A89
                                                    • GetExitCodeProcess.KERNEL32 ref: 00409A9B
                                                    • CloseHandle.KERNEL32(?,?,0040B244,00000001,?,00000000,000000FF,000000FF,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00409AA4
                                                      • Part of subcall function 00409648: GetLastError.KERNEL32(00000000,004096EB,?,0040B244,?,021E0494), ref: 0040966C
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.283407680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.283396024.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283452234.000000000040B000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283480984.0000000000411000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CloseHandleProcess$CodeCreateErrorExitLastMultipleObjectsWait
                                                    • String ID: D
                                                    • API String ID: 3356880605-2746444292
                                                    • Opcode ID: aadf6f075de5bdb3c28d757ddccd10dd30f6bbfdbbad62eb54c24073370c977f
                                                    • Instruction ID: b58d0f6e2b8975977e6c7b71aada5392bea55c03070ce9fad3dcef5aa6d4018a
                                                    • Opcode Fuzzy Hash: aadf6f075de5bdb3c28d757ddccd10dd30f6bbfdbbad62eb54c24073370c977f
                                                    • Instruction Fuzzy Hash: EE1142B16402486EDB00EBE6CC42F9EB7ACEF49714F50013BB604F72C6DA785D048A69
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004019DC, Relevance: 9.1, APIs: 6, Instructions: 59COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 116 4019dc-4019e7 117 401abb-401abd 116->117 118 4019ed-401a02 116->118 119 401a04-401a09 RtlEnterCriticalSection 118->119 120 401a0e-401a2d LocalFree 118->120 119->120 121 401a41-401a47 120->121 122 401a49-401a6e call 4012dc * 3 121->122 123 401a2f-401a3f VirtualFree 121->123 130 401a70-401a85 LocalFree 122->130 131 401a87-401a9d 122->131 123->121 130->130 130->131 133 401aa9-401ab3 RtlDeleteCriticalSection 131->133 134 401a9f-401aa4 RtlLeaveCriticalSection 131->134 134->133
                                                    C-Code - Quality: 71%
                                                    			E004019DC() {
				void* _t2;
				void* _t3;
				void* _t14;
				intOrPtr* _t18;
				intOrPtr _t22;
				intOrPtr _t24;

				_t22 = _t24;
				if( *0x40c415 == 0) {
					return _t2;
				} else {
					_push(_t22);
					_push(E00401AB4);
					_push( *[fs:edx]);
					 *[fs:edx] = _t24;
					if( *0x40c032 != 0) {
						_push(0x40c41c);
						L00401274();
					}
					 *0x40c415 = 0;
					_t3 =  *0x40c474; // 0x0
					LocalFree(_t3);
					 *0x40c474 = 0;
					_t18 =  *0x40c43c; // 0x40c43c
					while(_t18 != 0x40c43c) {
						_t1 = _t18 + 8; // 0x0
						VirtualFree( *_t1, 0, 0x8000); // executed
						_t18 =  *_t18;
					}
					E004012DC(0x40c43c);
					E004012DC(0x40c44c);
					E004012DC(0x40c478);
					_t14 =  *0x40c434; // 0x0
					while(_t14 != 0) {
						 *0x40c434 =  *_t14;
						LocalFree(_t14);
						_t14 =  *0x40c434; // 0x0
					}
					_pop( *[fs:0x0]);
					_push(0x401abb);
					if( *0x40c032 != 0) {
						_push(0x40c41c);
						L0040127C();
					}
					_push(0x40c41c);
					L00401284();
					return _t14;
				}
			}









                                                    0x004019dd
                                                    0x004019e7
                                                    0x00401abd
                                                    0x004019ed
                                                    0x004019ef
                                                    0x004019f0
                                                    0x004019f5
                                                    0x004019f8
                                                    0x00401a02
                                                    0x00401a04
                                                    0x00401a09
                                                    0x00401a09
                                                    0x00401a0e
                                                    0x00401a15
                                                    0x00401a1b
                                                    0x00401a22
                                                    0x00401a27
                                                    0x00401a41
                                                    0x00401a36
                                                    0x00401a3a
                                                    0x00401a3f
                                                    0x00401a3f
                                                    0x00401a4e
                                                    0x00401a58
                                                    0x00401a62
                                                    0x00401a67
                                                    0x00401a6e
                                                    0x00401a72
                                                    0x00401a79
                                                    0x00401a7e
                                                    0x00401a83
                                                    0x00401a87
                                                    0x00401a91
                                                    0x00401a9d
                                                    0x00401a9f
                                                    0x00401aa4
                                                    0x00401aa4
                                                    0x00401aa9
                                                    0x00401aae
                                                    0x00401ab3
                                                    0x00401ab3

                                                    APIs
                                                    • RtlEnterCriticalSection.KERNEL32(0040C41C,00000000,00401AB4), ref: 00401A09
                                                    • LocalFree.KERNEL32(00000000,00000000,00401AB4), ref: 00401A1B
                                                    • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,00000000,00401AB4), ref: 00401A3A
                                                    • LocalFree.KERNEL32(00000000,00000000,00000000,00008000,00000000,00000000,00401AB4), ref: 00401A79
                                                    • RtlLeaveCriticalSection.KERNEL32(0040C41C,00401ABB), ref: 00401AA4
                                                    • RtlDeleteCriticalSection.KERNEL32(0040C41C,00401ABB), ref: 00401AAE
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.283407680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.283396024.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283452234.000000000040B000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283480984.0000000000411000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CriticalFreeSection$Local$DeleteEnterLeaveVirtual
                                                    • String ID:
                                                    • API String ID: 3782394904-0
                                                    • Opcode ID: 2760f6fc436d2282df077fa3fe2c561b0ff429e9c23b98cc44d100e589fe962f
                                                    • Instruction ID: 5447b05044442752c1d56c7733342563ab4b4f61826a3093f511f794066d9233
                                                    • Opcode Fuzzy Hash: 2760f6fc436d2282df077fa3fe2c561b0ff429e9c23b98cc44d100e589fe962f
                                                    • Instruction Fuzzy Hash: 91116330341280DAD711ABA59EE2F623668B785748F44437EF444B62F2C67C9840CA9D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00403D02, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 72windowCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 155 403d02-403d10 156 403d12-403d19 155->156 157 403d29-403d30 155->157 158 403ddf-403de5 ExitProcess 156->158 159 403d1f 156->159 160 403d32-403d3c 157->160 161 403d3e-403d45 157->161 159->157 164 403d21-403d23 159->164 160->157 162 403d47-403d51 161->162 163 403db8-403dcc call 403cc8 * 2 call 4019dc 161->163 166 403d56-403d62 162->166 180 403dd1-403dd8 163->180 164->157 168 403dea-403e19 call 4030b4 164->168 166->166 169 403d64-403d6e 166->169 172 403d73-403d84 169->172 172->172 176 403d86-403d8d 172->176 178 403da4-403db3 call 403fe4 call 403f67 176->178 179 403d8f-403da2 MessageBoxA 176->179 178->163 179->163 180->168 182 403dda call 4030b4 180->182 182->158
                                                    C-Code - Quality: 84%
                                                    			E00403D02(int __eax) {
				intOrPtr* _t7;
				intOrPtr* _t8;
				signed int _t15;
				signed int _t19;
				intOrPtr _t20;
				unsigned int _t21;
				char* _t29;
				char* _t30;
				void* _t46;

				 *0x40c020 = __eax;
				if( *0x40c030 == 0) {
					goto L5;
				} else {
					_t46 =  *0x40c414 - 1;
					if(_t46 < 0) {
						L17:
						ExitProcess( *0x40c020); // executed
					} else {
						if(_t46 == 0 || __eax != 0) {
							while(1) {
								L5:
								_t7 =  *0x40c024; // 0x0
								_t8 = _t7;
								if(_t8 == 0) {
									break;
								}
								 *0x40c024 = 0;
								 *_t8();
							}
							if( *0x40c028 != 0) {
								_t19 =  *0x40c020; // 0x0
								_t29 = "  at 00000000";
								do {
									_t2 = _t19 % 0xa;
									_t19 = _t19 / 0xa;
									 *_t29 = _t2 + 0x30;
									_t29 = _t29 - 1;
								} while (_t19 != 0);
								_t30 = 0x40b030;
								_t20 =  *0x40c028; // 0x0
								_t21 = _t20 - 0x401178;
								do {
									 *_t30 =  *((intOrPtr*)((_t21 & 0x0000000f) + 0x403e1c));
									_t30 = _t30 - 1;
									_t21 = _t21 >> 4;
								} while (_t21 != 0);
								if( *0x40c031 != 0) {
									E00403FE4(0x40c204, "Runtime error     at 00000000");
									E00403F67();
								} else {
									MessageBoxA(0, "Runtime error     at 00000000", "Error", 0);
								}
							}
							E00403CC8(0x40c038);
							E00403CC8(0x40c204); // executed
							E004019DC(); // executed
							if( *0x40c414 == 0) {
								E004030B4();
								goto L17;
							}
						}
					}
				}
				E004030B4();
				 *0x40c414 = 0;
				_t15 =  *0x40c020; // 0x0
				asm("sbb eax, eax");
				return  ~_t15 + 1;
			}












                                                    0x00403d04
                                                    0x00403d10
                                                    0x00000000
                                                    0x00403d12
                                                    0x00403d12
                                                    0x00403d19
                                                    0x00403ddf
                                                    0x00403de5
                                                    0x00403d1f
                                                    0x00403d1f
                                                    0x00403d29
                                                    0x00403d29
                                                    0x00403d29
                                                    0x00403d2e
                                                    0x00403d30
                                                    0x00000000
                                                    0x00000000
                                                    0x00403d34
                                                    0x00403d3a
                                                    0x00403d3a
                                                    0x00403d45
                                                    0x00403d47
                                                    0x00403d4c
                                                    0x00403d56
                                                    0x00403d58
                                                    0x00403d58
                                                    0x00403d5d
                                                    0x00403d5f
                                                    0x00403d60
                                                    0x00403d64
                                                    0x00403d69
                                                    0x00403d6e
                                                    0x00403d73
                                                    0x00403d7e
                                                    0x00403d80
                                                    0x00403d81
                                                    0x00403d81
                                                    0x00403d8d
                                                    0x00403dae
                                                    0x00403db3
                                                    0x00403d8f
                                                    0x00403d9d
                                                    0x00403d9d
                                                    0x00403d8d
                                                    0x00403dbd
                                                    0x00403dc7
                                                    0x00403dcc
                                                    0x00403dd8
                                                    0x00403dda
                                                    0x00000000
                                                    0x00403dda
                                                    0x00403dd8
                                                    0x00403d1f
                                                    0x00403d19
                                                    0x00403dea
                                                    0x00403def
                                                    0x00403df6
                                                    0x00403dfd
                                                    0x00403e19

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.283407680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.283396024.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283452234.000000000040B000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283480984.0000000000411000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: ExitMessageProcess
                                                    • String ID: Error$Runtime error at 00000000
                                                    • API String ID: 1220098344-2970929446
                                                    • Opcode ID: 0b7abc0913d0e9b6482778e2bb40dc1e8adb9ed549d30d0444a38b969016e341
                                                    • Instruction ID: db3008c0e6bc5d60e05df0545d3e9f81ce91e923819fa2a9fb93000da4b6b716
                                                    • Opcode Fuzzy Hash: 0b7abc0913d0e9b6482778e2bb40dc1e8adb9ed549d30d0444a38b969016e341
                                                    • Instruction Fuzzy Hash: B521F830A04341CAE714EFA59AD17153E98AB49349F04837BD500B73E3C77C8A45C76E
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0040A814, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 117windowCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    C-Code - Quality: 73%
                                                    			E0040A814(void* __ebx, void* __edi, void* __esi) {
				intOrPtr _t24;
				intOrPtr _t29;
				intOrPtr _t35;
				intOrPtr _t36;
				intOrPtr _t40;
				intOrPtr _t42;
				intOrPtr _t49;
				intOrPtr _t51;
				intOrPtr _t52;
				intOrPtr _t55;
				intOrPtr _t57;
				CHAR* _t58;
				int _t63;
				void* _t64;
				intOrPtr _t65;
				void* _t69;
				intOrPtr _t72;
				intOrPtr _t76;
				intOrPtr _t82;
				intOrPtr _t86;
				intOrPtr _t90;
				void* _t91;
				void* _t92;
				void* _t93;
				intOrPtr _t94;

				_t92 = __esi;
				_t91 = __edi;
				_t64 = __ebx;
				_pop(_t76);
				_pop(_t67);
				 *[fs:eax] = _t76;
				E0040993C(_t67);
				if(( *0x40ce16 & 0x00000001) == 0 &&  *0x40b238 == 0) {
					_t57 =  *0x40cbd0; // 0x0
					_t58 = E00403414(_t57);
					_t67 = _t93 - 0x10;
					_t76 =  *0x40cce0; // 0x21e0058
					E00408DD8(0xa1, _t93 - 0x10, _t76);
					_t63 = MessageBoxA(0, E00403414( *((intOrPtr*)(_t93 - 0x10))), _t58, 0x24);
					_t97 = _t63 - 6;
					if(_t63 != 6) {
						 *0x40b244 = 2;
						E00405864();
					}
				}
				E004026C4();
				E00409330(_t93 - 0x10, _t64, _t76, _t91, _t92); // executed
				E004031E8(0x40ce38, _t64,  *((intOrPtr*)(_t93 - 0x10)), _t91, _t92);
				_t24 =  *0x40ce28; // 0x21e03cc
				E00406928(_t24, _t67, _t93 - 0x24);
				E004066C0( *((intOrPtr*)(_t93 - 0x24)), _t64, _t93 - 0x10, 0x40ace4, _t91, _t92, _t97);
				_push( *((intOrPtr*)(_t93 - 0x10)));
				_t29 =  *0x40ce38; // 0x21e0418
				E00406638(_t29, _t93 - 0x24);
				_pop(_t69);
				E00403340(0x40ce3c, _t69,  *((intOrPtr*)(_t93 - 0x24)));
				_t82 =  *0x40ce3c; // 0x21e0494
				E004031E8(0x40ce40, _t64, _t82, _t91, _t92);
				_t35 =  *0x40ce34; // 0x413010
				_t13 = _t35 + 0x14; // 0xce0b8
				_t36 =  *0x40ce2c; // 0x0
				E004074C8(_t36,  *_t13);
				_push(_t93);
				_push(0x40aaac);
				_push( *[fs:edx]);
				 *[fs:edx] = _t94;
				 *0x40ce84 = 0;
				_t40 = E004074E0(1, 0, 1, 0); // executed
				 *0x40ce30 = _t40;
				 *[fs:eax] = _t94;
				_t42 =  *0x40ce34; // 0x413010
				_t14 = _t42 + 0x18; // 0xae770
				 *0x40ce84 = E00402594( *_t14,  *[fs:eax], 0x40aa9b, _t93);
				_t65 =  *0x40ce84; // 0x21f8000
				_t86 =  *0x40ce34; // 0x413010
				_t15 = _t86 + 0x18; // 0xae770
				E0040277C(_t65,  *_t15);
				_push(_t93);
				_push(0x40a9e8);
				_push( *[fs:eax]);
				 *[fs:eax] = _t94;
				_t72 =  *0x40ce2c; // 0x0
				_t49 = E00407A28(_t72, 1, "�y@"); // executed
				 *0x40ce88 = _t49;
				_push(_t93);
				_push(0x40a9d7);
				_push( *[fs:eax]);
				 *[fs:eax] = _t94;
				_t51 =  *0x40ce34; // 0x413010
				_t16 = _t51 + 0x18; // 0xae770
				_t52 =  *0x40ce88; // 0x22a6774
				E00407CB8(_t52,  *_t16, _t65);
				_pop(_t90);
				 *[fs:eax] = _t90;
				_push(E0040A9DE);
				_t55 =  *0x40ce88; // 0x22a6774
				return E00402924(_t55);
			}




























                                                    0x0040a814
                                                    0x0040a814
                                                    0x0040a814
                                                    0x0040a816
                                                    0x0040a818
                                                    0x0040a819
                                                    0x0040a839
                                                    0x0040a845
                                                    0x0040a852
                                                    0x0040a857
                                                    0x0040a85d
                                                    0x0040a860
                                                    0x0040a868
                                                    0x0040a878
                                                    0x0040a87d
                                                    0x0040a880
                                                    0x0040a882
                                                    0x0040a88c
                                                    0x0040a88c
                                                    0x0040a880
                                                    0x0040a891
                                                    0x0040a899
                                                    0x0040a8a6
                                                    0x0040a8ae
                                                    0x0040a8b3
                                                    0x0040a8c3
                                                    0x0040a8cb
                                                    0x0040a8cf
                                                    0x0040a8d4
                                                    0x0040a8e1
                                                    0x0040a8e2
                                                    0x0040a8ec
                                                    0x0040a8f2
                                                    0x0040a8f7
                                                    0x0040a8fc
                                                    0x0040a8ff
                                                    0x0040a904
                                                    0x0040a90b
                                                    0x0040a90c
                                                    0x0040a911
                                                    0x0040a914
                                                    0x0040a919
                                                    0x0040a931
                                                    0x0040a936
                                                    0x0040a946
                                                    0x0040a949
                                                    0x0040a94e
                                                    0x0040a956
                                                    0x0040a95b
                                                    0x0040a965
                                                    0x0040a96b
                                                    0x0040a96e
                                                    0x0040a975
                                                    0x0040a976
                                                    0x0040a97b
                                                    0x0040a97e
                                                    0x0040a986
                                                    0x0040a993
                                                    0x0040a998
                                                    0x0040a99f
                                                    0x0040a9a0
                                                    0x0040a9a5
                                                    0x0040a9a8
                                                    0x0040a9ad
                                                    0x0040a9b2
                                                    0x0040a9b5
                                                    0x0040a9ba
                                                    0x0040a9c1
                                                    0x0040a9c4
                                                    0x0040a9c7
                                                    0x0040a9cc
                                                    0x0040a9d6

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.283407680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.283396024.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283452234.000000000040B000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283480984.0000000000411000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Message
                                                    • String ID: .tmp$y@
                                                    • API String ID: 2030045667-2396523267
                                                    • Opcode ID: 55a53fbd7ad7285035f8ab2cde1915fb146aa3dc543cd9b52406218d685c1c98
                                                    • Instruction ID: 5e9257013af3d55ef2b6e359c41f87f67318ae2a4e6dbf07461b5d8c6de74657
                                                    • Opcode Fuzzy Hash: 55a53fbd7ad7285035f8ab2cde1915fb146aa3dc543cd9b52406218d685c1c98
                                                    • Instruction Fuzzy Hash: 3B41C030704200CFD311EF25DED1A1A77A5EB49304B214A3AF804B73E1CAB9AC11CBAD
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0040A82F, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113windowCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    C-Code - Quality: 74%
                                                    			E0040A82F(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				intOrPtr _t24;
				intOrPtr _t29;
				intOrPtr _t35;
				intOrPtr _t36;
				intOrPtr _t40;
				intOrPtr _t42;
				intOrPtr _t49;
				intOrPtr _t51;
				intOrPtr _t52;
				intOrPtr _t55;
				intOrPtr _t57;
				CHAR* _t58;
				int _t63;
				void* _t64;
				intOrPtr _t65;
				void* _t68;
				intOrPtr _t71;
				intOrPtr _t75;
				intOrPtr _t81;
				intOrPtr _t85;
				intOrPtr _t89;
				void* _t90;
				void* _t91;
				void* _t92;
				intOrPtr _t93;

				_t91 = __esi;
				_t90 = __edi;
				_t66 = __ecx;
				_t64 = __ebx;
				E00409AE8();
				E00402F24();
				E0040993C(_t66);
				if(( *0x40ce16 & 0x00000001) == 0 &&  *0x40b238 == 0) {
					_t57 =  *0x40cbd0; // 0x0
					_t58 = E00403414(_t57);
					_t66 = _t92 - 0x10;
					_t75 =  *0x40cce0; // 0x21e0058
					E00408DD8(0xa1, _t92 - 0x10, _t75);
					_t63 = MessageBoxA(0, E00403414( *((intOrPtr*)(_t92 - 0x10))), _t58, 0x24);
					_t96 = _t63 - 6;
					if(_t63 != 6) {
						 *0x40b244 = 2;
						E00405864();
					}
				}
				E004026C4();
				E00409330(_t92 - 0x10, _t64, _t75, _t90, _t91); // executed
				E004031E8(0x40ce38, _t64,  *((intOrPtr*)(_t92 - 0x10)), _t90, _t91);
				_t24 =  *0x40ce28; // 0x21e03cc
				E00406928(_t24, _t66, _t92 - 0x24);
				E004066C0( *((intOrPtr*)(_t92 - 0x24)), _t64, _t92 - 0x10, 0x40ace4, _t90, _t91, _t96);
				_push( *((intOrPtr*)(_t92 - 0x10)));
				_t29 =  *0x40ce38; // 0x21e0418
				E00406638(_t29, _t92 - 0x24);
				_pop(_t68);
				E00403340(0x40ce3c, _t68,  *((intOrPtr*)(_t92 - 0x24)));
				_t81 =  *0x40ce3c; // 0x21e0494
				E004031E8(0x40ce40, _t64, _t81, _t90, _t91);
				_t35 =  *0x40ce34; // 0x413010
				_t13 = _t35 + 0x14; // 0xce0b8
				_t36 =  *0x40ce2c; // 0x0
				E004074C8(_t36,  *_t13);
				_push(_t92);
				_push(0x40aaac);
				_push( *[fs:edx]);
				 *[fs:edx] = _t93;
				 *0x40ce84 = 0;
				_t40 = E004074E0(1, 0, 1, 0); // executed
				 *0x40ce30 = _t40;
				 *[fs:eax] = _t93;
				_t42 =  *0x40ce34; // 0x413010
				_t14 = _t42 + 0x18; // 0xae770
				 *0x40ce84 = E00402594( *_t14,  *[fs:eax], 0x40aa9b, _t92);
				_t65 =  *0x40ce84; // 0x21f8000
				_t85 =  *0x40ce34; // 0x413010
				_t15 = _t85 + 0x18; // 0xae770
				E0040277C(_t65,  *_t15);
				_push(_t92);
				_push(0x40a9e8);
				_push( *[fs:eax]);
				 *[fs:eax] = _t93;
				_t71 =  *0x40ce2c; // 0x0
				_t49 = E00407A28(_t71, 1, "�y@"); // executed
				 *0x40ce88 = _t49;
				_push(_t92);
				_push(0x40a9d7);
				_push( *[fs:eax]);
				 *[fs:eax] = _t93;
				_t51 =  *0x40ce34; // 0x413010
				_t16 = _t51 + 0x18; // 0xae770
				_t52 =  *0x40ce88; // 0x22a6774
				E00407CB8(_t52,  *_t16, _t65);
				_pop(_t89);
				 *[fs:eax] = _t89;
				_push(E0040A9DE);
				_t55 =  *0x40ce88; // 0x22a6774
				return E00402924(_t55);
			}




























                                                    0x0040a82f
                                                    0x0040a82f
                                                    0x0040a82f
                                                    0x0040a82f
                                                    0x0040a82f
                                                    0x0040a834
                                                    0x0040a839
                                                    0x0040a845
                                                    0x0040a852
                                                    0x0040a857
                                                    0x0040a85d
                                                    0x0040a860
                                                    0x0040a868
                                                    0x0040a878
                                                    0x0040a87d
                                                    0x0040a880
                                                    0x0040a882
                                                    0x0040a88c
                                                    0x0040a88c
                                                    0x0040a880
                                                    0x0040a891
                                                    0x0040a899
                                                    0x0040a8a6
                                                    0x0040a8ae
                                                    0x0040a8b3
                                                    0x0040a8c3
                                                    0x0040a8cb
                                                    0x0040a8cf
                                                    0x0040a8d4
                                                    0x0040a8e1
                                                    0x0040a8e2
                                                    0x0040a8ec
                                                    0x0040a8f2
                                                    0x0040a8f7
                                                    0x0040a8fc
                                                    0x0040a8ff
                                                    0x0040a904
                                                    0x0040a90b
                                                    0x0040a90c
                                                    0x0040a911
                                                    0x0040a914
                                                    0x0040a919
                                                    0x0040a931
                                                    0x0040a936
                                                    0x0040a946
                                                    0x0040a949
                                                    0x0040a94e
                                                    0x0040a956
                                                    0x0040a95b
                                                    0x0040a965
                                                    0x0040a96b
                                                    0x0040a96e
                                                    0x0040a975
                                                    0x0040a976
                                                    0x0040a97b
                                                    0x0040a97e
                                                    0x0040a986
                                                    0x0040a993
                                                    0x0040a998
                                                    0x0040a99f
                                                    0x0040a9a0
                                                    0x0040a9a5
                                                    0x0040a9a8
                                                    0x0040a9ad
                                                    0x0040a9b2
                                                    0x0040a9b5
                                                    0x0040a9ba
                                                    0x0040a9c1
                                                    0x0040a9c4
                                                    0x0040a9c7
                                                    0x0040a9cc
                                                    0x0040a9d6

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.283407680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.283396024.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283452234.000000000040B000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283480984.0000000000411000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Message
                                                    • String ID: .tmp$y@
                                                    • API String ID: 2030045667-2396523267
                                                    • Opcode ID: 4e131503fe38447772e4e2294cf5373b7e2007f9fac8d76d0a71823c743fc64d
                                                    • Instruction ID: 95bba075cf9db07042691c1556ef0613dbe482a65a3614fff4d0ead14828e6f7
                                                    • Opcode Fuzzy Hash: 4e131503fe38447772e4e2294cf5373b7e2007f9fac8d76d0a71823c743fc64d
                                                    • Instruction Fuzzy Hash: E341BE30700200DFC711EF65DED2A1A77A5EB49304B104A3AF804B73E2CAB9AC01CBAD
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00409330, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    C-Code - Quality: 56%
                                                    			E00409330(void* __eax, long __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				intOrPtr _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				int _t30;
				intOrPtr _t62;
				void* _t72;
				intOrPtr _t75;

				_t70 = __edi;
				_t53 = __ebx;
				_t54 = 0;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(__ebx);
				_push(__edi);
				_t72 = __eax;
				_push(_t75);
				_push(0x40941f);
				_push( *[fs:eax]);
				 *[fs:eax] = _t75;
				while(1) {
					E00406CF4( &_v12, _t53, _t54, _t70, _t72); // executed
					_t54 = 0x409438;
					E00409224(0, _t53, 0x409438, _v12, _t70, _t72,  &_v8); // executed
					_t30 = CreateDirectoryA(E00403414(_v8), 0); // executed
					if(_t30 != 0) {
						break;
					}
					_t53 = GetLastError();
					if(_t38 != 0xb7) {
						E00408DD8(0x36,  &_v28, _v8);
						_v24 = _v28;
						E00404C94(_t53,  &_v32);
						_v20 = _v32;
						E00407284(_t53,  &_v36);
						_v16 = _v36;
						E00408DA8(0x68, 2,  &_v24,  &_v12);
						_t54 = _v12;
						E00405890(_v12, 1);
						E00402EB4();
					}
				}
				E0040322C(_t72, _v8);
				_pop(_t62);
				 *[fs:eax] = _t62;
				_push(E00409426);
				E004031B8( &_v36, 3);
				return E004031B8( &_v12, 2);
			}















                                                    0x00409330
                                                    0x00409330
                                                    0x00409333
                                                    0x00409335
                                                    0x00409336
                                                    0x00409337
                                                    0x00409338
                                                    0x00409339
                                                    0x0040933a
                                                    0x0040933b
                                                    0x0040933c
                                                    0x0040933d
                                                    0x0040933f
                                                    0x00409340
                                                    0x00409344
                                                    0x00409345
                                                    0x0040934a
                                                    0x0040934d
                                                    0x00409350
                                                    0x00409357
                                                    0x0040935f
                                                    0x00409366
                                                    0x00409376
                                                    0x0040937d
                                                    0x00000000
                                                    0x00000000
                                                    0x00409384
                                                    0x0040938c
                                                    0x0040939a
                                                    0x004093a2
                                                    0x004093aa
                                                    0x004093b2
                                                    0x004093ba
                                                    0x004093c2
                                                    0x004093cf
                                                    0x004093d4
                                                    0x004093de
                                                    0x004093e3
                                                    0x004093e3
                                                    0x0040938c
                                                    0x004093f2
                                                    0x004093f9
                                                    0x004093fc
                                                    0x004093ff
                                                    0x0040940c
                                                    0x0040941e

                                                    APIs
                                                    • CreateDirectoryA.KERNEL32(00000000,00000000,?,00000000,0040941F,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00409376
                                                    • GetLastError.KERNEL32(00000000,00000000,?,00000000,0040941F,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040937F
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.283407680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.283396024.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283452234.000000000040B000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283480984.0000000000411000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CreateDirectoryErrorLast
                                                    • String ID: .tmp
                                                    • API String ID: 1375471231-2986845003
                                                    • Opcode ID: 1c7982c9535877cc809d76a2290e1ec991a7408e90ad789d49a53b04ffd62ed2
                                                    • Instruction ID: b240cf9bc22f775501a2d99da134be40bb2f76fb21a7d6e050461713caae6e8b
                                                    • Opcode Fuzzy Hash: 1c7982c9535877cc809d76a2290e1ec991a7408e90ad789d49a53b04ffd62ed2
                                                    • Instruction Fuzzy Hash: 9E216774A00208ABDB05EFA1C8429DFB7B8EF88304F50457BE901B73C2DA3C9E058A65
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004094D8, Relevance: 5.0, APIs: 4, Instructions: 45sleepCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 311 4094d8-4094e9 312 409532-409537 311->312 313 4094eb-4094ec 311->313 314 4094ee-4094f1 313->314 315 4094f3-4094fc Sleep 314->315 316 4094fe-409501 314->316 317 40950c-409511 call 408fbc 315->317 316->317 318 409503-409507 Sleep 316->318 320 409516-409518 317->320 318->317 320->312 321 40951a-409522 GetLastError 320->321 321->312 322 409524-40952c GetLastError 321->322 322->312 323 40952e-409530 322->323 323->312 323->314
                                                    C-Code - Quality: 100%
                                                    			E004094D8(long __eax, intOrPtr __edx, long _a4, long _a8) {
				intOrPtr _v8;
				long _t5;
				long _t9;
				void* _t10;
				void* _t13;
				void* _t15;
				void* _t16;

				_t5 = __eax;
				_v8 = __edx;
				_t9 = __eax;
				_t15 = _t10 - 1;
				if(_t15 < 0) {
					L10:
					return _t5;
				}
				_t16 = _t15 + 1;
				_t13 = 0;
				while(1) {
					_t19 = _t13 - 1;
					if(_t13 != 1) {
						__eflags = _t13 - 1;
						if(__eflags > 0) {
							Sleep(_a4);
						}
					} else {
						Sleep(_a8);
					}
					_t5 = E00408FBC(_t9, _v8, _t19); // executed
					if(_t5 != 0) {
						goto L10;
					}
					_t5 = GetLastError();
					if(_t5 == 2) {
						goto L10;
					}
					_t5 = GetLastError();
					if(_t5 == 3) {
						goto L10;
					}
					_t13 = _t13 + 1;
					_t16 = _t16 - 1;
					if(_t16 != 0) {
						continue;
					}
					goto L10;
				}
				goto L10;
			}










                                                    0x004094d8
                                                    0x004094df
                                                    0x004094e2
                                                    0x004094e6
                                                    0x004094e9
                                                    0x00409537
                                                    0x00409537
                                                    0x00409537
                                                    0x004094eb
                                                    0x004094ec
                                                    0x004094ee
                                                    0x004094ee
                                                    0x004094f1
                                                    0x004094fe
                                                    0x00409501
                                                    0x00409507
                                                    0x00409507
                                                    0x004094f3
                                                    0x004094f7
                                                    0x004094f7
                                                    0x00409511
                                                    0x00409518
                                                    0x00000000
                                                    0x00000000
                                                    0x0040951a
                                                    0x00409522
                                                    0x00000000
                                                    0x00000000
                                                    0x00409524
                                                    0x0040952c
                                                    0x00000000
                                                    0x00000000
                                                    0x0040952e
                                                    0x0040952f
                                                    0x00409530
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00409530
                                                    0x00000000

                                                    APIs
                                                    • Sleep.KERNEL32(?,?,?,?,0000000D,?,0040ABED,000000FA,00000032,0040AC54,00409960,00000000,STATIC,InnoSetupLdrWindow,00000000,00000000), ref: 004094F7
                                                    • Sleep.KERNEL32(?,?,?,?,0000000D,?,0040ABED,000000FA,00000032,0040AC54,00409960,00000000,STATIC,InnoSetupLdrWindow,00000000,00000000), ref: 00409507
                                                    • GetLastError.KERNEL32(?,?,?,0000000D,?,0040ABED,000000FA,00000032,0040AC54,00409960,00000000,STATIC,InnoSetupLdrWindow,00000000,00000000,00000000), ref: 0040951A
                                                    • GetLastError.KERNEL32(?,?,?,0000000D,?,0040ABED,000000FA,00000032,0040AC54,00409960,00000000,STATIC,InnoSetupLdrWindow,00000000,00000000,00000000), ref: 00409524
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.283407680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.283396024.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283452234.000000000040B000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283480984.0000000000411000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: ErrorLastSleep
                                                    • String ID:
                                                    • API String ID: 1458359878-0
                                                    • Opcode ID: 97bb3b87fdda019371420e794be163fcf62410a15a23215566f33b90e6dc6563
                                                    • Instruction ID: cd4a420f7ace5638a97e0bdb8a1e9fccbb234b9240edd4770f97938e6011a3cc
                                                    • Opcode Fuzzy Hash: 97bb3b87fdda019371420e794be163fcf62410a15a23215566f33b90e6dc6563
                                                    • Instruction Fuzzy Hash: 16F0967360451477CA35A5AF9D81A5F634DDAD1354B10813BE945F3283C538DD0142A9
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00407749, Relevance: 3.3, APIs: 2, Instructions: 284fileCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 389 407749-40774a 390 4076dc-4076e6 WriteFile 389->390 391 40774c-40776f 389->391 392 4076e8-4076ea call 40748c 390->392 393 4076ef-4076f2 390->393 394 407770-407785 391->394 392->393 396 407700-407704 393->396 397 4076f4-4076fb call 4073ec 393->397 398 407787 394->398 399 4077f9 394->399 397->396 400 40778a-40778f 398->400 401 4077fd-407802 398->401 402 40783b-40783d 399->402 403 4077fb 399->403 406 407803-407819 400->406 408 407791-407792 400->408 401->406 407 407841-407843 402->407 403->401 409 40785b-40785c 406->409 417 40781b 406->417 407->409 412 407724-407741 408->412 413 407794-4077b4 408->413 410 4078d6-4078eb call 407890 InterlockedExchange 409->410 411 40785e-40788c 409->411 434 407912-407917 410->434 435 4078ed-407910 410->435 427 407820-407823 411->427 428 407890-407893 411->428 416 4077b5 412->416 419 407743 412->419 413->416 421 4077b6-4077b7 416->421 422 4077f7-4077f8 416->422 423 40781e-40781f 417->423 425 407746-407747 419->425 426 4077b9 419->426 421->426 422->399 423->427 425->389 429 4077bb-4077cd 425->429 426->429 431 407824 427->431 432 407898 427->432 428->432 429->407 433 4077cf-4077d4 429->433 436 407825 431->436 437 40789a 431->437 432->437 433->402 441 4077d6-4077de 433->441 435->434 435->435 439 407896-407897 436->439 440 407826-40782d 436->440 442 40789f 437->442 439->432 443 4078a1 440->443 444 40782f 440->444 441->394 452 4077e0 441->452 442->443 449 4078a3 443->449 450 4078ac 443->450 446 407832-407833 444->446 447 4078a5-4078aa 444->447 446->402 446->423 451 4078ae-4078af 447->451 449->447 450->451 451->442 453 4078b1-4078bd 451->453 452->422 453->432 454 4078bf-4078c0 453->454
                                                    C-Code - Quality: 39%
                                                    			E00407749(void* __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, void* __eflags) {
				int _t42;
				intOrPtr* _t46;
				intOrPtr* _t47;
				signed int _t54;
				unsigned int _t56;
				unsigned int _t58;
				unsigned int _t59;
				unsigned int _t60;
				intOrPtr* _t68;
				char* _t71;
				char* _t72;
				void* _t86;
				void* _t89;
				intOrPtr* _t94;
				void* _t98;

				L0:
				while(1) {
					L0:
					_t86 = __edi;
					asm("outsd");
					if(__eflags < 0) {
						break;
					}
					L29:
					 *__eax =  *__eax + __al;
					 *__eax =  *__eax + __al;
					 *__eax =  *__eax + __al;
					 *__eax =  *__eax + __al;
					 *__eax =  *__eax + __al;
					 *__eax =  *__eax + __al;
					 *__eax =  *__eax + __al;
					 *__eax =  *__eax + __al;
					 *__eax =  *__eax + __al;
					 *__eax =  *__eax + __al;
					 *__eax =  *__eax + __al;
					 *__eax =  *__eax + __al;
					 *(__edi + 0x40) =  *(__edi + 0x40) ^ 0x00000000;
					 *__eax =  *__eax + __al;
					__eflags = __al - 0x77;
					__eax = __eax + 1;
					__ah = __ah + __al;
					__eflags = __ah;
					while(1) {
						L30:
						asm("les ebp, [ecx]");
						__eax = __eax + 1;
						 *((intOrPtr*)(__eax + __ebp + 0x28d40040)) =  *((intOrPtr*)(__eax + __ebp + 0x28d40040)) + __ch;
						__eax = __eax + 1;
						 *__eax =  *__eax + __bl;
						 *__eax =  *__eax - __eax;
						__eflags =  *__eax;
						asm("adc al, [ebp+0x43]");
						asm("outsd");
						asm("insd");
						if(__eflags < 0) {
							break;
						}
						L31:
						if(__eflags >= 0) {
							L50:
							 *__eax =  *__eax + __al;
							 *((intOrPtr*)(__eax + __edx)) =  *((intOrPtr*)(__eax + __edx)) + __bh;
							__eax = __eax + 1;
							__eflags = __eax;
							goto L51;
						} else {
							L32:
							__esp = __esp + 1;
							asm("popad");
							if(__eflags == 0) {
								L46:
								 *__eax =  *__eax + __al;
								 *__eax =  *__eax + __al;
								 *__eax =  *__eax + __al;
								 *__eax =  *__eax + __al;
								__eflags =  *__eax;
								goto L47;
							} else {
								L33:
								__ebp = __ebp + 1;
								__eflags = __ebp;
								if(__eflags < 0) {
									L51:
									__ah = __ah + __al;
									 *__eax =  *__eax - __eax;
									asm("lodsb");
									 *__eax =  *__eax - __al;
									asm("aam 0x28");
									__eax = __eax + 1;
									 *__eax =  *__eax + __bl;
									 *__eax =  *__eax - __eax;
									__eflags =  *__eax;
									0x3440b892();
									if( *__eax < 0) {
										goto L66;
									} else {
										L52:
										_t20 = __eax + __edi * 2;
										 *_t20 =  *(__eax + __edi * 2) + __bh;
										__eflags =  *_t20;
										L53:
										__eax = __eax + 1;
										 *__ebx =  *__ebx + __dl;
										__eflags =  *__ebx;
										L54:
										asm("adc edx, [ebx+eax*2+0x75]");
										if(__eflags >= 0) {
											L72:
											__eax = __esi;
											L73:
											__edx = 8;
											L74:
											__eflags = __al & 0x00000001;
											L75:
											if(__eflags == 0) {
												L78:
												__eax = __eax >> 1;
												__eflags = __eax;
											} else {
												L76:
												__eax = __eax >> 1;
												__eflags = __eax;
												L77:
												__eax = __eax ^ 0xedb88320;
											}
											L79:
											__edx = __edx - 1;
											__eflags = __edx;
											if(__edx != 0) {
												goto L74;
											}
											L80:
											 *__ecx = __eax;
											__esi = __esi + 1;
											__ecx = __ecx + 4;
											__eflags = __esi - 0x100;
											if(__esi != 0x100) {
												goto L72;
											}
											L81:
											_pop(__esi);
											return __eax;
										} else {
											L55:
											if (__eflags == 0) goto L71;
											L56:
											asm("outsd");
										}
									}
								} else {
									L34:
									asm("outsd");
									if(__eflags < 0) {
										L26:
										 *__eax =  *__eax + __al;
										asm("pushad");
										__esi = __esi + 1;
										__eax = __eax + 1;
										__ah = __ah + __al;
										 *__eax =  *__eax - __eax;
										asm("lodsb");
										 *__eax =  *__eax - __al;
										asm("aam 0x28");
										__eax = __eax + 1;
										 *__eax =  *__eax + __bl;
										 *__eax =  *__eax - __eax;
										_push(cs);
										__ebp = __ebp + 1;
										__ebx = __ebx + 1;
										__eflags = __ebx;
										asm("outsd");
										asm("insd");
										if(__eflags < 0) {
											goto L36;
										} else {
											L27:
											if(__eflags >= 0) {
												goto L38;
											} else {
												L28:
												__ebp = __ebp + 1;
												__eflags = __ebp;
												if(__eflags < 0) {
													goto L39;
												} else {
													goto L0;
												}
											}
										}
									} else {
										L35:
										 *__eax =  *__eax + __al;
										 *__eax =  *__eax + __al;
										 *__eax =  *__eax + __al;
										 *__eax =  *__eax + __al;
										 *__eax =  *__eax + __al;
										 *__eax =  *__eax + __al;
										 *__eax =  *__eax + __al;
										 *__eax =  *__eax + __al;
										 *__eax =  *__eax + __al;
										 *__eax =  *__eax + __al;
										 *__eax =  *__eax + __al;
										 *__eax =  *__eax + __al;
										asm("enter 0x4077, 0x0");
										 *__eax =  *__eax + __al;
										__eflags = __al - 0x77;
										L36:
										if(__eflags > 0) {
											L47:
											 *__eax =  *__eax + __ah;
											__eflags =  *__eax;
											break;
										} else {
											L37:
											__ah = __ah + __al;
											__eflags = __ah;
											L38:
											 *__eax =  *__eax - __eax;
											__eflags =  *__eax;
											L39:
											 *((intOrPtr*)(__eax + __ebp + 0x28d40040)) =  *((intOrPtr*)(__eax + __ebp + 0x28d40040)) + __ch;
											__eax = __eax + 1;
											 *__eax =  *__eax + __bl;
											 *__eax =  *__eax - __eax;
											_push(ss);
											__ebp = __ebp + 1;
											__ebx = __ebx + 1;
											__eflags = __ebx;
											asm("outsd");
											asm("insd");
											if(__eflags < 0) {
												L62:
												 *__eax =  *__eax + __al;
												__eflags =  *__eax;
												goto L63;
											} else {
												L40:
												if(__eflags >= 0) {
													L63:
													 *__eax =  *__eax + __al;
													__eflags =  *__eax;
													goto L64;
												} else {
													L41:
													__ecx = __ecx - 1;
													__eflags = __ecx;
													asm("outsb");
													if(__eflags == 0) {
														L61:
														__eflags = __cl;
														__edi = 0x8dffffae;
														L1:
														_pop( *0x40c028);
														 *0x40c020 = 0xd2;
														if( *0x40c030 == 0) {
															goto L6;
														} else {
															L3:
															_t98 =  *0x40c414 - 1;
															if(_t98 < 0) {
																L18:
																ExitProcess( *0x40c020); // executed
															} else {
																L4:
																if(_t98 == 0 || 0xd2 != 0) {
																	while(1) {
																		L6:
																		_t46 =  *0x40c024; // 0x0
																		_t47 = _t46;
																		if(_t47 == 0) {
																			break;
																		}
																		L7:
																		 *0x40c024 = 0;
																		 *_t47();
																	}
																	L8:
																	__eflags =  *0x40c028;
																	if( *0x40c028 != 0) {
																		L9:
																		_t58 =  *0x40c020; // 0x0
																		_t71 = "  at 00000000";
																		do {
																			L10:
																			_t2 = _t58 % 0xa;
																			_t58 = _t58 / 0xa;
																			 *_t71 = _t2 + 0x30;
																			_t71 = _t71 - 1;
																			__eflags = _t58;
																		} while (_t58 != 0);
																		_t72 = 0x40b030;
																		_t59 =  *0x40c028; // 0x0
																		_t60 = _t59 - 0x401178;
																		__eflags = _t60;
																		do {
																			L12:
																			 *_t72 =  *((intOrPtr*)((_t60 & 0x0000000f) + 0x403e1c));
																			_t72 = _t72 - 1;
																			_t60 = _t60 >> 4;
																			__eflags = _t60;
																		} while (_t60 != 0);
																		__eflags =  *0x40c031;
																		if( *0x40c031 != 0) {
																			E00403FE4(0x40c204, "Runtime error     at 00000000");
																			E00403F67();
																		} else {
																			MessageBoxA(0, "Runtime error     at 00000000", "Error", 0);
																		}
																	}
																	L16:
																	E00403CC8(0x40c038);
																	E00403CC8(0x40c204); // executed
																	E004019DC(); // executed
																	__eflags =  *0x40c414;
																	if( *0x40c414 == 0) {
																		L17:
																		E004030B4();
																		goto L18;
																	}
																}
															}
														}
														L19:
														E004030B4();
														 *0x40c414 = 0;
														_t54 =  *0x40c020; // 0x0
														asm("sbb eax, eax");
														_t56 =  ~_t54 + 1;
														__eflags = _t56;
														return _t56;
													} else {
														L42:
														if(__eflags < 0) {
															L64:
															 *__eax =  *__eax + __al;
															 *__eax =  *__eax + __al;
															 *__eax =  *__eax + __al;
															 *__eax =  *__eax + __al;
															 *__eax =  *__eax + __al;
															__eflags =  *__eax;
															goto L65;
														} else {
															L43:
															asm("popad");
															asm("insb");
															__ebp = __ebp + 1;
															__eflags = __ebp;
															if(__eflags < 0) {
																L65:
																 *__eax =  *__eax + __al;
																 *__eax =  *__eax + __al;
																 *__eax =  *__eax + __al;
																 *__eax =  *__eax + __al;
																 *__eax =  *__eax + __al;
																 *__eax =  *__eax + __al;
																__eflags =  *__eax;
																L66:
																_t24 = __eax + 0x78;
																 *_t24 =  *(__eax + 0x78) + __bh;
																__eflags =  *_t24;
															} else {
																L44:
																asm("outsd");
																if(__eflags < 0) {
																	continue;
																} else {
																	L45:
																	 *__eax =  *__eax + __al;
																	 *__eax =  *__eax + __al;
																	 *__eax =  *__eax + __al;
																	 *__eax =  *__eax + __al;
																	 *__eax =  *__eax + __al;
																	 *__eax =  *__eax + __al;
																	 *__eax =  *__eax + __al;
																	 *__eax =  *__eax + __al;
																	__eflags =  *__eax;
																	goto L46;
																}
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
						L88:
					}
					L48:
					if(__eflags < 0) {
						goto L61;
					} else {
						L49:
						_t16 = __eax + __eax;
						 *_t16 =  *(__eax + __eax) + __cl;
						__eflags =  *_t16;
						goto L50;
					}
					goto L88;
				}
				L21:
				_t68 = __ebx + 1;
				_t42 = WriteFile(??, ??, ??, ??, ??); // executed
				__eflags = _t42;
				if(_t42 == 0) {
					_t42 = E0040748C( *_t68);
				}
				__eflags = _t89 -  *_t94;
				if(_t89 !=  *_t94) {
					_t42 = E004073EC(_t68, 0x1d, _t86, _t89);
				}
				return _t42;
				goto L88;
			}


















                                                    0x00407749
                                                    0x00407749
                                                    0x00407749
                                                    0x00407749
                                                    0x00407749
                                                    0x0040774a
                                                    0x00000000
                                                    0x00000000
                                                    0x0040774c
                                                    0x0040774c
                                                    0x0040774e
                                                    0x00407750
                                                    0x00407752
                                                    0x00407754
                                                    0x00407756
                                                    0x00407758
                                                    0x0040775a
                                                    0x0040775c
                                                    0x0040775e
                                                    0x00407760
                                                    0x00407762
                                                    0x00407764
                                                    0x0040776a
                                                    0x0040776c
                                                    0x0040776e
                                                    0x0040776f
                                                    0x0040776f
                                                    0x00407770
                                                    0x00407770
                                                    0x00407770
                                                    0x00407772
                                                    0x00407773
                                                    0x0040777a
                                                    0x0040777b
                                                    0x0040777d
                                                    0x0040777d
                                                    0x00407780
                                                    0x00407783
                                                    0x00407784
                                                    0x00407785
                                                    0x00000000
                                                    0x00000000
                                                    0x00407787
                                                    0x00407787
                                                    0x004077fd
                                                    0x004077fd
                                                    0x004077ff
                                                    0x00407802
                                                    0x00407802
                                                    0x00000000
                                                    0x0040778a
                                                    0x0040778a
                                                    0x0040778a
                                                    0x0040778b
                                                    0x0040778c
                                                    0x004077ef
                                                    0x004077ef
                                                    0x004077f1
                                                    0x004077f3
                                                    0x004077f5
                                                    0x004077f5
                                                    0x00000000
                                                    0x0040778e
                                                    0x0040778e
                                                    0x0040778e
                                                    0x0040778e
                                                    0x0040778f
                                                    0x00407803
                                                    0x00407803
                                                    0x00407805
                                                    0x00407808
                                                    0x00407809
                                                    0x0040780c
                                                    0x0040780e
                                                    0x0040780f
                                                    0x00407811
                                                    0x00407811
                                                    0x00407814
                                                    0x00407819
                                                    0x00000000
                                                    0x0040781b
                                                    0x0040781b
                                                    0x0040781b
                                                    0x0040781b
                                                    0x0040781b
                                                    0x0040781e
                                                    0x0040781e
                                                    0x0040781f
                                                    0x0040781f
                                                    0x00407820
                                                    0x00407820
                                                    0x00407824
                                                    0x00407898
                                                    0x00407898
                                                    0x0040789a
                                                    0x0040789a
                                                    0x0040789f
                                                    0x0040789f
                                                    0x004078a1
                                                    0x004078a1
                                                    0x004078ac
                                                    0x004078ac
                                                    0x004078ac
                                                    0x004078a3
                                                    0x004078a3
                                                    0x004078a3
                                                    0x004078a3
                                                    0x004078a5
                                                    0x004078a5
                                                    0x004078a5
                                                    0x004078ae
                                                    0x004078ae
                                                    0x004078ae
                                                    0x004078af
                                                    0x00000000
                                                    0x00000000
                                                    0x004078b1
                                                    0x004078b1
                                                    0x004078b3
                                                    0x004078b4
                                                    0x004078b7
                                                    0x004078bd
                                                    0x00000000
                                                    0x00000000
                                                    0x004078bf
                                                    0x004078bf
                                                    0x004078c0
                                                    0x00407825
                                                    0x00407825
                                                    0x00407825
                                                    0x00407826
                                                    0x00407826
                                                    0x00407826
                                                    0x00407824
                                                    0x00407791
                                                    0x00407791
                                                    0x00407791
                                                    0x00407792
                                                    0x00407726
                                                    0x00407726
                                                    0x00407728
                                                    0x00407729
                                                    0x0040772a
                                                    0x0040772b
                                                    0x0040772d
                                                    0x00407730
                                                    0x00407731
                                                    0x00407734
                                                    0x00407736
                                                    0x00407737
                                                    0x00407739
                                                    0x0040773c
                                                    0x0040773d
                                                    0x0040773e
                                                    0x0040773e
                                                    0x0040773f
                                                    0x00407740
                                                    0x00407741
                                                    0x00000000
                                                    0x00407743
                                                    0x00407743
                                                    0x00407743
                                                    0x00000000
                                                    0x00407746
                                                    0x00407746
                                                    0x00407746
                                                    0x00407746
                                                    0x00407747
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00407747
                                                    0x00407743
                                                    0x00407794
                                                    0x00407794
                                                    0x00407794
                                                    0x00407796
                                                    0x00407798
                                                    0x0040779a
                                                    0x0040779c
                                                    0x0040779e
                                                    0x004077a0
                                                    0x004077a2
                                                    0x004077a4
                                                    0x004077a6
                                                    0x004077a8
                                                    0x004077aa
                                                    0x004077ac
                                                    0x004077b2
                                                    0x004077b4
                                                    0x004077b5
                                                    0x004077b5
                                                    0x004077f7
                                                    0x004077f7
                                                    0x004077f7
                                                    0x00000000
                                                    0x004077b7
                                                    0x004077b7
                                                    0x004077b7
                                                    0x004077b7
                                                    0x004077b9
                                                    0x004077b9
                                                    0x004077b9
                                                    0x004077bb
                                                    0x004077bb
                                                    0x004077c2
                                                    0x004077c3
                                                    0x004077c5
                                                    0x004077c8
                                                    0x004077c9
                                                    0x004077ca
                                                    0x004077ca
                                                    0x004077cb
                                                    0x004077cc
                                                    0x004077cd
                                                    0x00407844
                                                    0x00407844
                                                    0x00407844
                                                    0x00000000
                                                    0x004077cf
                                                    0x004077cf
                                                    0x004077cf
                                                    0x00407845
                                                    0x00407845
                                                    0x00407845
                                                    0x00000000
                                                    0x004077d2
                                                    0x004077d2
                                                    0x004077d2
                                                    0x004077d2
                                                    0x004077d3
                                                    0x004077d4
                                                    0x0040783b
                                                    0x0040783b
                                                    0x0040783d
                                                    0x00402700
                                                    0x00403e41
                                                    0x00403d04
                                                    0x00403d10
                                                    0x00000000
                                                    0x00403d12
                                                    0x00403d12
                                                    0x00403d12
                                                    0x00403d19
                                                    0x00403ddf
                                                    0x00403de5
                                                    0x00403d1f
                                                    0x00403d1f
                                                    0x00403d1f
                                                    0x00403d29
                                                    0x00403d29
                                                    0x00403d29
                                                    0x00403d2e
                                                    0x00403d30
                                                    0x00000000
                                                    0x00000000
                                                    0x00403d32
                                                    0x00403d34
                                                    0x00403d3a
                                                    0x00403d3a
                                                    0x00403d3e
                                                    0x00403d3e
                                                    0x00403d45
                                                    0x00403d47
                                                    0x00403d47
                                                    0x00403d4c
                                                    0x00403d56
                                                    0x00403d56
                                                    0x00403d58
                                                    0x00403d58
                                                    0x00403d5d
                                                    0x00403d5f
                                                    0x00403d60
                                                    0x00403d60
                                                    0x00403d64
                                                    0x00403d69
                                                    0x00403d6e
                                                    0x00403d6e
                                                    0x00403d73
                                                    0x00403d73
                                                    0x00403d7e
                                                    0x00403d80
                                                    0x00403d81
                                                    0x00403d81
                                                    0x00403d81
                                                    0x00403d86
                                                    0x00403d8d
                                                    0x00403dae
                                                    0x00403db3
                                                    0x00403d8f
                                                    0x00403d9d
                                                    0x00403d9d
                                                    0x00403d8d
                                                    0x00403db8
                                                    0x00403dbd
                                                    0x00403dc7
                                                    0x00403dcc
                                                    0x00403dd1
                                                    0x00403dd8
                                                    0x00403dda
                                                    0x00403dda
                                                    0x00000000
                                                    0x00403dda
                                                    0x00403dd8
                                                    0x00403d1f
                                                    0x00403d19
                                                    0x00403dea
                                                    0x00403dea
                                                    0x00403def
                                                    0x00403df6
                                                    0x00403dfd
                                                    0x00403dff
                                                    0x00403dff
                                                    0x00403e19
                                                    0x004077d6
                                                    0x004077d6
                                                    0x004077d6
                                                    0x00407846
                                                    0x00407846
                                                    0x00407848
                                                    0x0040784a
                                                    0x0040784c
                                                    0x0040784e
                                                    0x0040784e
                                                    0x00000000
                                                    0x004077d8
                                                    0x004077d8
                                                    0x004077d8
                                                    0x004077d9
                                                    0x004077da
                                                    0x004077da
                                                    0x004077db
                                                    0x0040784f
                                                    0x0040784f
                                                    0x00407851
                                                    0x00407853
                                                    0x00407855
                                                    0x00407857
                                                    0x00407859
                                                    0x00407859
                                                    0x0040785b
                                                    0x0040785b
                                                    0x0040785b
                                                    0x0040785b
                                                    0x004077dd
                                                    0x004077dd
                                                    0x004077dd
                                                    0x004077de
                                                    0x00000000
                                                    0x004077e0
                                                    0x004077e0
                                                    0x004077e0
                                                    0x004077e2
                                                    0x004077e4
                                                    0x004077e6
                                                    0x004077e8
                                                    0x004077ea
                                                    0x004077ec
                                                    0x004077ee
                                                    0x004077ee
                                                    0x00000000
                                                    0x004077ee
                                                    0x004077de
                                                    0x004077db
                                                    0x004077d6
                                                    0x004077d4
                                                    0x004077cf
                                                    0x004077cd
                                                    0x004077b5
                                                    0x00407792
                                                    0x0040778f
                                                    0x0040778c
                                                    0x00000000
                                                    0x00407787
                                                    0x004077f9
                                                    0x004077f9
                                                    0x00000000
                                                    0x004077fb
                                                    0x004077fb
                                                    0x004077fb
                                                    0x004077fb
                                                    0x004077fb
                                                    0x00000000
                                                    0x004077fb
                                                    0x00000000
                                                    0x004077f9
                                                    0x004076dc
                                                    0x004076dc
                                                    0x004076df
                                                    0x004076e4
                                                    0x004076e6
                                                    0x004076ea
                                                    0x004076ea
                                                    0x004076ef
                                                    0x004076f2
                                                    0x004076fb
                                                    0x004076fb
                                                    0x00407704
                                                    0x00000000

                                                    APIs
                                                    • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 004076DF
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.283407680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.283396024.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283452234.000000000040B000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283480984.0000000000411000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: FileWrite
                                                    • String ID:
                                                    • API String ID: 3934441357-0
                                                    • Opcode ID: 43d3196ec1ce5242573e8f450cfa6a0a1bc6604aabb0088ea34051851cbbaa4a
                                                    • Instruction ID: 20d0a63744b7af467993d3e8aec565234b7be2d060ba20bf9fd199bb98bd5a4e
                                                    • Opcode Fuzzy Hash: 43d3196ec1ce5242573e8f450cfa6a0a1bc6604aabb0088ea34051851cbbaa4a
                                                    • Instruction Fuzzy Hash: 8251D12294D2910FC7126B7849685A53FE0FE5331132E92FBC5C1AB1A3D27CA847D35B
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00408FBC, Relevance: 3.0, APIs: 2, Instructions: 42fileCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    C-Code - Quality: 60%
                                                    			E00408FBC(void* __eax, void* __edx, void* __eflags) {
				int _v8;
				char _v16;
				long _v20;
				int _t13;
				intOrPtr _t27;
				void* _t32;
				void* _t34;
				intOrPtr _t35;

				_t32 = _t34;
				_t35 = _t34 + 0xfffffff0;
				if(E00408F70(__eax,  &_v16) != 0) {
					_push(_t32);
					_push(0x409019);
					_push( *[fs:eax]);
					 *[fs:eax] = _t35;
					_t13 = DeleteFileA(E00403414(__edx)); // executed
					_v8 = _t13;
					_v20 = GetLastError();
					_pop(_t27);
					 *[fs:eax] = _t27;
					_push(E00409020);
					return E00408FAC( &_v16);
				} else {
					_v8 = 0;
					return _v8;
				}
			}











                                                    0x00408fbd
                                                    0x00408fbf
                                                    0x00408fd4
                                                    0x00408fdf
                                                    0x00408fe0
                                                    0x00408fe5
                                                    0x00408fe8
                                                    0x00408ff3
                                                    0x00408ff8
                                                    0x00409000
                                                    0x00409005
                                                    0x00409008
                                                    0x0040900b
                                                    0x00409018
                                                    0x00408fd6
                                                    0x00408fd8
                                                    0x00409031
                                                    0x00409031

                                                    APIs
                                                    • DeleteFileA.KERNEL32(00000000,00000000,00409019,?,0000000D,00000000), ref: 00408FF3
                                                    • GetLastError.KERNEL32(00000000,00000000,00409019,?,0000000D,00000000), ref: 00408FFB
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.283407680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.283396024.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283452234.000000000040B000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283480984.0000000000411000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: DeleteErrorFileLast
                                                    • String ID:
                                                    • API String ID: 2018770650-0
                                                    • Opcode ID: 51b14d3c2f7fde5c1a6bb776c84878c326085b2b0be15ffc15f9635c9f9f5f18
                                                    • Instruction ID: 1f0403e6899a51d1d5356f81b6020870d4ad1054c4e625117792cee712869c3b
                                                    • Opcode Fuzzy Hash: 51b14d3c2f7fde5c1a6bb776c84878c326085b2b0be15ffc15f9635c9f9f5f18
                                                    • Instruction Fuzzy Hash: 16F0C871A04704ABCB01DF759D4159DB3E8DB8831475045BBF814F3682EA385E108599
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0040AC4F, Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E0040AC4F(void* __ebx, void* __edx, void* __edi, void* __esi) {
				intOrPtr _t1;
				int _t2;
				intOrPtr _t3;
				intOrPtr _t5;
				struct HWND__* _t8;
				intOrPtr _t9;
				void* _t12;
				intOrPtr _t13;
				intOrPtr _t17;
				void* _t18;
				void* _t19;

				_t19 = __esi;
				_t18 = __edi;
				_t12 = __ebx;
				_t1 =  *0x40ce2c; // 0x0
				_t2 = E00402924(_t1);
				if( *0x40ce40 != 0) {
					_t17 =  *0x40ce40; // 0x21e0494
					_t2 = E004094D8(0, _t17, 0xfa, 0x32); // executed
				}
				if( *0x40ce38 != 0) {
					_t9 =  *0x40ce38; // 0x21e0418
					_t2 = RemoveDirectoryA(E00403414(_t9)); // executed
				}
				if( *0x40b248 != 0) {
					_t8 =  *0x40b248; // 0x110082
					_t2 = DestroyWindow(_t8); // executed
				}
				if( *0x40ce1c != 0) {
					_t3 =  *0x40ce1c; // 0x0
					_t13 =  *0x40ce20; // 0x1
					E0040357C(_t3, _t12, _t13, E00408C10, _t18, _t19);
					_t5 =  *0x40ce1c; // 0x0
					E004025AC(_t5);
					 *0x40ce1c = 0;
					return 0;
				}
				return _t2;
			}














                                                    0x0040ac4f
                                                    0x0040ac4f
                                                    0x0040ac4f
                                                    0x0040abc1
                                                    0x0040abc6
                                                    0x0040abd2
                                                    0x0040abe0
                                                    0x0040abe8
                                                    0x0040abe8
                                                    0x0040abf4
                                                    0x0040abf6
                                                    0x0040ac01
                                                    0x0040ac01
                                                    0x0040ac0d
                                                    0x0040ac0f
                                                    0x0040ac15
                                                    0x0040ac15
                                                    0x0040ac21
                                                    0x0040ac23
                                                    0x0040ac28
                                                    0x0040ac33
                                                    0x0040ac38
                                                    0x0040ac3d
                                                    0x0040ac44
                                                    0x00000000
                                                    0x0040ac44
                                                    0x0040ac49

                                                    APIs
                                                    • RemoveDirectoryA.KERNEL32(00000000,0040AC54,00409960,00000000,STATIC,InnoSetupLdrWindow,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 0040AC01
                                                    • DestroyWindow.USER32(00110082,0040AC54,00409960,00000000,STATIC,InnoSetupLdrWindow,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 0040AC15
                                                      • Part of subcall function 004094D8: Sleep.KERNEL32(?,?,?,?,0000000D,?,0040ABED,000000FA,00000032,0040AC54,00409960,00000000,STATIC,InnoSetupLdrWindow,00000000,00000000), ref: 004094F7
                                                      • Part of subcall function 004094D8: GetLastError.KERNEL32(?,?,?,0000000D,?,0040ABED,000000FA,00000032,0040AC54,00409960,00000000,STATIC,InnoSetupLdrWindow,00000000,00000000,00000000), ref: 0040951A
                                                      • Part of subcall function 004094D8: GetLastError.KERNEL32(?,?,?,0000000D,?,0040ABED,000000FA,00000032,0040AC54,00409960,00000000,STATIC,InnoSetupLdrWindow,00000000,00000000,00000000), ref: 00409524
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.283407680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.283396024.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283452234.000000000040B000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283480984.0000000000411000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: ErrorLast$DestroyDirectoryRemoveSleepWindow
                                                    • String ID:
                                                    • API String ID: 2192421792-0
                                                    • Opcode ID: 2c973cdf999bbb1192929a8364406a109d64bb88cfdea17aa602a860d5632052
                                                    • Instruction ID: be585450a05658aa0cbbe96fcd01bcdb7ec8c3c433658d061b63fb0e61c88a9e
                                                    • Opcode Fuzzy Hash: 2c973cdf999bbb1192929a8364406a109d64bb88cfdea17aa602a860d5632052
                                                    • Instruction Fuzzy Hash: 24F03170244200DBD724EB69EEC9B1632A5A784305F10423BF500B72F1C7FC98A1CB9D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00406FA0, Relevance: 3.0, APIs: 2, Instructions: 33libraryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 37%
                                                    			E00406FA0(void* __eax, void* __ebx, int __edx) {
				struct HINSTANCE__* _v12;
				int _v16;
				int _t4;
				struct HINSTANCE__* _t9;
				void* _t12;
				intOrPtr _t16;
				void* _t18;
				void* _t19;
				intOrPtr _t20;

				_t18 = _t19;
				_t20 = _t19 + 0xfffffff4;
				_t12 = __eax;
				_t4 = SetErrorMode(__edx); // executed
				_v16 = _t4;
				_push(_t18);
				_push(0x407012);
				_push( *[fs:eax]);
				 *[fs:eax] = _t20;
				asm("fnstcw word [ebp-0x2]");
				_push(_t18);
				_push(0x406ff4);
				_push( *[fs:eax]);
				 *[fs:eax] = _t20;
				_t9 = LoadLibraryA(E00403414(_t12)); // executed
				_v12 = _t9;
				_pop(_t16);
				 *[fs:eax] = _t16;
				_push(E00406FFB);
				asm("fclex");
				asm("fldcw word [ebp-0x2]");
				return 0;
			}












                                                    0x00406fa1
                                                    0x00406fa3
                                                    0x00406fa7
                                                    0x00406faa
                                                    0x00406faf
                                                    0x00406fb4
                                                    0x00406fb5
                                                    0x00406fba
                                                    0x00406fbd
                                                    0x00406fc0
                                                    0x00406fc5
                                                    0x00406fc6
                                                    0x00406fcb
                                                    0x00406fce
                                                    0x00406fd9
                                                    0x00406fde
                                                    0x00406fe3
                                                    0x00406fe6
                                                    0x00406fe9
                                                    0x00406fee
                                                    0x00406ff0
                                                    0x00406ff3

                                                    APIs
                                                    • SetErrorMode.KERNEL32(00008000), ref: 00406FAA
                                                    • LoadLibraryA.KERNEL32(00000000,00000000,00406FF4,?,00000000,00407012,?,00008000), ref: 00406FD9
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.283407680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.283396024.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283452234.000000000040B000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283480984.0000000000411000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: ErrorLibraryLoadMode
                                                    • String ID:
                                                    • API String ID: 2987862817-0
                                                    • Opcode ID: 9b48b29771c4fc6652b627c4d055133170331230f079557c80f3f4e2880abe46
                                                    • Instruction ID: 292e1fc4e19851716b0ab93d2d43454b233f1d25ff8a05a0d03104374ea2dcbc
                                                    • Opcode Fuzzy Hash: 9b48b29771c4fc6652b627c4d055133170331230f079557c80f3f4e2880abe46
                                                    • Instruction Fuzzy Hash: D6F08270A14704BEDB129FB68C5282ABBECEB4DB0475349BAF914A26D2E53C5C209568
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0040766C, Relevance: 3.0, APIs: 2, Instructions: 30COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 75%
                                                    			E0040766C(intOrPtr* __eax, void* __edx) {
				long _v16;
				long _v20;
				long _t8;
				long _t9;
				intOrPtr* _t11;

				asm("movsd");
				asm("movsd");
				_t11 = __eax;
				_t8 = SetFilePointer( *(__eax + 4), _v20,  &_v16, 0); // executed
				_t9 = _t8 + 1;
				if(_t9 == 0) {
					_t9 = GetLastError();
					if(_t9 != 0) {
						_t9 = E0040748C( *_t11);
					}
				}
				return _t9;
			}








                                                    0x00407677
                                                    0x00407678
                                                    0x00407679
                                                    0x0040768b
                                                    0x00407690
                                                    0x00407691
                                                    0x00407693
                                                    0x0040769a
                                                    0x0040769e
                                                    0x0040769e
                                                    0x0040769a
                                                    0x004076a8

                                                    APIs
                                                    • SetFilePointer.KERNEL32(?,?,?,00000000), ref: 0040768B
                                                    • GetLastError.KERNEL32(?,?,?,00000000), ref: 00407693
                                                      • Part of subcall function 0040748C: GetLastError.KERNEL32(0040738C,0040752A,?,?,021E03CC,?,0040A69B,00000001,00000000,00000002,00000000,0040AC92,?,00000000,0040ACC9), ref: 0040748F
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.283407680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.283396024.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283452234.000000000040B000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283480984.0000000000411000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: ErrorLast$FilePointer
                                                    • String ID:
                                                    • API String ID: 1156039329-0
                                                    • Opcode ID: cf8b3d77442686d6cce32677ffa2556d95a4d660bd32a6059a32509021572d83
                                                    • Instruction ID: 64daf3b7b2b4cd691f255a674f922558070816022eb0a012369b73df1192a31e
                                                    • Opcode Fuzzy Hash: cf8b3d77442686d6cce32677ffa2556d95a4d660bd32a6059a32509021572d83
                                                    • Instruction Fuzzy Hash: B2E092766081016FD600D55EC881B9B37DCDFC5364F104536B654EB2D1D679EC108776
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0040762C, Relevance: 3.0, APIs: 2, Instructions: 30fileCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 79%
                                                    			E0040762C(intOrPtr* __eax, long __ecx, void* __edx) {
				long _v16;
				int _t7;
				intOrPtr* _t12;

				_push(__ecx);
				_t12 = __eax;
				_t7 = ReadFile( *(__eax + 4), __edx, __ecx,  &_v16, 0); // executed
				if(_t7 == 0 && ( *((char*)(_t12 + 8)) != 0 || GetLastError() != 0x6d)) {
					E0040748C( *_t12);
				}
				return _v16;
			}






                                                    0x0040762f
                                                    0x00407634
                                                    0x00407643
                                                    0x0040764a
                                                    0x0040765e
                                                    0x0040765e
                                                    0x0040766a

                                                    APIs
                                                    • ReadFile.KERNEL32(?,?,?,?,00000000), ref: 00407643
                                                    • GetLastError.KERNEL32(?,?,?,?,00000000), ref: 00407652
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.283407680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.283396024.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283452234.000000000040B000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283480984.0000000000411000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: ErrorFileLastRead
                                                    • String ID:
                                                    • API String ID: 1948546556-0
                                                    • Opcode ID: 1b4aea639ae4b78e93b9ef79541d7064bf1f98a27d237b51b731e51654b8bdcb
                                                    • Instruction ID: e2f452503b48da12a69c10a9d1416f2aa512a4714c212e67fea7d8588799396e
                                                    • Opcode Fuzzy Hash: 1b4aea639ae4b78e93b9ef79541d7064bf1f98a27d237b51b731e51654b8bdcb
                                                    • Instruction Fuzzy Hash: 69E012A1A081106ADB24A66E9CC5F6B6BDCCBC5724F14457BF504DB382D678DC0487BB
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004075C4, Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E004075C4(intOrPtr* __eax, long* __edx) {
				long _t8;
				long* _t11;
				intOrPtr* _t13;

				_t11 = __edx;
				_t13 = __eax;
				 *(__edx + 4) = 0;
				_t8 = SetFilePointer( *(__eax + 4), 0, __edx + 4, 1); // executed
				 *_t11 = _t8;
				if( *_t11 == 0xffffffff) {
					_t8 = GetLastError();
					if(_t8 != 0) {
						return E0040748C( *_t13);
					}
				}
				return _t8;
			}






                                                    0x004075c6
                                                    0x004075c8
                                                    0x004075cc
                                                    0x004075db
                                                    0x004075e0
                                                    0x004075e5
                                                    0x004075e7
                                                    0x004075ee
                                                    0x00000000
                                                    0x004075f2
                                                    0x004075ee
                                                    0x004075f9

                                                    APIs
                                                    • SetFilePointer.KERNEL32(?,00000000,?,00000001), ref: 004075DB
                                                    • GetLastError.KERNEL32(?,00000000,?,00000001), ref: 004075E7
                                                      • Part of subcall function 0040748C: GetLastError.KERNEL32(0040738C,0040752A,?,?,021E03CC,?,0040A69B,00000001,00000000,00000002,00000000,0040AC92,?,00000000,0040ACC9), ref: 0040748F
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.283407680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.283396024.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283452234.000000000040B000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283480984.0000000000411000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: ErrorLast$FilePointer
                                                    • String ID:
                                                    • API String ID: 1156039329-0
                                                    • Opcode ID: 7730a1f6a5d1c383143cef2e1ec1cb69b5af0836910a757b2920ce96cbe13b7f
                                                    • Instruction ID: 74cf86129294d2faf5969c20f66175129728110ffa3c668ef2bae8a95e28f18b
                                                    • Opcode Fuzzy Hash: 7730a1f6a5d1c383143cef2e1ec1cb69b5af0836910a757b2920ce96cbe13b7f
                                                    • Instruction Fuzzy Hash: C4E04FB1600210AFDB10EEB98D81B9676D89F48364F0485B6EA14DF2C6D274DC00C766
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00401430, Relevance: 2.5, APIs: 2, Instructions: 37memoryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00401430(void* __eax, void** __edx) {
				void* _t3;
				void** _t8;
				void* _t11;
				long _t14;

				_t8 = __edx;
				if(__eax >= 0x100000) {
					_t14 = __eax + 0x0000ffff & 0xffff0000;
				} else {
					_t14 = 0x100000;
				}
				_t8[1] = _t14;
				_t3 = VirtualAlloc(0, _t14, 0x2000, 1); // executed
				_t11 = _t3;
				 *_t8 = _t11;
				if(_t11 != 0) {
					_t3 = E004012E4(0x40c43c, _t8);
					if(_t3 == 0) {
						VirtualFree( *_t8, 0, 0x8000);
						 *_t8 = 0;
						return 0;
					}
				}
				return _t3;
			}







                                                    0x00401433
                                                    0x0040143d
                                                    0x0040144c
                                                    0x0040143f
                                                    0x0040143f
                                                    0x0040143f
                                                    0x00401452
                                                    0x0040145f
                                                    0x00401464
                                                    0x00401466
                                                    0x0040146a
                                                    0x00401473
                                                    0x0040147a
                                                    0x00401486
                                                    0x0040148d
                                                    0x00000000
                                                    0x0040148d
                                                    0x0040147a
                                                    0x00401492

                                                    APIs
                                                    • VirtualAlloc.KERNEL32(00000000,?,00002000,00000001,?,?,?,00401739), ref: 0040145F
                                                    • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,?,00002000,00000001,?,?,?,00401739), ref: 00401486
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.283407680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.283396024.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283452234.000000000040B000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283480984.0000000000411000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Virtual$AllocFree
                                                    • String ID:
                                                    • API String ID: 2087232378-0
                                                    • Opcode ID: efc6f27fa4c1f0416fcf42a0cb9c981ca4ea103f0f96f52908972bf4ed8d2b74
                                                    • Instruction ID: 29306f1da17679ce7d7d3cecb65679b0075e6f6f2ddca0a826851c871ac90975
                                                    • Opcode Fuzzy Hash: efc6f27fa4c1f0416fcf42a0cb9c981ca4ea103f0f96f52908972bf4ed8d2b74
                                                    • Instruction Fuzzy Hash: 57F02772B0032057DB206A6A0CC1B636AC59F85B90F1541BBFA4CFF3F9D2B98C0042A9
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00405280, Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 83%
                                                    			E00405280(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				signed int _v8;
				int _v12;
				char _v16;
				char _v20;
				void* _t76;
				void* _t77;
				intOrPtr _t103;
				void* _t106;
				void* _t107;
				void* _t109;
				void* _t110;
				void* _t113;

				_v16 = 0;
				_v20 = 0;
				_push(_t113);
				_push(0x4053b6);
				_push( *[fs:eax]);
				 *[fs:eax] = _t113 + 0xfffffff0;
				_v12 = GetSystemDefaultLCID();
				_t76 = 1;
				_t109 = 0x40c4bc;
				_t106 = 0x40c4ec;
				do {
					_t6 = _t76 + 0xffbf; // 0xffc0
					E00404CDC(_t6,  &_v20);
					_t8 = _t76 + 0x44; // 0x45
					E0040520C(_v12, _v20, _t8 - 1,  &_v16); // executed
					E004031E8(_t109, _t76, _v16, _t106, _t109);
					_t13 = _t76 + 0xffcf; // 0xffd0
					E00404CDC(_t13,  &_v20);
					_t15 = _t76 + 0x38; // 0x39
					E0040520C(_v12, _v20, _t15 - 1,  &_v16);
					E004031E8(_t106, _t76, _v16, _t106, _t109);
					_t76 = _t76 + 1;
					_t106 = _t106 + 4;
					_t109 = _t109 + 4;
				} while (_t76 != 0xd);
				_t77 = 1;
				_t110 = 0x40c51c;
				_t107 = 0x40c538;
				do {
					_t18 = _t77 + 5; // 0x6
					asm("cdq");
					_v8 = _t18 % 7;
					_t26 = _t77 + 0xffdf; // 0xffe0
					E00404CDC(_t26,  &_v20);
					E0040520C(_v12, _v20, _v8 + 0x31,  &_v16);
					E004031E8(_t110, _t77, _v16, _t107, _t110);
					_t33 = _t77 + 0xffe6; // 0xffe7
					E00404CDC(_t33,  &_v20);
					E0040520C(_v12, _v20, _v8 + 0x2a,  &_v16);
					E004031E8(_t107, _t77, _v16, _t107, _t110);
					_t77 = _t77 + 1;
					_t107 = _t107 + 4;
					_t110 = _t110 + 4;
				} while (_t77 != 8);
				_pop(_t103);
				 *[fs:eax] = _t103;
				_push(E004053BD);
				return E004031B8( &_v20, 2);
			}















                                                    0x0040528b
                                                    0x0040528e
                                                    0x00405293
                                                    0x00405294
                                                    0x00405299
                                                    0x0040529c
                                                    0x004052a4
                                                    0x004052a7
                                                    0x004052ac
                                                    0x004052b1
                                                    0x004052b6
                                                    0x004052bd
                                                    0x004052c3
                                                    0x004052cb
                                                    0x004052d2
                                                    0x004052dc
                                                    0x004052e8
                                                    0x004052ee
                                                    0x004052f6
                                                    0x004052fd
                                                    0x00405307
                                                    0x0040530c
                                                    0x0040530d
                                                    0x00405310
                                                    0x00405313
                                                    0x00405318
                                                    0x0040531d
                                                    0x00405322
                                                    0x00405327
                                                    0x00405327
                                                    0x0040532f
                                                    0x00405332
                                                    0x0040533c
                                                    0x00405342
                                                    0x00405353
                                                    0x0040535d
                                                    0x00405369
                                                    0x0040536f
                                                    0x00405380
                                                    0x0040538a
                                                    0x0040538f
                                                    0x00405390
                                                    0x00405393
                                                    0x00405396
                                                    0x0040539d
                                                    0x004053a0
                                                    0x004053a3
                                                    0x004053b5

                                                    APIs
                                                    • GetSystemDefaultLCID.KERNEL32(00000000,004053B6), ref: 0040529F
                                                      • Part of subcall function 00404CDC: LoadStringA.USER32 ref: 00404CF9
                                                      • Part of subcall function 0040520C: GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0040C4BC,00000001,?,004052D7,?,00000000,004053B6), ref: 0040522A
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.283407680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.283396024.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283452234.000000000040B000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283480984.0000000000411000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: DefaultInfoLoadLocaleStringSystem
                                                    • String ID:
                                                    • API String ID: 1658689577-0
                                                    • Opcode ID: ef449c44a2a61a26d18614e24c7ade2666283ce56a0d8fcdc2eeed56ad2c4646
                                                    • Instruction ID: b95c725f163960c8622ba1b0af82130980b93a97e76f79286a035b518bc8de08
                                                    • Opcode Fuzzy Hash: ef449c44a2a61a26d18614e24c7ade2666283ce56a0d8fcdc2eeed56ad2c4646
                                                    • Instruction Fuzzy Hash: 90314F75E01509ABCB00DF95C8C19EEB379FF84304F158577E815BB286E739AE068B98
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00407576, Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00407576(void* __ecx, void* __edx, void* _a4, void* _a8) {
				void* _t20;

				_t20 = CreateFileA(E00403414(__edx),  *0x0040B158,  *0x0040B164, 0,  *0x0040B174, 0x80, 0); // executed
				return _t20;
			}




                                                    0x004075b8
                                                    0x004075c0

                                                    APIs
                                                    • CreateFileA.KERNEL32(00000000,?,?,00000000,?,00000080,00000000), ref: 004075B8
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.283407680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.283396024.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283452234.000000000040B000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283480984.0000000000411000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: c8aa5b1e1f382d9b7ab40d46c96f796d669d4b8c7333918930cf1677525ebce7
                                                    • Instruction ID: d860c9bcffbd3325f9178b4d72e9b59b5a3ff3896166b15a891a1a6cde46a7a7
                                                    • Opcode Fuzzy Hash: c8aa5b1e1f382d9b7ab40d46c96f796d669d4b8c7333918930cf1677525ebce7
                                                    • Instruction Fuzzy Hash: 6EE06D713442082EE3409AEC6C51FA277DCD309354F008032B988DB342D5719D108BE8
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00407578, Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00407578(void* __ecx, void* __edx, void* _a4, void* _a8) {
				void* _t20;

				_t20 = CreateFileA(E00403414(__edx),  *0x0040B158,  *0x0040B164, 0,  *0x0040B174, 0x80, 0); // executed
				return _t20;
			}




                                                    0x004075b8
                                                    0x004075c0

                                                    APIs
                                                    • CreateFileA.KERNEL32(00000000,?,?,00000000,?,00000080,00000000), ref: 004075B8
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.283407680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.283396024.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283452234.000000000040B000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283480984.0000000000411000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: 3bd7282c13d8f152a8301508d2aa72b6e2817799d08f3caede8a9fdcd0036c45
                                                    • Instruction ID: d44512077142226ebef1615cfdb59f208ea4aebd3ed4d24446e2b73eb7949d4a
                                                    • Opcode Fuzzy Hash: 3bd7282c13d8f152a8301508d2aa72b6e2817799d08f3caede8a9fdcd0036c45
                                                    • Instruction Fuzzy Hash: A7E06D713442082ED2409AEC6C51F92779C9309354F008022B988DB342D5719D108BE8
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004069DC, Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 31%
                                                    			E004069DC(void* __eax, void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				char _v8;
				intOrPtr _t21;
				intOrPtr _t26;

				_push(0);
				_push(_t26);
				_push(0x406a24);
				_push( *[fs:eax]);
				 *[fs:eax] = _t26;
				E00406978(__eax, __ecx,  &_v8, __eflags);
				GetFileAttributesA(E00403414(_v8)); // executed
				_pop(_t21);
				 *[fs:eax] = _t21;
				_push(E00406A2B);
				return E00403198( &_v8);
			}






                                                    0x004069df
                                                    0x004069e8
                                                    0x004069e9
                                                    0x004069ee
                                                    0x004069f1
                                                    0x004069f9
                                                    0x00406a07
                                                    0x00406a10
                                                    0x00406a13
                                                    0x00406a16
                                                    0x00406a23

                                                    APIs
                                                    • GetFileAttributesA.KERNEL32(00000000,00000000,00406A24,?,?,?,?,00000000,?,00406A39,00406D67,00000000,00406DAC,?,?,?), ref: 00406A07
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.283407680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.283396024.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283452234.000000000040B000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283480984.0000000000411000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: AttributesFile
                                                    • String ID:
                                                    • API String ID: 3188754299-0
                                                    • Opcode ID: 2f6b808c0a98facf9b4219f47e50352985dbcf5de86cc118cb6830f30f21a29b
                                                    • Instruction ID: ccd219c895c276d3a4f2ed408fb3af00451e62210c6f1137e8185e88dac79a2a
                                                    • Opcode Fuzzy Hash: 2f6b808c0a98facf9b4219f47e50352985dbcf5de86cc118cb6830f30f21a29b
                                                    • Instruction Fuzzy Hash: A0E0ED30300304BBD301FBA6CC42E4ABBECDB8A708BA28476B400B2682D6786E108428
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004076C8, Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 004076DF
                                                      • Part of subcall function 0040748C: GetLastError.KERNEL32(0040738C,0040752A,?,?,021E03CC,?,0040A69B,00000001,00000000,00000002,00000000,0040AC92,?,00000000,0040ACC9), ref: 0040748F
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.283407680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.283396024.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283452234.000000000040B000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283480984.0000000000411000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: ErrorFileLastWrite
                                                    • String ID:
                                                    • API String ID: 442123175-0
                                                    • Opcode ID: 8d2af3ab7a63a8387ab01b8eb17bee2761ee08039256abb6018552f25082062b
                                                    • Instruction ID: d11fc940c1eb4d9ab9bd5ee1403c634941755763b259216c6d34bff68e3e8731
                                                    • Opcode Fuzzy Hash: 8d2af3ab7a63a8387ab01b8eb17bee2761ee08039256abb6018552f25082062b
                                                    • Instruction Fuzzy Hash: 6DE0ED766081106BD710A65AD880EAB67DCDFC5764F00407BF904DB291D574AC049676
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00407284, Relevance: 1.5, APIs: 1, Instructions: 28windowCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00407284(long __eax, void* __edx) {
				char _v1028;
				long _t6;
				void* _t9;
				intOrPtr _t15;
				void* _t16;

				_t9 = __edx;
				_t6 = FormatMessageA(0x3200, 0, __eax, 0,  &_v1028, 0x400, 0); // executed
				while(_t6 > 0) {
					_t15 =  *((intOrPtr*)(_t16 + _t6 - 1));
					if(_t15 <= 0x20) {
						L1:
						_t6 = _t6 - 1;
						__eflags = _t6;
						continue;
					} else {
						_t19 = _t15 - 0x2e;
						if(_t15 == 0x2e) {
							goto L1;
						}
					}
					break;
				}
				return E00403278(_t9, _t6, _t16, _t19);
			}








                                                    0x0040728b
                                                    0x004072a3
                                                    0x004072ab
                                                    0x004072af
                                                    0x004072b6
                                                    0x004072aa
                                                    0x004072aa
                                                    0x004072aa
                                                    0x00000000
                                                    0x004072b8
                                                    0x004072b8
                                                    0x004072bb
                                                    0x00000000
                                                    0x00000000
                                                    0x004072bb
                                                    0x00000000
                                                    0x004072b6
                                                    0x004072ce

                                                    APIs
                                                    • FormatMessageA.KERNEL32(00003200,00000000,4C783AFB,00000000,?,00000400,00000000,?,00409127,00000000,kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000), ref: 004072A3
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.283407680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.283396024.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283452234.000000000040B000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283480984.0000000000411000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: FormatMessage
                                                    • String ID:
                                                    • API String ID: 1306739567-0
                                                    • Opcode ID: 7ef42d69529baecca532a801bf1eab389dc79dba057db81877db687b261eaad4
                                                    • Instruction ID: 7b38442d06f496379890204edef453c821f476d6c52b93f329ea0e63e965d40b
                                                    • Opcode Fuzzy Hash: 7ef42d69529baecca532a801bf1eab389dc79dba057db81877db687b261eaad4
                                                    • Instruction Fuzzy Hash: 17E0D8A0B8830136F22414544C87B77220E47C0700F10807E7700ED3C6D6BEA906815F
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004076AC, Relevance: 1.5, APIs: 1, Instructions: 11fileCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E004076AC(intOrPtr* __eax) {
				int _t4;
				intOrPtr* _t7;

				_t7 = __eax;
				_t4 = SetEndOfFile( *(__eax + 4)); // executed
				if(_t4 == 0) {
					return E0040748C( *_t7);
				}
				return _t4;
			}





                                                    0x004076ad
                                                    0x004076b3
                                                    0x004076ba
                                                    0x00000000
                                                    0x004076be
                                                    0x004076c4

                                                    APIs
                                                    • SetEndOfFile.KERNEL32(?,021F8000,0040AA59,00000000), ref: 004076B3
                                                      • Part of subcall function 0040748C: GetLastError.KERNEL32(0040738C,0040752A,?,?,021E03CC,?,0040A69B,00000001,00000000,00000002,00000000,0040AC92,?,00000000,0040ACC9), ref: 0040748F
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.283407680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.283396024.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283452234.000000000040B000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283480984.0000000000411000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: ErrorFileLast
                                                    • String ID:
                                                    • API String ID: 734332943-0
                                                    • Opcode ID: 3c9e02bda174eefd6a6752df40b73b0cbe28e66d981a9881f8e50d89b6fd2d40
                                                    • Instruction ID: f788b2e916ece263959a2b362e6cc5638f15ca068e5e6b6e193a7bb405067b9b
                                                    • Opcode Fuzzy Hash: 3c9e02bda174eefd6a6752df40b73b0cbe28e66d981a9881f8e50d89b6fd2d40
                                                    • Instruction Fuzzy Hash: BEC04CA1A1410047CB40A6BE89C1A1666D85A4821530485B6B908DB297D679E8004666
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00406FFB, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 50%
                                                    			E00406FFB() {
				int _t4;
				intOrPtr _t7;
				void* _t8;

				_pop(_t7);
				 *[fs:eax] = _t7;
				_push(E00407019);
				_t4 = SetErrorMode( *(_t8 - 0xc)); // executed
				return _t4;
			}






                                                    0x00406ffd
                                                    0x00407000
                                                    0x00407003
                                                    0x0040700c
                                                    0x00407011

                                                    APIs
                                                    • SetErrorMode.KERNEL32(?,00407019), ref: 0040700C
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.283407680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.283396024.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283452234.000000000040B000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283480984.0000000000411000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: ErrorMode
                                                    • String ID:
                                                    • API String ID: 2340568224-0
                                                    • Opcode ID: 070e151ae7371931e812c23e1680e2574253ea8634671ff6451d3f815f7c1847
                                                    • Instruction ID: c47f2f618e2971e07f5b1abb1c43dc6c143ad8b034d1ddbdae76011a93498253
                                                    • Opcode Fuzzy Hash: 070e151ae7371931e812c23e1680e2574253ea8634671ff6451d3f815f7c1847
                                                    • Instruction Fuzzy Hash: 54B09B76A1C2415DE705DAD5745153863D4D7C47143A14977F104D35C0D53DA4144519
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00407017, Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00407017() {
				int _t3;
				void* _t4;

				_t3 = SetErrorMode( *(_t4 - 0xc)); // executed
				return _t3;
			}





                                                    0x0040700c
                                                    0x00407011

                                                    APIs
                                                    • SetErrorMode.KERNEL32(?,00407019), ref: 0040700C
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.283407680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.283396024.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283452234.000000000040B000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283480984.0000000000411000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: ErrorMode
                                                    • String ID:
                                                    • API String ID: 2340568224-0
                                                    • Opcode ID: 258b7047379ce46b8540a294da6ad57472ce1849ceeb23a1b4b516eeda09cad2
                                                    • Instruction ID: a55afa0689d716a84ca499c05243e055e04a08b2ab071a0afeb25d409e08decd
                                                    • Opcode Fuzzy Hash: 258b7047379ce46b8540a294da6ad57472ce1849ceeb23a1b4b516eeda09cad2
                                                    • Instruction Fuzzy Hash: FFA022A8C08000B2CE00E2E08080A3C23283A88308BC08BA2320CB20C0C03CE008020B
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00406970, Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00406970(char* __eax, char* __edx) {
				char* _t2;

				_t2 = CharPrevA(__eax, __edx); // executed
				return _t2;
			}




                                                    0x00406972
                                                    0x00406977

                                                    APIs
                                                    • CharPrevA.USER32(?,?,0040696C,?,00406649,?,?,00406D87,00000000,00406DAC,?,?,?,?,00000000,00000000), ref: 00406972
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.283407680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.283396024.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283452234.000000000040B000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283480984.0000000000411000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CharPrev
                                                    • String ID:
                                                    • API String ID: 122130370-0
                                                    • Opcode ID: 4f55c7aa95ee0cc6def6f8b84b07f7a00b4eea213dcaa2411b48aa5a82a0c27b
                                                    • Instruction ID: 57bb655d476c0b104ac503b4dc16dcc9cc7d9309af7e6782790f501f1b0aeff9
                                                    • Opcode Fuzzy Hash: 4f55c7aa95ee0cc6def6f8b84b07f7a00b4eea213dcaa2411b48aa5a82a0c27b
                                                    • Instruction Fuzzy Hash:
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00407F10, Relevance: 1.3, APIs: 1, Instructions: 62memoryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00407F10(void* __eax) {
				char _v16;
				char _v20;
				void* _v28;
				void* _t29;
				void* _t32;
				void* _t40;
				void* _t50;
				long _t52;

				_t40 = __eax;
				if( *((intOrPtr*)(__eax + 4))() != 5) {
					E00407D7C(1);
				}
				E0040277C(_t40 + 0x10, 0x50);
				if(E00408AA8(_t40 + 0x10, 0x50,  &_v16,  &_v20, 5) != 0) {
					E00407D7C(3);
				}
				if(_v16 > 0x4000000) {
					E00407D7C(7);
				}
				_t52 = _v20 + _v16;
				if(_t52 !=  *(_t40 + 0x64)) {
					E00407EB8(_t40);
					_t32 = VirtualAlloc(0, _t52, 0x1000, 4); // executed
					_t50 = _t32;
					 *(_t40 + 0x60) = _t50;
					if(_t50 == 0) {
						E00405884();
					}
					 *(_t40 + 0x64) = _t52;
				}
				_t29 = E00408AF8(_t40 + 0x10,  *(_t40 + 0x60) + _v20,  *(_t40 + 0x60));
				 *((char*)(_t40 + 0xd)) = 1;
				return _t29;
			}











                                                    0x00407f16
                                                    0x00407f28
                                                    0x00407f2f
                                                    0x00407f2f
                                                    0x00407f3e
                                                    0x00407f62
                                                    0x00407f69
                                                    0x00407f69
                                                    0x00407f76
                                                    0x00407f7d
                                                    0x00407f7d
                                                    0x00407f86
                                                    0x00407f8d
                                                    0x00407f91
                                                    0x00407fa0
                                                    0x00407fa5
                                                    0x00407fa7
                                                    0x00407fac
                                                    0x00407fae
                                                    0x00407fae
                                                    0x00407fb3
                                                    0x00407fb3
                                                    0x00407fc3
                                                    0x00407fc8
                                                    0x00407fd2

                                                    APIs
                                                    • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 00407FA0
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.283407680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.283396024.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283452234.000000000040B000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283480984.0000000000411000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: AllocVirtual
                                                    • String ID:
                                                    • API String ID: 4275171209-0
                                                    • Opcode ID: 636722d4ca057b68616df378e1b8a5bd7f337355b9f7c137ab23b8dc1cafdb71
                                                    • Instruction ID: 1e7236936b067224bcb0a7c190bcfb18a105a15b1652d3161176e1d0ad605fa4
                                                    • Opcode Fuzzy Hash: 636722d4ca057b68616df378e1b8a5bd7f337355b9f7c137ab23b8dc1cafdb71
                                                    • Instruction Fuzzy Hash: 43116371A042059BDB00EF19C881B5B7794AF44359F05807AF958AB2C6DB38E800CBAA
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004015C4, Relevance: 1.3, APIs: 1, Instructions: 54memoryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E004015C4(signed int __eax, void** __ecx, intOrPtr __edx) {
				signed int _v20;
				void** _v24;
				void* _t15;
				void** _t16;
				void* _t17;
				signed int _t27;
				intOrPtr* _t29;
				void* _t31;
				intOrPtr* _t32;

				_v24 = __ecx;
				 *_t32 = __edx;
				_t31 = __eax & 0xfffff000;
				_v20 = __eax +  *_t32 + 0x00000fff & 0xfffff000;
				 *_v24 = _t31;
				_t15 = _v20 - _t31;
				_v24[1] = _t15;
				_t29 =  *0x40c43c; // 0x40c43c
				while(_t29 != 0x40c43c) {
					_t7 = _t29 + 8; // 0x0
					_t17 =  *_t7;
					_t8 = _t29 + 0xc; // 0x0
					_t27 =  *_t8 + _t17;
					if(_t31 > _t17) {
						_t17 = _t31;
					}
					if(_t27 > _v20) {
						_t27 = _v20;
					}
					if(_t27 > _t17) {
						_t15 = VirtualAlloc(_t17, _t27 - _t17, 0x1000, 4); // executed
						if(_t15 == 0) {
							_t16 = _v24;
							 *_t16 = 0;
							return _t16;
						}
					}
					_t29 =  *_t29;
				}
				return _t15;
			}












                                                    0x004015cb
                                                    0x004015cf
                                                    0x004015d6
                                                    0x004015eb
                                                    0x004015f3
                                                    0x004015f9
                                                    0x004015ff
                                                    0x00401602
                                                    0x00401646
                                                    0x0040160a
                                                    0x0040160a
                                                    0x0040160d
                                                    0x00401610
                                                    0x00401614
                                                    0x00401616
                                                    0x00401616
                                                    0x0040161c
                                                    0x0040161e
                                                    0x0040161e
                                                    0x00401624
                                                    0x00401631
                                                    0x00401638
                                                    0x0040163a
                                                    0x00401640
                                                    0x00000000
                                                    0x00401640
                                                    0x00401638
                                                    0x00401644
                                                    0x00401644
                                                    0x00401655

                                                    APIs
                                                    • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 00401631
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.283407680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.283396024.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283452234.000000000040B000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283480984.0000000000411000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: AllocVirtual
                                                    • String ID:
                                                    • API String ID: 4275171209-0
                                                    • Opcode ID: 41bc2e58eb8df21134a81ecef240e945b9dbf0f5d11c2332597d90ea76119035
                                                    • Instruction ID: 625cd896077d7ae42c8eb3362da321aaa2c87eddc2731790e4d257a04fee8ae6
                                                    • Opcode Fuzzy Hash: 41bc2e58eb8df21134a81ecef240e945b9dbf0f5d11c2332597d90ea76119035
                                                    • Instruction Fuzzy Hash: 95113072A057019FC3109F19CD80A2BB7E5EBC4750F19CA3DE598A73A5D635AC408699
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00401658, Relevance: 1.3, APIs: 1, Instructions: 48COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 94%
                                                    			E00401658(void* __eax, void** __ecx, void* __edx) {
				int _t7;
				void* _t9;
				signed int _t14;
				intOrPtr* _t19;
				signed int _t22;
				void** _t23;

				_push(__ecx);
				 *_t23 = __eax + 0x00000fff & 0xfffff000;
				_t22 = __eax + __edx & 0xfffff000;
				 *__ecx =  *_t23;
				_t7 = _t22 -  *_t23;
				__ecx[1] = _t7;
				_t19 =  *0x40c43c; // 0x40c43c
				while(_t19 != 0x40c43c) {
					_t2 = _t19 + 8; // 0x0
					_t9 =  *_t2;
					_t3 = _t19 + 0xc; // 0x0
					_t14 =  *_t3 + _t9;
					if(_t9 <  *_t23) {
						_t9 =  *_t23;
					}
					if(_t22 < _t14) {
						_t14 = _t22;
					}
					if(_t14 > _t9) {
						_t7 = VirtualFree(_t9, _t14 - _t9, 0x4000); // executed
						if(_t7 == 0) {
							 *0x40c418 = 2;
						}
					}
					_t19 =  *_t19;
				}
				return _t7;
			}









                                                    0x0040165c
                                                    0x0040166d
                                                    0x00401674
                                                    0x0040167d
                                                    0x00401681
                                                    0x00401684
                                                    0x00401687
                                                    0x004016c7
                                                    0x0040168f
                                                    0x0040168f
                                                    0x00401692
                                                    0x00401695
                                                    0x0040169a
                                                    0x0040169c
                                                    0x0040169c
                                                    0x004016a1
                                                    0x004016a3
                                                    0x004016a3
                                                    0x004016a7
                                                    0x004016b2
                                                    0x004016b9
                                                    0x004016bb
                                                    0x004016bb
                                                    0x004016b9
                                                    0x004016c5
                                                    0x004016c5
                                                    0x004016d4

                                                    APIs
                                                    • VirtualFree.KERNEL32(00000000,00000000,00004000,?,0000000C,?,-00000008,00003FFB,004018BF), ref: 004016B2
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.283407680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.283396024.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283452234.000000000040B000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283480984.0000000000411000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: FreeVirtual
                                                    • String ID:
                                                    • API String ID: 1263568516-0
                                                    • Opcode ID: a2f32dd8ef58eb042d1926e7c5d87192c2fb778a874e681f692e1318d4ea2181
                                                    • Instruction ID: 63c8255cdd02620dd55efc6405714c3c0a63becca9b218cdeda95617091702f1
                                                    • Opcode Fuzzy Hash: a2f32dd8ef58eb042d1926e7c5d87192c2fb778a874e681f692e1318d4ea2181
                                                    • Instruction Fuzzy Hash: 3601A7726442148BC310AF28DDC093A77D5EB85364F1A4A7ED985B73A1D23B6C0587A8
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00407548, Relevance: 1.3, APIs: 1, Instructions: 20COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00407548(void* __eax, void* __edx) {
				void* _t11;
				void* _t14;

				_t11 = __edx;
				_t14 = __eax;
				if( *((char*)(__eax + 8)) != 0) {
					CloseHandle( *(__eax + 4)); // executed
				}
				E00402918(0);
				if(_t11 != 0) {
					E00402B04(_t14);
				}
				return _t14;
			}





                                                    0x0040754a
                                                    0x0040754c
                                                    0x00407552
                                                    0x00407558
                                                    0x00407558
                                                    0x00407561
                                                    0x00407568
                                                    0x0040756c
                                                    0x0040756c
                                                    0x00407575

                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.283407680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.283396024.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283452234.000000000040B000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283480984.0000000000411000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CloseHandle
                                                    • String ID:
                                                    • API String ID: 2962429428-0
                                                    • Opcode ID: fc6098dcd6b1504a072b68d3feaaa537492281b052079d944a979dec092e75e7
                                                    • Instruction ID: e7ddd8f09f86228f97b62737e097d00c20d119481f2284b048c56b7aa048eabb
                                                    • Opcode Fuzzy Hash: fc6098dcd6b1504a072b68d3feaaa537492281b052079d944a979dec092e75e7
                                                    • Instruction Fuzzy Hash: 41D05E82B00A6017D615F2BE4D8869692D85F89685B08843AF654E77D1D67CEC00838D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00407EB8, Relevance: 1.3, APIs: 1, Instructions: 15COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00407EB8(void* __eax) {
				void* _t6;
				void* _t9;

				_t9 = __eax;
				 *((intOrPtr*)(__eax + 0x64)) = 0;
				_t6 =  *(__eax + 0x60);
				if(_t6 != 0) {
					VirtualFree(_t6, 0, 0x8000); // executed
					 *((intOrPtr*)(_t9 + 0x60)) = 0;
					return 0;
				}
				return _t6;
			}





                                                    0x00407eb9
                                                    0x00407ebd
                                                    0x00407ec0
                                                    0x00407ec5
                                                    0x00407ecf
                                                    0x00407ed6
                                                    0x00000000
                                                    0x00407ed6
                                                    0x00407eda

                                                    APIs
                                                    • VirtualFree.KERNEL32(?,00000000,00008000,?,00407E9D), ref: 00407ECF
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.283407680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.283396024.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283452234.000000000040B000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283480984.0000000000411000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: FreeVirtual
                                                    • String ID:
                                                    • API String ID: 1263568516-0
                                                    • Opcode ID: c7bedad96efb848ea9f674ed311898bb29a23f2a16fc3a9de009753beeeb9dd9
                                                    • Instruction ID: 622015b425f940adf6dc1d0f89e873b9c6d17cfe6f0c2733970da1323f12c917
                                                    • Opcode Fuzzy Hash: c7bedad96efb848ea9f674ed311898bb29a23f2a16fc3a9de009753beeeb9dd9
                                                    • Instruction Fuzzy Hash: 3ED0E9B17553055BDB90EEB98CC1B0237D8BB48610F5044B66904EB296E674E8009654
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Non-executed Functions

                                                    Function 00409448, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 41shutdownCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 91%
                                                    			E00409448() {
				int _v4;
				struct _TOKEN_PRIVILEGES _v16;
				void* _v20;
				signed int _t6;

				if( *0x40b07c != 2) {
					L5:
					_t6 = ExitWindowsEx(2, 0);
					asm("sbb eax, eax");
					return  ~( ~_t6);
				}
				if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v20) != 0) {
					LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v16.Privileges));
					_v16.PrivilegeCount = 1;
					_v4 = 2;
					AdjustTokenPrivileges(_v20, 0,  &_v16, 0, 0, 0);
					if(GetLastError() == 0) {
						goto L5;
					}
					return 0;
				}
				return 0;
			}







                                                    0x00409452
                                                    0x004094af
                                                    0x004094b3
                                                    0x004094ba
                                                    0x00000000
                                                    0x004094bc
                                                    0x00409464
                                                    0x00409476
                                                    0x0040947b
                                                    0x00409483
                                                    0x0040949d
                                                    0x004094a9
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x004094ab
                                                    0x00000000

                                                    APIs
                                                    • GetCurrentProcess.KERNEL32(00000028), ref: 00409457
                                                    • OpenProcessToken.ADVAPI32(00000000,00000028), ref: 0040945D
                                                    • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,00000028), ref: 00409476
                                                    • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000002,00000000,00000000,00000000,00000000,SeShutdownPrivilege), ref: 0040949D
                                                    • GetLastError.KERNEL32(?,00000000,00000002,00000000,00000000,00000000,00000000,SeShutdownPrivilege), ref: 004094A2
                                                    • ExitWindowsEx.USER32 ref: 004094B3
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.283407680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.283396024.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283452234.000000000040B000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283480984.0000000000411000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: ProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
                                                    • String ID: SeShutdownPrivilege
                                                    • API String ID: 107509674-3733053543
                                                    • Opcode ID: 5d5c4cc2167cea31fe6e778ad900630fb502c4628614430f67a63468396a48bc
                                                    • Instruction ID: 55e16e97e4c30333ef6e9d7cb44a764448f3c494fd9ead6bbbdf5d5bb2f9c1eb
                                                    • Opcode Fuzzy Hash: 5d5c4cc2167cea31fe6e778ad900630fb502c4628614430f67a63468396a48bc
                                                    • Instruction Fuzzy Hash: 61F012B069830179E610AAB18D07F6762885BC4B18F50493ABB15FA1C3D7BDD809466F
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00409C34, Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00409C34() {
				struct HRSRC__* _t10;
				void* _t11;
				void* _t12;

				_t10 = FindResourceA(0, 0x2b67, 0xa);
				if(_t10 == 0) {
					E00409AE8();
				}
				if(SizeofResource(0, _t10) != 0x2c) {
					E00409AE8();
				}
				_t11 = LoadResource(0, _t10);
				if(_t11 == 0) {
					E00409AE8();
				}
				_t12 = LockResource(_t11);
				if(_t12 == 0) {
					E00409AE8();
				}
				return _t12;
			}






                                                    0x00409c43
                                                    0x00409c47
                                                    0x00409c49
                                                    0x00409c49
                                                    0x00409c59
                                                    0x00409c5b
                                                    0x00409c5b
                                                    0x00409c68
                                                    0x00409c6c
                                                    0x00409c6e
                                                    0x00409c6e
                                                    0x00409c79
                                                    0x00409c7d
                                                    0x00409c7f
                                                    0x00409c7f
                                                    0x00409c87

                                                    APIs
                                                    • FindResourceA.KERNEL32(00000000,00002B67,0000000A), ref: 00409C3E
                                                    • SizeofResource.KERNEL32(00000000,00000000,?,0040A6B3,00000000,0040AC4A,?,00000001,00000000,00000002,00000000,0040AC92,?,00000000,0040ACC9), ref: 00409C51
                                                    • LoadResource.KERNEL32(00000000,00000000,00000000,00000000,?,0040A6B3,00000000,0040AC4A,?,00000001,00000000,00000002,00000000,0040AC92,?,00000000), ref: 00409C63
                                                    • LockResource.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,0040A6B3,00000000,0040AC4A,?,00000001,00000000,00000002,00000000,0040AC92), ref: 00409C74
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.283407680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.283396024.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283452234.000000000040B000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283480984.0000000000411000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Resource$FindLoadLockSizeof
                                                    • String ID:
                                                    • API String ID: 3473537107-0
                                                    • Opcode ID: 66472a43d98f2116202d14454299061058d21427157a3f4f4112e001326967e1
                                                    • Instruction ID: 5c2a5118689e511edc0a9dde7e1b9e77d0383d271af581b44440e1e73e890ea9
                                                    • Opcode Fuzzy Hash: 66472a43d98f2116202d14454299061058d21427157a3f4f4112e001326967e1
                                                    • Instruction Fuzzy Hash: B0E07E80B8874726FA6576FB08C7B6B008C4BA570EF00003BB700792C3DDBC8C04462E
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00405258, Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 79%
                                                    			E00405258(int __eax, char __ecx, int __edx) {
				char _v16;
				char _t5;
				char _t6;

				_push(__ecx);
				_t6 = __ecx;
				if(GetLocaleInfoA(__eax, __edx,  &_v16, 2) <= 0) {
					_t5 = _t6;
				} else {
					_t5 = _v16;
				}
				return _t5;
			}






                                                    0x0040525b
                                                    0x0040525c
                                                    0x00405272
                                                    0x00405279
                                                    0x00405274
                                                    0x00405274
                                                    0x00405274
                                                    0x0040527f

                                                    APIs
                                                    • GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,0040545A,?,?,?,00000000,0040560C), ref: 0040526B
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.283407680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.283396024.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283452234.000000000040B000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283480984.0000000000411000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: InfoLocale
                                                    • String ID:
                                                    • API String ID: 2299586839-0
                                                    • Opcode ID: b79b605a6dbd2dbd76dc5df923bc970e8acc9169766131cf64cabc826e101d13
                                                    • Instruction ID: 1db3d1c1bb6fab5f91442dea8a08a829cd161d84d3a7e1f0c2fe21aaaafd944f
                                                    • Opcode Fuzzy Hash: b79b605a6dbd2dbd76dc5df923bc970e8acc9169766131cf64cabc826e101d13
                                                    • Instruction Fuzzy Hash: 9ED02EA230E2006AE210808B2C84EBB4A9CCEC53A0F00007FF648C3242D2208C029B76
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004026C4, Relevance: 1.5, APIs: 1, Instructions: 20timeCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E004026C4() {
				void* _v14;
				void* _v16;
				struct _SYSTEMTIME _v28;
				signed int _t13;

				GetSystemTime( &_v28);
				_t13 = ((_v28.wHour & 0x0000ffff) * 0x3c + _v28.wMinute) * 0x3c * 0x3e8;
				 *0x40c02c = _t13;
				return _t13;
			}







                                                    0x004026ce
                                                    0x004026f3
                                                    0x004026f5
                                                    0x004026fe

                                                    APIs
                                                    • GetSystemTime.KERNEL32(?), ref: 004026CE
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.283407680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.283396024.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283452234.000000000040B000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283480984.0000000000411000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: SystemTime
                                                    • String ID:
                                                    • API String ID: 2656138-0
                                                    • Opcode ID: 1c1586f040ad907c453502297459692aa8199981632c93951a31d41848eff65d
                                                    • Instruction ID: 69442b1fa125f02c17f5f00667ba5619268a94e84ed87230136e9e38920861ba
                                                    • Opcode Fuzzy Hash: 1c1586f040ad907c453502297459692aa8199981632c93951a31d41848eff65d
                                                    • Instruction Fuzzy Hash: 14E04F21E0010A82C704ABA5CD435EDF7AEAB95600B044272A418E92E0F631C251C748
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00405CF4, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00405CF4() {
				intOrPtr _v132;
				int _t2;
				intOrPtr _t3;
				struct _OSVERSIONINFOA* _t4;

				_t4->dwOSVersionInfoSize = 0x94;
				_t2 = GetVersionExA(_t4);
				if(_t2 != 0) {
					_t3 = _v132;
					 *0x40b07c = _t3;
					return _t3;
				}
				return _t2;
			}







                                                    0x00405cfa
                                                    0x00405d02
                                                    0x00405d09
                                                    0x00405d0b
                                                    0x00405d0f
                                                    0x00000000
                                                    0x00405d0f
                                                    0x00405d1a

                                                    APIs
                                                    • GetVersionExA.KERNEL32(?,004065F0,00000000,004065FE,?,?,?,?,?,0040A622), ref: 00405D02
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.283407680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.283396024.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283452234.000000000040B000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283480984.0000000000411000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Version
                                                    • String ID:
                                                    • API String ID: 1889659487-0
                                                    • Opcode ID: 804cda8d473c4c61bcc63f12479ba9190822d5c554409fc9a119c77cb0a2aa37
                                                    • Instruction ID: 4c33b40dd65743d8d98a5ffd827b1eb297e5dd4f71424004bfe2d5ab9b26ea54
                                                    • Opcode Fuzzy Hash: 804cda8d473c4c61bcc63f12479ba9190822d5c554409fc9a119c77cb0a2aa37
                                                    • Instruction Fuzzy Hash: 00C0126040070186D7109B31DC02B1672D4AB44310F4405396DA4963C2E73C80018A6E
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0040840C, Relevance: .5, Instructions: 545COMMONCrypto
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E0040840C(intOrPtr* __eax, intOrPtr __ecx, intOrPtr __edx, intOrPtr* _a4, intOrPtr _a8) {
				intOrPtr* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				char _v25;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				char _v64;
				char* _v68;
				void* _v72;
				char _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				signed int _v88;
				char _v89;
				char _v96;
				signed int _v100;
				signed int _v104;
				short* _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				char _v136;
				signed int _t370;
				void* _t375;
				signed int _t377;
				signed int _t381;
				signed int _t389;
				signed int _t395;
				signed int _t411;
				intOrPtr _t422;
				signed int _t426;
				signed int _t435;
				void* _t448;
				signed int _t458;
				char _t460;
				signed int _t474;
				char* _t503;
				signed int _t508;
				signed int _t616;
				signed int _t617;
				signed int _t618;
				signed int _t622;

				_v16 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				_v20 =  *((intOrPtr*)(_v8 + 0x10));
				_v24 = 0;
				_v32 = (1 <<  *(_v8 + 8)) - 1;
				_v36 = (1 <<  *(_v8 + 4)) - 1;
				_v40 =  *_v8;
				_t617 =  *((intOrPtr*)(_v8 + 0x34));
				_t474 =  *(_v8 + 0x44);
				_v44 =  *((intOrPtr*)(_v8 + 0x38));
				_v48 =  *((intOrPtr*)(_v8 + 0x3c));
				_v52 =  *((intOrPtr*)(_v8 + 0x40));
				_v56 =  *((intOrPtr*)(_v8 + 0x48));
				_v60 =  *((intOrPtr*)(_v8 + 0x2c));
				_v64 =  *((intOrPtr*)(_v8 + 0x30));
				_v68 =  *((intOrPtr*)(_v8 + 0x1c));
				_v72 =  *((intOrPtr*)(_v8 + 0xc));
				_t616 =  *((intOrPtr*)(_v8 + 0x28));
				_v128 =  *((intOrPtr*)(_v8 + 0x20));
				_v124 =  *((intOrPtr*)(_v8 + 0x24));
				_v120 = _v12;
				_v136 =  *((intOrPtr*)(_v8 + 0x14));
				_v132 =  *((intOrPtr*)(_v8 + 0x18));
				 *_a4 = 0;
				if(_v56 == 0xffffffff) {
					return 0;
				}
				__eflags = _v72;
				if(_v72 == 0) {
					_v68 =  &_v76;
					_v72 = 1;
					_v76 =  *((intOrPtr*)(_v8 + 0x4c));
				}
				__eflags = _v56 - 0xfffffffe;
				if(_v56 != 0xfffffffe) {
					L12:
					_v108 = _v16 + _v24;
					while(1) {
						__eflags = _v56;
						if(_v56 == 0) {
							break;
						}
						__eflags = _v24 - _a8;
						if(_v24 < _a8) {
							_t458 = _t616 - _t617;
							__eflags = _t458 - _v72;
							if(_t458 >= _v72) {
								_t458 = _t458 + _v72;
								__eflags = _t458;
							}
							_t460 =  *((intOrPtr*)(_v68 + _t458));
							 *((char*)(_v68 + _t616)) = _t460;
							 *_v108 = _t460;
							_v24 = _v24 + 1;
							_v108 = _v108 + 1;
							_t616 = _t616 + 1;
							__eflags = _t616 - _v72;
							if(_t616 == _v72) {
								_t616 = 0;
								__eflags = 0;
							}
							_t116 =  &_v56;
							 *_t116 = _v56 - 1;
							__eflags =  *_t116;
							continue;
						}
						break;
					}
					__eflags = _t616;
					if(_t616 != 0) {
						_v25 =  *((intOrPtr*)(_v68 + _t616 - 1));
					} else {
						_v25 =  *((intOrPtr*)(_v68 + _v72 - 1));
					}
					__eflags = 0;
					_v116 = 0;
					_v112 = 0;
					while(1) {
						L24:
						_v108 = _v16 + _v24;
						__eflags = _v24 - _a8;
						if(_v24 >= _a8) {
							break;
						} else {
							goto L25;
						}
						while(1) {
							L25:
							_v88 = _v24 + _v60 & _v32;
							__eflags = _v116;
							if(_v116 != 0) {
								break;
							}
							__eflags = _v112;
							if(_v112 == 0) {
								_t370 = E00408164((_t474 << 4) + (_t474 << 4) + _v20 + _v88 + _v88,  &_v136);
								__eflags = _t370;
								if(_t370 != 0) {
									_t375 = E00408164(_t474 + _t474 + _v20 + 0x180,  &_v136);
									__eflags = _t375 != 1;
									if(_t375 != 1) {
										_v52 = _v48;
										_v48 = _v44;
										_v44 = _t617;
										__eflags = _t474 - 7;
										if(__eflags >= 0) {
											_t377 = 0xa;
										} else {
											_t377 = 7;
										}
										_t474 = _t377;
										_v56 = E00408314(_v20 + 0x664, _v88,  &_v136, __eflags);
										_t503 =  &_v136;
										__eflags = _v56 - 4;
										if(_v56 >= 4) {
											_t381 = 3;
										} else {
											_t381 = _v56;
										}
										_v100 = E004081EC((_t381 << 6) + (_t381 << 6) + _v20 + 0x360, _t503, 6);
										__eflags = _v100 - 4;
										if(_v100 < 4) {
											_t618 = _v100;
										} else {
											_v104 = (_v100 >> 1) - 1;
											_t524 = _v104;
											_t622 = (_v100 & 0x00000001 | 0x00000002) << _v104;
											__eflags = _v100 - 0xe;
											if(_v100 >= 0xe) {
												_t395 = E00408104( &_v136, _t524, _v104 + 0xfffffffc);
												_t618 = _t622 + (_t395 << 4) + E00408230(_v20 + 0x644,  &_v136, 4);
											} else {
												_t618 = _t622 + E00408230(_t622 + _t622 + _v20 + 0x560 - _v100 + _v100 + 0xfffffffe,  &_v136, _v104);
											}
										}
										_t617 = _t618 + 1;
										__eflags = _t617;
										if(_t617 != 0) {
											L82:
											_v56 = _v56 + 2;
											__eflags = _t617 - _v64;
											if(_t617 <= _v64) {
												__eflags = _v72 - _v64 - _v56;
												if(_v72 - _v64 <= _v56) {
													_v64 = _v72;
												} else {
													_v64 = _v64 + _v56;
												}
												while(1) {
													_t389 = _t616 - _t617;
													__eflags = _t389 - _v72;
													if(_t389 >= _v72) {
														_t389 = _t389 + _v72;
														__eflags = _t389;
													}
													_v25 =  *((intOrPtr*)(_v68 + _t389));
													 *((char*)(_v68 + _t616)) = _v25;
													_t616 = _t616 + 1;
													__eflags = _t616 - _v72;
													if(_t616 == _v72) {
														_t616 = 0;
														__eflags = 0;
													}
													_v56 = _v56 - 1;
													 *_v108 = _v25;
													_v24 = _v24 + 1;
													_v108 = _v108 + 1;
													__eflags = _v56;
													if(_v56 == 0) {
														break;
													}
													__eflags = _v24 - _a8;
													if(_v24 < _a8) {
														continue;
													}
													break;
												}
												L93:
												__eflags = _v24 - _a8;
												if(_v24 < _a8) {
													continue;
												}
												goto L94;
											}
											return 1;
										} else {
											_v56 = 0xffffffff;
											goto L94;
										}
									}
									_t411 = E00408164(_t474 + _t474 + _v20 + 0x198,  &_v136);
									__eflags = _t411;
									if(_t411 != 0) {
										__eflags = E00408164(_t474 + _t474 + _v20 + 0x1b0,  &_v136);
										if(__eflags != 0) {
											__eflags = E00408164(_t474 + _t474 + _v20 + 0x1c8,  &_v136);
											if(__eflags != 0) {
												_t422 = _v52;
												_v52 = _v48;
											} else {
												_t422 = _v48;
											}
											_v48 = _v44;
										} else {
											_t422 = _v44;
										}
										_v44 = _t617;
										_t617 = _t422;
										L65:
										_v56 = E00408314(_v20 + 0xa68, _v88,  &_v136, __eflags);
										__eflags = _t474 - 7;
										if(_t474 >= 7) {
											_t426 = 0xb;
										} else {
											_t426 = 8;
										}
										_t474 = _t426;
										goto L82;
									}
									__eflags = E00408164((_t474 << 4) + (_t474 << 4) + _v20 + _v88 + _v88 + 0x1e0,  &_v136);
									if(__eflags != 0) {
										goto L65;
									}
									__eflags = _v64;
									if(_v64 != 0) {
										__eflags = _t474 - 7;
										if(_t474 >= 7) {
											_t508 = 0xb;
										} else {
											_t508 = 9;
										}
										_t474 = _t508;
										_t435 = _t616 - _t617;
										__eflags = _t435 - _v72;
										if(_t435 >= _v72) {
											_t435 = _t435 + _v72;
											__eflags = _t435;
										}
										_v25 =  *((intOrPtr*)(_v68 + _t435));
										 *((char*)(_v68 + _t616)) = _v25;
										_t616 = _t616 + 1;
										__eflags = _t616 - _v72;
										if(_t616 == _v72) {
											_t616 = 0;
											__eflags = 0;
										}
										 *_v108 = _v25;
										_v24 = _v24 + 1;
										__eflags = _v64 - _v72;
										if(_v64 < _v72) {
											_v64 = _v64 + 1;
										}
										goto L24;
									}
									return 1;
								}
								_t448 = (((_v24 + _v60 & _v36) << _v40) + (0 >> 8 - _v40) << 8) + (((_v24 + _v60 & _v36) << _v40) + (0 >> 8 - _v40) << 8) * 2 + (((_v24 + _v60 & _v36) << _v40) + (0 >> 8 - _v40) << 8) + (((_v24 + _v60 & _v36) << _v40) + (0 >> 8 - _v40) << 8) * 2 + _v20 + 0xe6c;
								__eflags = _t474 - 7;
								if(__eflags < 0) {
									_v25 = E00408274(_t448,  &_v136, __eflags);
								} else {
									_v96 = _t616 - _t617;
									__eflags = _v96 - _v72;
									if(__eflags >= 0) {
										_t161 =  &_v96;
										 *_t161 = _v96 + _v72;
										__eflags =  *_t161;
									}
									_v89 =  *((intOrPtr*)(_v68 + _v96));
									_v25 = E004082A0(_t448, _v89,  &_v136, __eflags);
								}
								 *_v108 = _v25;
								_v24 = _v24 + 1;
								_v108 = _v108 + 1;
								__eflags = _v64 - _v72;
								if(_v64 < _v72) {
									_t180 =  &_v64;
									 *_t180 = _v64 + 1;
									__eflags =  *_t180;
								}
								 *((char*)(_v68 + _t616)) = _v25;
								_t616 = _t616 + 1;
								__eflags = _t616 - _v72;
								if(_t616 == _v72) {
									_t616 = 0;
									__eflags = 0;
								}
								__eflags = _t474 - 4;
								if(_t474 >= 4) {
									__eflags = _t474 - 0xa;
									if(_t474 >= 0xa) {
										_t474 = _t474 - 6;
									} else {
										_t474 = _t474 - 3;
									}
								} else {
									_t474 = 0;
								}
								goto L93;
							}
							return 1;
						}
						return _v116;
					}
					L94:
					 *((intOrPtr*)(_v8 + 0x20)) = _v128;
					 *((intOrPtr*)(_v8 + 0x24)) = _v124;
					 *((intOrPtr*)(_v8 + 0x28)) = _t616;
					 *((intOrPtr*)(_v8 + 0x2c)) = _v60 + _v24;
					 *((intOrPtr*)(_v8 + 0x30)) = _v64;
					 *((intOrPtr*)(_v8 + 0x34)) = _t617;
					 *((intOrPtr*)(_v8 + 0x38)) = _v44;
					 *((intOrPtr*)(_v8 + 0x3c)) = _v48;
					 *((intOrPtr*)(_v8 + 0x40)) = _v52;
					 *(_v8 + 0x44) = _t474;
					 *((intOrPtr*)(_v8 + 0x48)) = _v56;
					 *((char*)(_v8 + 0x4c)) = _v76;
					 *((intOrPtr*)(_v8 + 0x14)) = _v136;
					 *((intOrPtr*)(_v8 + 0x18)) = _v132;
					 *_a4 = _v24;
					__eflags = 0;
					return 0;
				}
				_v80 = (0x300 <<  *(_v8 + 4) + _v40) + 0x736;
				_v84 = 0;
				_v108 = _v20;
				__eflags = _v84 - _v80;
				if(_v84 >= _v80) {
					L7:
					_v52 = 1;
					_v48 = 1;
					_v44 = 1;
					_t617 = 1;
					_v60 = 0;
					_v64 = 0;
					_t474 = 0;
					_t616 = 0;
					 *((char*)(_v68 + _v72 - 1)) = 0;
					E004080C4( &_v136);
					__eflags = _v116;
					if(_v116 != 0) {
						return _v116;
					}
					__eflags = _v112;
					if(_v112 == 0) {
						__eflags = 0;
						_v56 = 0;
						goto L12;
					} else {
						return 1;
					}
				} else {
					goto L6;
				}
				do {
					L6:
					 *_v108 = 0x400;
					_v84 = _v84 + 1;
					_v108 = _v108 + 2;
					__eflags = _v84 - _v80;
				} while (_v84 < _v80);
				goto L7;
			}
























































                                                    0x00408418
                                                    0x0040841b
                                                    0x0040841e
                                                    0x00408429
                                                    0x0040842c
                                                    0x0040843d
                                                    0x0040844e
                                                    0x00408456
                                                    0x0040845f
                                                    0x00408465
                                                    0x0040846b
                                                    0x00408474
                                                    0x0040847d
                                                    0x00408486
                                                    0x0040848f
                                                    0x00408498
                                                    0x004084a1
                                                    0x004084aa
                                                    0x004084b3
                                                    0x004084b9
                                                    0x004084c2
                                                    0x004084c8
                                                    0x004084d1
                                                    0x004084df
                                                    0x004084e5
                                                    0x004084eb
                                                    0x00000000
                                                    0x004084ed
                                                    0x004084f4
                                                    0x004084f8
                                                    0x004084fd
                                                    0x00408500
                                                    0x0040850d
                                                    0x0040850d
                                                    0x00408510
                                                    0x00408514
                                                    0x004085b5
                                                    0x004085be
                                                    0x004085f3
                                                    0x004085f3
                                                    0x004085f7
                                                    0x00000000
                                                    0x00000000
                                                    0x004085fc
                                                    0x004085ff
                                                    0x004085c5
                                                    0x004085c7
                                                    0x004085ca
                                                    0x004085cc
                                                    0x004085cc
                                                    0x004085cc
                                                    0x004085d9
                                                    0x004085da
                                                    0x004085e0
                                                    0x004085e2
                                                    0x004085e5
                                                    0x004085e8
                                                    0x004085e9
                                                    0x004085ec
                                                    0x004085ee
                                                    0x004085ee
                                                    0x004085ee
                                                    0x004085f0
                                                    0x004085f0
                                                    0x004085f0
                                                    0x00000000
                                                    0x004085f0
                                                    0x00000000
                                                    0x004085ff
                                                    0x00408601
                                                    0x00408603
                                                    0x0040861b
                                                    0x00408605
                                                    0x0040860f
                                                    0x0040860f
                                                    0x00408620
                                                    0x00408622
                                                    0x00408625
                                                    0x00408628
                                                    0x00408628
                                                    0x00408631
                                                    0x00408637
                                                    0x0040863a
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00408640
                                                    0x00408640
                                                    0x00408649
                                                    0x0040864c
                                                    0x00408650
                                                    0x00000000
                                                    0x00000000
                                                    0x0040865a
                                                    0x0040865e
                                                    0x00408681
                                                    0x00408686
                                                    0x00408688
                                                    0x00408761
                                                    0x00408766
                                                    0x00408767
                                                    0x004088a7
                                                    0x004088ad
                                                    0x004088b0
                                                    0x004088b3
                                                    0x004088b6
                                                    0x004088bf
                                                    0x004088b8
                                                    0x004088b8
                                                    0x004088b8
                                                    0x004088c4
                                                    0x004088dc
                                                    0x004088df
                                                    0x004088e5
                                                    0x004088e9
                                                    0x004088f0
                                                    0x004088eb
                                                    0x004088eb
                                                    0x004088eb
                                                    0x0040890c
                                                    0x0040890f
                                                    0x00408913
                                                    0x0040898c
                                                    0x00408915
                                                    0x0040891b
                                                    0x0040891e
                                                    0x0040892a
                                                    0x0040892c
                                                    0x00408930
                                                    0x00408966
                                                    0x00408988
                                                    0x00408932
                                                    0x00408956
                                                    0x00408956
                                                    0x00408930
                                                    0x0040898f
                                                    0x0040898f
                                                    0x00408990
                                                    0x0040899b
                                                    0x0040899b
                                                    0x0040899f
                                                    0x004089a2
                                                    0x004089b4
                                                    0x004089b7
                                                    0x004089c4
                                                    0x004089b9
                                                    0x004089bc
                                                    0x004089bc
                                                    0x004089c7
                                                    0x004089c9
                                                    0x004089cb
                                                    0x004089ce
                                                    0x004089d0
                                                    0x004089d0
                                                    0x004089d0
                                                    0x004089d9
                                                    0x004089e2
                                                    0x004089e5
                                                    0x004089e6
                                                    0x004089e9
                                                    0x004089eb
                                                    0x004089eb
                                                    0x004089eb
                                                    0x004089ed
                                                    0x004089f6
                                                    0x004089f8
                                                    0x004089fb
                                                    0x004089fe
                                                    0x00408a02
                                                    0x00000000
                                                    0x00000000
                                                    0x00408a07
                                                    0x00408a0a
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00408a0a
                                                    0x00408a0c
                                                    0x00408a0f
                                                    0x00408a12
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00408a12
                                                    0x00000000
                                                    0x00408992
                                                    0x00408992
                                                    0x00000000
                                                    0x00408992
                                                    0x00408990
                                                    0x0040877f
                                                    0x00408784
                                                    0x00408786
                                                    0x00408836
                                                    0x00408838
                                                    0x00408856
                                                    0x00408858
                                                    0x0040885f
                                                    0x00408865
                                                    0x0040885a
                                                    0x0040885a
                                                    0x0040885a
                                                    0x0040886b
                                                    0x0040883a
                                                    0x0040883a
                                                    0x0040883a
                                                    0x0040886e
                                                    0x00408871
                                                    0x00408873
                                                    0x00408889
                                                    0x0040888c
                                                    0x0040888f
                                                    0x00408898
                                                    0x00408891
                                                    0x00408891
                                                    0x00408891
                                                    0x0040889d
                                                    0x00000000
                                                    0x0040889d
                                                    0x004087ad
                                                    0x004087af
                                                    0x00000000
                                                    0x00000000
                                                    0x004087b5
                                                    0x004087b9
                                                    0x004087c5
                                                    0x004087c8
                                                    0x004087d1
                                                    0x004087ca
                                                    0x004087ca
                                                    0x004087ca
                                                    0x004087d6
                                                    0x004087da
                                                    0x004087dc
                                                    0x004087df
                                                    0x004087e1
                                                    0x004087e1
                                                    0x004087e1
                                                    0x004087ea
                                                    0x004087f3
                                                    0x004087f6
                                                    0x004087f7
                                                    0x004087fa
                                                    0x004087fc
                                                    0x004087fc
                                                    0x004087fc
                                                    0x00408804
                                                    0x00408806
                                                    0x0040880c
                                                    0x0040880f
                                                    0x00408815
                                                    0x00408815
                                                    0x00000000
                                                    0x0040880f
                                                    0x00000000
                                                    0x004087bb
                                                    0x004086b8
                                                    0x004086bd
                                                    0x004086c0
                                                    0x00408701
                                                    0x004086c2
                                                    0x004086c6
                                                    0x004086cc
                                                    0x004086cf
                                                    0x004086d4
                                                    0x004086d4
                                                    0x004086d4
                                                    0x004086d4
                                                    0x004086e0
                                                    0x004086f1
                                                    0x004086f1
                                                    0x0040870a
                                                    0x0040870c
                                                    0x0040870f
                                                    0x00408715
                                                    0x00408718
                                                    0x0040871a
                                                    0x0040871a
                                                    0x0040871a
                                                    0x0040871a
                                                    0x00408723
                                                    0x00408726
                                                    0x00408727
                                                    0x0040872a
                                                    0x0040872c
                                                    0x0040872c
                                                    0x0040872c
                                                    0x0040872e
                                                    0x00408731
                                                    0x0040873a
                                                    0x0040873d
                                                    0x00408747
                                                    0x0040873f
                                                    0x0040873f
                                                    0x0040873f
                                                    0x00408733
                                                    0x00408733
                                                    0x00408733
                                                    0x00000000
                                                    0x00408731
                                                    0x00000000
                                                    0x00408660
                                                    0x00000000
                                                    0x00408652
                                                    0x00408a18
                                                    0x00408a1e
                                                    0x00408a27
                                                    0x00408a2d
                                                    0x00408a39
                                                    0x00408a42
                                                    0x00408a48
                                                    0x00408a51
                                                    0x00408a5a
                                                    0x00408a63
                                                    0x00408a69
                                                    0x00408a72
                                                    0x00408a7b
                                                    0x00408a87
                                                    0x00408a90
                                                    0x00408a99
                                                    0x00408a9b
                                                    0x00000000
                                                    0x00408a9b
                                                    0x00408531
                                                    0x00408534
                                                    0x0040853c
                                                    0x00408542
                                                    0x00408545
                                                    0x0040855e
                                                    0x00408565
                                                    0x00408568
                                                    0x0040856b
                                                    0x0040856e
                                                    0x00408570
                                                    0x00408575
                                                    0x00408578
                                                    0x00408580
                                                    0x00408582
                                                    0x0040858d
                                                    0x00408592
                                                    0x00408596
                                                    0x00000000
                                                    0x00408598
                                                    0x004085a0
                                                    0x004085a4
                                                    0x004085b0
                                                    0x004085b2
                                                    0x00000000
                                                    0x004085a6
                                                    0x00000000
                                                    0x004085a6
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00408547
                                                    0x00408547
                                                    0x0040854a
                                                    0x0040854f
                                                    0x00408552
                                                    0x00408559
                                                    0x00408559
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.283407680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.283396024.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283452234.000000000040B000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283480984.0000000000411000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4d767100099eb102bdc21c19fdb755dbde7929e86d9821f584b3da527505dd0e
                                                    • Instruction ID: 7dc6dc86846b3232beed044054ddb30c9891ac2fec336679fba6e94018ae2b4c
                                                    • Opcode Fuzzy Hash: 4d767100099eb102bdc21c19fdb755dbde7929e86d9821f584b3da527505dd0e
                                                    • Instruction Fuzzy Hash: C032D775E00219DFCB14CF99CA80AADB7B2BF88314F24816AD855B7385DB34AE42CF55
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00407024, Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 86registrylibraryloaderCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 66%
                                                    			E00407024(void* __ebx, void* __edi, void* __esi) {
				void* _v8;
				char _v12;
				char _v16;
				char _v20;
				intOrPtr* _t50;
				intOrPtr _t64;
				void* _t72;

				_v20 = 0;
				_v12 = 0;
				_push(_t72);
				_push(0x407129);
				_push( *[fs:eax]);
				 *[fs:eax] = _t72 + 0xfffffff0;
				_t50 = GetProcAddress(GetModuleHandleA("kernel32.dll"), "GetUserDefaultUILanguage");
				if(_t50 == 0) {
					if( *0x40b07c != 2) {
						if(E00406F68(0, "Control Panel\\Desktop\\ResourceLocale", 0x80000001,  &_v8, 1, 0) == 0) {
							E00406F5C();
							RegCloseKey(_v8);
						}
					} else {
						if(E00406F68(0, ".DEFAULT\\Control Panel\\International", 0x80000003,  &_v8, 1, 0) == 0) {
							E00406F5C();
							RegCloseKey(_v8);
						}
					}
					E0040322C( &_v20, E004071CC);
					E004032FC( &_v20, _v12);
					E004027B4(_v20,  &_v16);
					if(_v16 != 0) {
					}
				} else {
					 *_t50();
				}
				_pop(_t64);
				 *[fs:eax] = _t64;
				_push(E00407130);
				E00403198( &_v20);
				return E00403198( &_v12);
			}










                                                    0x0040702f
                                                    0x00407032
                                                    0x00407037
                                                    0x00407038
                                                    0x0040703d
                                                    0x00407040
                                                    0x00407058
                                                    0x0040705c
                                                    0x0040706e
                                                    0x004070c3
                                                    0x004070d0
                                                    0x004070d9
                                                    0x004070d9
                                                    0x00407070
                                                    0x0040708b
                                                    0x00407098
                                                    0x004070a1
                                                    0x004070a1
                                                    0x0040708b
                                                    0x004070e6
                                                    0x004070f1
                                                    0x004070fc
                                                    0x00407107
                                                    0x00407107
                                                    0x0040705e
                                                    0x0040705e
                                                    0x00407060
                                                    0x0040710d
                                                    0x00407110
                                                    0x00407113
                                                    0x0040711b
                                                    0x00407128

                                                    APIs
                                                    • GetModuleHandleA.KERNEL32(kernel32.dll,GetUserDefaultUILanguage,00000000,00407129,?,00000000,00409918), ref: 0040704D
                                                    • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00407053
                                                    • RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,00407129,?,00000000,00409918), ref: 004070A1
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.283407680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.283396024.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283452234.000000000040B000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283480984.0000000000411000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: AddressCloseHandleModuleProc
                                                    • String ID: .DEFAULT\Control Panel\International$Control Panel\Desktop\ResourceLocale$GetUserDefaultUILanguage$Locale$kernel32.dll
                                                    • API String ID: 4190037839-2401316094
                                                    • Opcode ID: 84283e8ecd5f01446eeee6c4ca3ac4597d6d061694d9d4138b3ca6e7d0b19e25
                                                    • Instruction ID: c068e7fb85b52830e378cef5638f1cf195f9e270113e5aa630163df598a56aa7
                                                    • Opcode Fuzzy Hash: 84283e8ecd5f01446eeee6c4ca3ac4597d6d061694d9d4138b3ca6e7d0b19e25
                                                    • Instruction Fuzzy Hash: 72214170E04209ABDB10EAB5CC55A9E77A9EB48304F60847BA510FB3C1D7BCAE01875E
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00403A97, Relevance: 15.1, APIs: 10, Instructions: 122fileCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 91%
                                                    			E00403A97(void** __eax) {
				void* _t25;
				long _t26;
				void* _t27;
				long _t30;
				void* _t34;
				void* _t36;
				long _t37;
				int _t40;
				void* _t42;
				void* _t48;
				void* _t49;
				long _t50;
				long _t51;
				void* _t54;
				void** _t55;
				DWORD* _t56;

				_t55 = __eax;
				 *((intOrPtr*)(__eax + 0xc)) = 0;
				 *((intOrPtr*)(__eax + 0x10)) = 0;
				_t25 =  *((intOrPtr*)(__eax + 4)) - 0xd7b1;
				if(_t25 == 0) {
					_t26 = 0x80000000;
					_t51 = 2;
					_t50 = 3;
					 *((intOrPtr*)(__eax + 0x1c)) = E00403A28;
					L8:
					_t55[9] = 0x403a7f;
					_t55[8] = E00403A4F;
					if(_t55[0x12] == 0) {
						_t55[9] = E00403A4F;
						if(_t55[1] == 0xd7b2) {
							_push(0xfffffff5);
						} else {
							_push(0xfffffff6);
						}
						_t27 = GetStdHandle();
						if(_t27 == 0xffffffff) {
							L35:
							_t55[1] = 0xd7b0;
							return GetLastError();
						} else {
							 *_t55 = _t27;
							L28:
							if(_t55[1] == 0xd7b1) {
								L32:
								return 0;
							}
							_t30 = GetFileType( *_t55);
							if(_t30 == 0) {
								CloseHandle( *_t55);
								_t55[1] = 0xd7b0;
								return 0x69;
							}
							if(_t30 == 2) {
								_t55[8] = E00403A52;
							}
							goto L32;
						}
					}
					_t34 = CreateFileA( &(_t55[0x12]), _t26, _t51, 0, _t50, 0x80, 0);
					if(_t34 == 0xffffffff) {
						goto L35;
					}
					 *_t55 = _t34;
					if(_t55[1] != 0xd7b3) {
						goto L28;
					}
					_t55[1] = _t55[1] - 1;
					_t36 = GetFileSize( *_t55, 0) + 1;
					if(_t36 == 0) {
						goto L35;
					}
					_t37 = _t36 - 0x81;
					if(_t37 < 0) {
						_t37 = 0;
					}
					if(SetFilePointer( *_t55, _t37, 0, 0) + 1 == 0) {
						goto L35;
					} else {
						_t40 = ReadFile( *_t55,  &(_t55[0x53]), 0x80, _t56, 0);
						_t54 = 0;
						if(_t40 != 1) {
							goto L35;
						}
						_t42 = 0;
						while(_t42 < _t54) {
							if( *((char*)(_t55 + _t42 + 0x14c)) == 0x1a) {
								if(SetFilePointer( *_t55, _t42 - _t54, 0, 2) + 1 == 0 || SetEndOfFile( *_t55) != 1) {
									goto L35;
								} else {
									goto L28;
								}
							}
							_t42 = _t42 + 1;
						}
						goto L28;
					}
				}
				_t48 = _t25 - 1;
				if(_t48 == 0) {
					_t26 = 0x40000000;
					_t51 = 1;
					_t50 = 2;
					L7:
					_t55[7] = E00403A52;
					goto L8;
				}
				_t49 = _t48 - 1;
				if(_t49 == 0) {
					_t26 = 0xc0000000;
					_t51 = 1;
					_t50 = 3;
					goto L7;
				}
				return _t49;
			}



















                                                    0x00403a98
                                                    0x00403a9c
                                                    0x00403a9f
                                                    0x00403aa5
                                                    0x00403aaa
                                                    0x00403ab7
                                                    0x00403abc
                                                    0x00403ac1
                                                    0x00403ac6
                                                    0x00403af6
                                                    0x00403af6
                                                    0x00403afd
                                                    0x00403b08
                                                    0x00403bbc
                                                    0x00403bca
                                                    0x00403bd0
                                                    0x00403bcc
                                                    0x00403bcc
                                                    0x00403bcc
                                                    0x00403bd2
                                                    0x00403bda
                                                    0x00403c17
                                                    0x00403c17
                                                    0x00000000
                                                    0x00403bdc
                                                    0x00403bdc
                                                    0x00403bde
                                                    0x00403be5
                                                    0x00403bfe
                                                    0x00000000
                                                    0x00403bfe
                                                    0x00403be9
                                                    0x00403bf0
                                                    0x00403c04
                                                    0x00403c09
                                                    0x00000000
                                                    0x00403c10
                                                    0x00403bf5
                                                    0x00403bf7
                                                    0x00403bf7
                                                    0x00000000
                                                    0x00403bf5
                                                    0x00403bda
                                                    0x00403b1e
                                                    0x00403b26
                                                    0x00000000
                                                    0x00000000
                                                    0x00403b2c
                                                    0x00403b35
                                                    0x00000000
                                                    0x00000000
                                                    0x00403b3b
                                                    0x00403b47
                                                    0x00403b48
                                                    0x00000000
                                                    0x00000000
                                                    0x00403b4e
                                                    0x00403b53
                                                    0x00403b55
                                                    0x00403b55
                                                    0x00403b64
                                                    0x00000000
                                                    0x00403b6a
                                                    0x00403b7f
                                                    0x00403b84
                                                    0x00403b86
                                                    0x00000000
                                                    0x00000000
                                                    0x00403b8c
                                                    0x00403b8e
                                                    0x00403b9a
                                                    0x00403bae
                                                    0x00000000
                                                    0x00403bba
                                                    0x00000000
                                                    0x00403bba
                                                    0x00403bae
                                                    0x00403b9c
                                                    0x00403b9c
                                                    0x00000000
                                                    0x00403b8e
                                                    0x00403b64
                                                    0x00403aac
                                                    0x00403aad
                                                    0x00403acf
                                                    0x00403ad4
                                                    0x00403ad9
                                                    0x00403aef
                                                    0x00403aef
                                                    0x00000000
                                                    0x00403aef
                                                    0x00403aaf
                                                    0x00403ab0
                                                    0x00403ae0
                                                    0x00403ae5
                                                    0x00403aea
                                                    0x00000000
                                                    0x00403aea
                                                    0x00000000

                                                    APIs
                                                    • CreateFileA.KERNEL32(00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00403B1E
                                                    • GetFileSize.KERNEL32(?,00000000,00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00403B42
                                                    • SetFilePointer.KERNEL32(?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00403B5E
                                                    • ReadFile.KERNEL32(?,?,00000080,?,00000000,00000000,?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000002,00000000), ref: 00403B7F
                                                    • SetFilePointer.KERNEL32(?,00000000,00000000,00000002), ref: 00403BA8
                                                    • SetEndOfFile.KERNEL32(?,?,00000000,00000000,00000002), ref: 00403BB2
                                                    • GetStdHandle.KERNEL32(000000F5), ref: 00403BD2
                                                    • GetFileType.KERNEL32(?,000000F5), ref: 00403BE9
                                                    • CloseHandle.KERNEL32(?,?,000000F5), ref: 00403C04
                                                    • GetLastError.KERNEL32(000000F5), ref: 00403C1E
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.283407680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.283396024.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283452234.000000000040B000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283480984.0000000000411000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: File$HandlePointer$CloseCreateErrorLastReadSizeType
                                                    • String ID:
                                                    • API String ID: 1694776339-0
                                                    • Opcode ID: bd0a662ad2dd38144def4530256030cdb08cf53568247c3ffcddd32d1ed1ea18
                                                    • Instruction ID: 6684f6b4d1923fa93cc5777a7ebe0ca766b8c5f16b1f456132d2f0a6dbb27d3d
                                                    • Opcode Fuzzy Hash: bd0a662ad2dd38144def4530256030cdb08cf53568247c3ffcddd32d1ed1ea18
                                                    • Instruction Fuzzy Hash: 444194302042009EF7305F258805B237DEDEB4571AF208A3FA1D6BA6E1E77DAE419B5D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004053C4, Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 167COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 61%
                                                    			E004053C4(void* __ebx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				intOrPtr _t148;
				intOrPtr _t156;

				_t153 = __esi;
				_t152 = __edi;
				_push(0);
				_push(0);
				_push(0);
				_push(__esi);
				_push(__edi);
				_push(_t156);
				_push(0x40560c);
				_push( *[fs:eax]);
				 *[fs:eax] = _t156;
				_t104 = GetSystemDefaultLCID();
				E0040520C(_t31, 0, 0x14,  &_v16);
				E004031E8(0x40c494, _t104, _v16, __edi, __esi);
				E0040520C(_t104, 0x405624, 0x1b,  &_v16);
				 *0x40c498 = E00404CC4(0x405624, 0);
				E0040520C(_t104, 0x405624, 0x1c,  &_v16);
				 *0x40c499 = E00404CC4(0x405624, 0);
				 *0x40c49a = E00405258(_t104, 0x2c, 0xf);
				 *0x40c49b = E00405258(_t104, 0x2e, 0xe);
				E0040520C(_t104, 0x405624, 0x19,  &_v16);
				 *0x40c49c = E00404CC4(0x405624, 0);
				 *0x40c49d = E00405258(_t104, 0x2f, 0x1d);
				E0040520C(_t104, "m/d/yy", 0x1f,  &_v16);
				E004031E8(0x40c4a0, _t104, _v16, _t152, _t153);
				E0040520C(_t104, "mmmm d, yyyy", 0x20,  &_v16);
				E004031E8(0x40c4a4, _t104, _v16, _t152, _t153);
				 *0x40c4a8 = E00405258(_t104, 0x3a, 0x1e);
				E0040520C(_t104, 0x405658, 0x28,  &_v16);
				E004031E8(0x40c4ac, _t104, _v16, _t152, _t153);
				E0040520C(_t104, 0x405664, 0x29,  &_v16);
				E004031E8(0x40c4b0, _t104, _v16, _t152, _t153);
				E0040520C(_t104, 0x405624, 0x25,  &_v16);
				if(E00404CC4(0x405624, 0) != 0) {
					E0040322C( &_v8, 0x40567c);
				} else {
					E0040322C( &_v8, 0x405670);
				}
				E0040520C(_t104, 0x405624, 0x23,  &_v16);
				if(E00404CC4(0x405624, 0) != 0) {
					E00403198( &_v12);
				} else {
					E0040322C( &_v12, 0x405688);
				}
				_push(_v8);
				_push(":mm");
				_push(_v12);
				E004033B4();
				_push(_v8);
				_push(":mm:ss");
				_push(_v12);
				E004033B4();
				_pop(_t148);
				 *[fs:eax] = _t148;
				_push(E00405613);
				return E004031B8( &_v16, 3);
			}








                                                    0x004053c4
                                                    0x004053c4
                                                    0x004053c7
                                                    0x004053c9
                                                    0x004053cb
                                                    0x004053ce
                                                    0x004053cf
                                                    0x004053d2
                                                    0x004053d3
                                                    0x004053d8
                                                    0x004053db
                                                    0x004053e3
                                                    0x004053f2
                                                    0x004053ff
                                                    0x00405414
                                                    0x00405423
                                                    0x00405438
                                                    0x00405447
                                                    0x0040545a
                                                    0x0040546d
                                                    0x00405482
                                                    0x00405491
                                                    0x004054a4
                                                    0x004054b9
                                                    0x004054c6
                                                    0x004054db
                                                    0x004054e8
                                                    0x004054fb
                                                    0x00405510
                                                    0x0040551d
                                                    0x00405532
                                                    0x0040553f
                                                    0x00405554
                                                    0x00405565
                                                    0x0040557e
                                                    0x00405567
                                                    0x0040556f
                                                    0x0040556f
                                                    0x00405593
                                                    0x004055a4
                                                    0x004055b8
                                                    0x004055a6
                                                    0x004055ae
                                                    0x004055ae
                                                    0x004055bd
                                                    0x004055c0
                                                    0x004055c5
                                                    0x004055d2
                                                    0x004055d7
                                                    0x004055da
                                                    0x004055df
                                                    0x004055ec
                                                    0x004055f3
                                                    0x004055f6
                                                    0x004055f9
                                                    0x0040560b

                                                    APIs
                                                    • GetSystemDefaultLCID.KERNEL32(00000000,0040560C,?,?,?,?,00000000,00000000,00000000,?,004065EB,00000000,004065FE), ref: 004053DE
                                                      • Part of subcall function 0040520C: GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0040C4BC,00000001,?,004052D7,?,00000000,004053B6), ref: 0040522A
                                                      • Part of subcall function 00405258: GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,0040545A,?,?,?,00000000,0040560C), ref: 0040526B
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.283407680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.283396024.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283452234.000000000040B000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283480984.0000000000411000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: InfoLocale$DefaultSystem
                                                    • String ID: AMPM$:mm$:mm:ss$m/d/yy$mmmm d, yyyy
                                                    • API String ID: 1044490935-665933166
                                                    • Opcode ID: 2becd82198b95216644133442ecc563e5ef80f5327bc31795fb041598c227e39
                                                    • Instruction ID: cc137df54ae1fcbb63b87987e69a719e9c27c4b31815d0debc5c9b1d2781c89a
                                                    • Opcode Fuzzy Hash: 2becd82198b95216644133442ecc563e5ef80f5327bc31795fb041598c227e39
                                                    • Instruction Fuzzy Hash: F8515374B00548ABDB00EBA59891A5F7769DB88304F50D5BBB515BB3C6CA3DCA058F1C
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004036B8, Relevance: 7.6, APIs: 5, Instructions: 55memoryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 68%
                                                    			E004036B8(char* __eax) {
				short _v2064;
				short* _t8;
				short* _t15;
				char* _t16;
				short* _t17;
				int _t18;
				int _t19;

				_t16 = __eax;
				_t18 = E004032F4(__eax);
				if(E004032F4(_t16) >= 0x400) {
					_t8 = MultiByteToWideChar(0, 0, _t16, _t18, 0, 0);
					_t19 = _t8;
					_push(_t19);
					_push(0);
					L00401224();
					_t17 = _t8;
					MultiByteToWideChar(0, 0, _t16, _t18, _t17, _t19);
				} else {
					_push(MultiByteToWideChar(0, 0, E00403414(_t16), _t18,  &_v2064, 0x400));
					_t15 =  &_v2064;
					_push(_t15);
					L00401224();
					_t17 = _t15;
				}
				return _t17;
			}










                                                    0x004036c2
                                                    0x004036cb
                                                    0x004036d9
                                                    0x00403710
                                                    0x00403715
                                                    0x00403717
                                                    0x00403718
                                                    0x0040371a
                                                    0x0040371f
                                                    0x00403729
                                                    0x004036db
                                                    0x004036f7
                                                    0x004036f8
                                                    0x004036fc
                                                    0x004036fd
                                                    0x00403702
                                                    0x00403702
                                                    0x0040373a

                                                    APIs
                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000400), ref: 004036F2
                                                    • SysAllocStringLen.OLEAUT32(?,00000000), ref: 004036FD
                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 00403710
                                                    • SysAllocStringLen.OLEAUT32(00000000,00000000), ref: 0040371A
                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00403729
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.283407680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.283396024.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283452234.000000000040B000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283480984.0000000000411000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: ByteCharMultiWide$AllocString
                                                    • String ID:
                                                    • API String ID: 262959230-0
                                                    • Opcode ID: 759139aa8138bb4f1b890a81a570935fc2f09484a8ccbcda4eb7e9d11bc9ffe5
                                                    • Instruction ID: 1285967c487f36a4f1f77a8b8e1f1fe351824cacfdb80e5859a13ebcd08b75b2
                                                    • Opcode Fuzzy Hash: 759139aa8138bb4f1b890a81a570935fc2f09484a8ccbcda4eb7e9d11bc9ffe5
                                                    • Instruction Fuzzy Hash: 17F068A13442543AF56075A75C43FAB198CCB45BAEF10457FF704FA2C2D8B89D0492BD
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004030DC, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E004030DC() {

				E00403094();
				 *0x40c014 = GetModuleHandleA(0);
				 *0x40c01c = GetCommandLineA();
				 *0x40c018 = 0xa;
				return 0x402e34;
			}



                                                    0x004030dc
                                                    0x004030e8
                                                    0x004030f3
                                                    0x004030f9
                                                    0x00403108

                                                    APIs
                                                    • GetModuleHandleA.KERNEL32(00000000,0040A60E), ref: 004030E3
                                                    • GetCommandLineA.KERNEL32(00000000,0040A60E), ref: 004030EE
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.283407680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.283396024.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283452234.000000000040B000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283480984.0000000000411000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CommandHandleLineModule
                                                    • String ID: U1hd.@$3d
                                                    • API String ID: 2123368496-743069200
                                                    • Opcode ID: ab44cebb113f23cc453db0582047ce3f33ed2b100303cb8959b7892e21e32e4b
                                                    • Instruction ID: 0f926add87520dc699e98d27074396f9fab16295c11a520b4b5863bd90c7cb52
                                                    • Opcode Fuzzy Hash: ab44cebb113f23cc453db0582047ce3f33ed2b100303cb8959b7892e21e32e4b
                                                    • Instruction Fuzzy Hash: 03C01274541300CAD328AFF69E8A304B990A385349F40823FA608BA2F1CA7C4201EBDD
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00401918, Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 67%
                                                    			E00401918() {
				signed int _t13;
				intOrPtr _t19;
				intOrPtr _t20;
				intOrPtr _t23;

				_push(_t23);
				_push(E004019CE);
				_push( *[fs:edx]);
				 *[fs:edx] = _t23;
				_push(0x40c41c);
				L0040126C();
				if( *0x40c032 != 0) {
					_push(0x40c41c);
					L00401274();
				}
				E004012DC(0x40c43c);
				E004012DC(0x40c44c);
				E004012DC(0x40c478);
				 *0x40c474 = LocalAlloc(0, 0xff8);
				if( *0x40c474 != 0) {
					_t13 = 3;
					do {
						_t20 =  *0x40c474; // 0x0
						 *((intOrPtr*)(_t20 + _t13 * 4 - 0xc)) = 0;
						_t13 = _t13 + 1;
					} while (_t13 != 0x401);
					 *((intOrPtr*)(0x40c460)) = 0x40c45c;
					 *0x40c45c = 0x40c45c;
					 *0x40c468 = 0x40c45c;
					 *0x40c415 = 1;
				}
				_pop(_t19);
				 *[fs:eax] = _t19;
				_push(E004019D5);
				if( *0x40c032 != 0) {
					_push(0x40c41c);
					L0040127C();
					return 0;
				}
				return 0;
			}







                                                    0x0040191d
                                                    0x0040191e
                                                    0x00401923
                                                    0x00401926
                                                    0x00401929
                                                    0x0040192e
                                                    0x0040193a
                                                    0x0040193c
                                                    0x00401941
                                                    0x00401941
                                                    0x0040194b
                                                    0x00401955
                                                    0x0040195f
                                                    0x00401970
                                                    0x0040197c
                                                    0x0040197e
                                                    0x00401983
                                                    0x00401983
                                                    0x0040198b
                                                    0x0040198f
                                                    0x00401990
                                                    0x0040199c
                                                    0x0040199f
                                                    0x004019a1
                                                    0x004019a6
                                                    0x004019a6
                                                    0x004019af
                                                    0x004019b2
                                                    0x004019b5
                                                    0x004019c1
                                                    0x004019c3
                                                    0x004019c8
                                                    0x00000000
                                                    0x004019c8
                                                    0x004019cd

                                                    APIs
                                                    • RtlInitializeCriticalSection.KERNEL32(0040C41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 0040192E
                                                    • RtlEnterCriticalSection.KERNEL32(0040C41C,0040C41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 00401941
                                                    • LocalAlloc.KERNEL32(00000000,00000FF8,0040C41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 0040196B
                                                    • RtlLeaveCriticalSection.KERNEL32(0040C41C,004019D5,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 004019C8
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.283407680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.283396024.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283452234.000000000040B000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283480984.0000000000411000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CriticalSection$AllocEnterInitializeLeaveLocal
                                                    • String ID:
                                                    • API String ID: 730355536-0
                                                    • Opcode ID: aabd9570e7a52811c13604d6a46282fe49281d95e81aad3d3e53893a1864dea1
                                                    • Instruction ID: 093a8b970c40f4dda7bd37408b901a2e20e4e29fb74a5496b56404d4d89a3717
                                                    • Opcode Fuzzy Hash: aabd9570e7a52811c13604d6a46282fe49281d95e81aad3d3e53893a1864dea1
                                                    • Instruction Fuzzy Hash: CC0161B0684240DEE715ABA999E6B353AA4E786744F10427FF080F62F2C67C4450CB9D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00406E10, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 113registryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 91%
                                                    			E00406E10(void* __eax, void* __ebx, intOrPtr __ecx, char* __edx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8) {
				char* _v8;
				intOrPtr _v12;
				int _v16;
				int _v20;
				char _v24;
				signed int _t56;
				intOrPtr _t64;
				intOrPtr _t80;
				void* _t85;
				signed int _t89;
				signed int _t90;
				void* _t93;

				_v24 = 0;
				_v12 = __ecx;
				_v8 = __edx;
				_t85 = __eax;
				_push(_t93);
				_push(0x406f48);
				_push( *[fs:eax]);
				 *[fs:eax] = _t93 + 0xffffffec;
				while(1) {
					_v20 = 0;
					if(RegQueryValueExA(_t85, _v8, 0,  &_v16, 0,  &_v20) != 0 || _v16 != _a8 && _v16 != _a4) {
						break;
					}
					if(_v20 != 0) {
						__eflags = _v20 - 0x70000000;
						if(_v20 >= 0x70000000) {
							E00405884();
						}
						_t87 = _v20;
						__eflags = _v20;
						_t16 =  &_v24; // 0x407129
						E00403278(_t16, _t87 >> 0, 0, _v20);
						_t18 =  &_v24; // 0x407129
						_t56 = RegQueryValueExA(_t85, _v8, 0,  &_v16, E00403420(_t18),  &_v20);
						__eflags = _t56 - 0xea;
						if(_t56 == 0xea) {
							continue;
						} else {
							__eflags = _t56;
							if(_t56 != 0) {
								break;
							}
							__eflags = _v16 - _a8;
							if(_v16 == _a8) {
								L12:
								_t89 = _v20;
								__eflags = _t89;
								_t90 = _t89 >> 0;
								while(1) {
									__eflags = _t90;
									if(_t90 == 0) {
										break;
									}
									_t26 =  &_v24; // 0x407129
									_t64 =  *_t26;
									__eflags =  *((char*)(_t64 + _t90 - 1));
									if( *((char*)(_t64 + _t90 - 1)) == 0) {
										_t90 = _t90 - 1;
										__eflags = _t90;
										continue;
									}
									break;
								}
								__eflags = _v16 - 7;
								if(_v16 == 7) {
									__eflags = _t90;
									if(_t90 != 0) {
										_t90 = _t90 + 1;
										__eflags = _t90;
									}
								}
								_t30 =  &_v24; // 0x407129
								E004034F0(_t30, _t90);
								__eflags = _v16 - 7;
								if(_v16 == 7) {
									__eflags = _t90;
									if(_t90 != 0) {
										_t32 =  &_v24; // 0x407129
										 *((char*)(E00403420(_t32) + _t90 - 1)) = 0;
									}
								}
								_t36 =  &_v24; // 0x407129
								E004031E8(_v12, 0,  *_t36, _t85, _t90);
								break;
							}
							__eflags = _v16 - _a4;
							if(_v16 != _a4) {
								break;
							}
							goto L12;
						}
					}
					E00403198(_v12);
					break;
				}
				_pop(_t80);
				 *[fs:eax] = _t80;
				_push(E00406F4F);
				_t37 =  &_v24; // 0x407129
				return E00403198(_t37);
			}















                                                    0x00406e1b
                                                    0x00406e1e
                                                    0x00406e21
                                                    0x00406e24
                                                    0x00406e28
                                                    0x00406e29
                                                    0x00406e2e
                                                    0x00406e31
                                                    0x00406e36
                                                    0x00406e38
                                                    0x00406e53
                                                    0x00000000
                                                    0x00000000
                                                    0x00406e71
                                                    0x00406e82
                                                    0x00406e89
                                                    0x00406e8b
                                                    0x00406e8b
                                                    0x00406e90
                                                    0x00406e93
                                                    0x00406e98
                                                    0x00406e9f
                                                    0x00406ea8
                                                    0x00406ebc
                                                    0x00406ec1
                                                    0x00406ec6
                                                    0x00000000
                                                    0x00406ecc
                                                    0x00406ecc
                                                    0x00406ece
                                                    0x00000000
                                                    0x00000000
                                                    0x00406ed3
                                                    0x00406ed6
                                                    0x00406ee0
                                                    0x00406ee0
                                                    0x00406ee3
                                                    0x00406ee5
                                                    0x00406eeb
                                                    0x00406eeb
                                                    0x00406eed
                                                    0x00000000
                                                    0x00000000
                                                    0x00406eef
                                                    0x00406eef
                                                    0x00406ef2
                                                    0x00406ef7
                                                    0x00406eea
                                                    0x00406eea
                                                    0x00000000
                                                    0x00406eea
                                                    0x00000000
                                                    0x00406ef7
                                                    0x00406ef9
                                                    0x00406efd
                                                    0x00406eff
                                                    0x00406f01
                                                    0x00406f03
                                                    0x00406f03
                                                    0x00406f03
                                                    0x00406f01
                                                    0x00406f04
                                                    0x00406f09
                                                    0x00406f0e
                                                    0x00406f12
                                                    0x00406f14
                                                    0x00406f16
                                                    0x00406f18
                                                    0x00406f20
                                                    0x00406f20
                                                    0x00406f16
                                                    0x00406f28
                                                    0x00406f2b
                                                    0x00000000
                                                    0x00406f30
                                                    0x00406edb
                                                    0x00406ede
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406ede
                                                    0x00406ec6
                                                    0x00406e76
                                                    0x00000000
                                                    0x00406e7b
                                                    0x00406f34
                                                    0x00406f37
                                                    0x00406f3a
                                                    0x00406f3f
                                                    0x00406f47

                                                    APIs
                                                    • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,00000000,?,00000000,00406F48,?,00000000,00409918,00000000), ref: 00406E4C
                                                    • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,00000000,70000000,?,?,00000000,00000000,00000000,?,00000000,00406F48,?,00000000), ref: 00406EBC
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.283407680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.283396024.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283452234.000000000040B000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283480984.0000000000411000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: QueryValue
                                                    • String ID: )q@
                                                    • API String ID: 3660427363-2284170586
                                                    • Opcode ID: 32d2d681139902fa63b50b1e86c1c6042aee641263ad409bd5d16b68eaa8278f
                                                    • Instruction ID: 22a93fbabe645b78fd14ced98f65bd4bcb22fe3fd6f8222f7fa8e6a3c98f8dfc
                                                    • Opcode Fuzzy Hash: 32d2d681139902fa63b50b1e86c1c6042aee641263ad409bd5d16b68eaa8278f
                                                    • Instruction Fuzzy Hash: E6415E31D0021AAFDB21DF95C881BAFB7B8EB04704F56447AE901F7280D738AF108B99
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00409C88, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30windowCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 31%
                                                    			E00409C88(void* __ebx, void* __edi, void* __esi) {
				char _v8;
				intOrPtr _t17;
				intOrPtr _t22;

				_push(0);
				_push(_t22);
				_push(0x409cd8);
				_push( *[fs:eax]);
				 *[fs:eax] = _t22;
				E0040322C( &_v8, "The Setup program accepts optional command line parameters.\r\n\r\n/HELP, /?\r\nShows this information.\r\n/SP-\r\nDisables the This will install... Do you wish to continue? prompt at the beginning of Setup.\r\n/SILENT, /VERYSILENT\r\nInstructs Setup to be silent or very silent.\r\n/SUPPRESSMSGBOXES\r\nInstructs Setup to suppress message boxes.\r\n/LOG\r\nCauses Setup to create a log file in the user\'s TEMP directory.\r\n/LOG=\"filename\"\r\nSame as /LOG, except it allows you to specify a fixed path/filename to use for the log file.\r\n/NOCANCEL\r\nPrevents the user from cancelling during the installation process.\r\n/NORESTART\r\nPrevents Setup from restarting the system following a successful installation, or after a Preparing to Install failure that requests a restart.\r\n/RESTARTEXITCODE=exit code\r\nSpecifies a custom exit code that Setup is to return when the system needs to be restarted.\r\n/CLOSEAPPLICATIONS\r\nInstructs Setup to close applications using files that need to be updated.\r\n/NOCLOSEAPPLICATIONS\r\nPrevents Setup from closing applications using files that need to be updated.\r\n/RESTARTAPPLICATIONS\r\nInstructs Setup to restart applications.\r\n/NORESTARTAPPLICATIONS\r\nPrevents Setup from restarting applications.\r\n/LOADINF=\"filename\"\r\nInstructs Setup to load the settings from the specified file after having checked the command line.\r\n/SAVEINF=\"filename\"\r\nInstructs Setup to save installation settings to the specified file.\r\n/LANG=language\r\nSpecifies the internal name of the language to use.\r\n/DIR=\"x:\\dirname\"\r\nOverrides the default directory name.\r\n/GROUP=\"folder name\"\r\nOverrides the default folder name.\r\n/NOICONS\r\nInstructs Setup to initially check the Don\'t create a Start Menu folder check box.\r\n/TYPE=type name\r\nOverrides the default setup type.\r\n/COMPONENTS=\"comma separated list of component names\"\r\nOverrides the default component settings.\r\n/TASKS=\"comma separated list of task names\"\r\nSpecifies a list of tasks that should be initially selected.\r\n/MERGETASKS=\"comma separated list of task names\"\r\nLike the /TASKS parameter, except the specified tasks will be merged with the set of tasks that would have otherwise been selected by default.\r\n/PASSWORD=password\r\nSpecifies the password to use.\r\n\r\nFor more detailed information, please visit http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdline");
				MessageBoxA(0, E00403414(_v8), "Setup", 0x10);
				_pop(_t17);
				 *[fs:eax] = _t17;
				_push(E00409CDF);
				return E00403198( &_v8);
			}






                                                    0x00409c8b
                                                    0x00409c92
                                                    0x00409c93
                                                    0x00409c98
                                                    0x00409c9b
                                                    0x00409ca6
                                                    0x00409cbd
                                                    0x00409cc4
                                                    0x00409cc7
                                                    0x00409cca
                                                    0x00409cd7

                                                    APIs
                                                    Strings
                                                    • Setup, xrefs: 00409CAD
                                                    • The Setup program accepts optional command line parameters./HELP, /?Shows this information./SP-Disables the This will install... Do you wish to continue? prompt at the beginning of Setup./SILENT, /VERYSILENTInstructs Setup to be silent or very si, xrefs: 00409CA1
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.283407680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.283396024.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283452234.000000000040B000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000000.00000002.283480984.0000000000411000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Message
                                                    • String ID: Setup$The Setup program accepts optional command line parameters./HELP, /?Shows this information./SP-Disables the This will install... Do you wish to continue? prompt at the beginning of Setup./SILENT, /VERYSILENTInstructs Setup to be silent or very si
                                                    • API String ID: 2030045667-3271211647
                                                    • Opcode ID: bc66b1cf8cea732a030952d466b76090b354ad7a58696f118c0a4b0261ee3717
                                                    • Instruction ID: b8b600ed6bdfe48e96a015bdf4867c85bc36f5512d0f27a60c0f94c744360238
                                                    • Opcode Fuzzy Hash: bc66b1cf8cea732a030952d466b76090b354ad7a58696f118c0a4b0261ee3717
                                                    • Instruction Fuzzy Hash: 8EE0E5302482087EE311EA528C13F6A7BACE789B04F600477F900B15C3D6786E00A068
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Analysis Process: ccproxysetup-free.tmp PID: 2872 Parent PID: 6048 ccproxysetup-free.tmpCOMMON

                                                    Execution Graph

                                                    Execution Coverage:16.7%
                                                    Dynamic/Decrypted Code Coverage:0%
                                                    Signature Coverage:7.3%
                                                    Total number of Nodes:2000
                                                    Total number of Limit Nodes:91

                                                    Graph

                                                    execution_graph 49916 416b42 49917 416bea 49916->49917 49918 416b5a 49916->49918 49935 41531c LocalAlloc TlsSetValue TlsGetValue TlsGetValue 49917->49935 49920 416b74 SendMessageA 49918->49920 49921 416b68 49918->49921 49931 416bc8 49920->49931 49922 416b72 CallWindowProcA 49921->49922 49923 416b8e 49921->49923 49922->49931 49932 41a058 GetSysColor 49923->49932 49926 416b99 SetTextColor 49927 416bae 49926->49927 49933 41a058 GetSysColor 49927->49933 49929 416bb3 SetBkColor 49934 41a6e0 GetSysColor CreateBrushIndirect 49929->49934 49932->49926 49933->49929 49934->49931 49935->49931 49936 402584 49937 402598 49936->49937 49938 4025ab 49936->49938 49966 4019cc RtlInitializeCriticalSection RtlEnterCriticalSection LocalAlloc RtlLeaveCriticalSection 49937->49966 49939 4025c2 RtlEnterCriticalSection 49938->49939 49940 4025cc 49938->49940 49939->49940 49952 4023b4 13 API calls 49940->49952 49942 40259d 49942->49938 49944 4025a1 49942->49944 49945 4025d9 49948 402635 49945->49948 49949 40262b RtlLeaveCriticalSection 49945->49949 49946 4025d5 49946->49945 49953 402088 49946->49953 49949->49948 49950 4025e5 49950->49945 49967 402210 9 API calls 49950->49967 49952->49946 49954 40209c 49953->49954 49955 4020af 49953->49955 49974 4019cc RtlInitializeCriticalSection RtlEnterCriticalSection LocalAlloc RtlLeaveCriticalSection 49954->49974 49957 4020c6 RtlEnterCriticalSection 49955->49957 49960 4020d0 49955->49960 49957->49960 49958 4020a1 49958->49955 49959 4020a5 49958->49959 49963 402106 49959->49963 49960->49963 49968 401f94 49960->49968 49963->49950 49964 4021f1 RtlLeaveCriticalSection 49965 4021fb 49964->49965 49965->49950 49966->49942 49967->49945 49971 401fa4 49968->49971 49969 401fd0 49973 401ff4 49969->49973 49980 401db4 49969->49980 49971->49969 49971->49973 49975 401f0c 49971->49975 49973->49964 49973->49965 49974->49958 49984 40178c 49975->49984 49977 401f1c 49979 401f29 49977->49979 49993 401e80 9 API calls 49977->49993 49979->49971 49981 401e02 49980->49981 49982 401dd2 49980->49982 49981->49982 50014 401d1c 49981->50014 49982->49973 49987 4017a8 49984->49987 49986 4017b2 49994 401678 49986->49994 49987->49986 49989 4017be 49987->49989 49991 401803 49987->49991 49998 4014e4 49987->49998 50006 4013e0 LocalAlloc 49987->50006 49989->49977 50007 4015c0 VirtualFree 49991->50007 49993->49979 49996 4016be 49994->49996 49995 4016ee 49995->49989 49996->49995 49997 4016da VirtualAlloc 49996->49997 49997->49995 49997->49996 49999 4014f3 VirtualAlloc 49998->49999 50001 401520 49999->50001 50002 401543 49999->50002 50008 401398 50001->50008 50002->49987 50005 401530 VirtualFree 50005->50002 50006->49987 50007->49989 50011 401340 50008->50011 50012 40134c LocalAlloc 50011->50012 50013 40135e 50011->50013 50012->50013 50013->50002 50013->50005 50015 401d2e 50014->50015 50016 401d51 50015->50016 50017 401d63 50015->50017 50027 401940 50016->50027 50018 401940 3 API calls 50017->50018 50020 401d61 50018->50020 50021 401d79 50020->50021 50037 401bf8 9 API calls 50020->50037 50021->49982 50023 401d88 50024 401da2 50023->50024 50038 401c4c 9 API calls 50023->50038 50039 401454 LocalAlloc 50024->50039 50028 401966 50027->50028 50036 4019bf 50027->50036 50040 40170c 50028->50040 50032 40199a 50032->50036 50046 401454 LocalAlloc 50032->50046 50033 401983 50033->50032 50045 4015c0 VirtualFree 50033->50045 50036->50020 50037->50023 50038->50024 50039->50021 50042 401743 50040->50042 50041 401783 50044 4013e0 LocalAlloc 50041->50044 50042->50041 50043 40175d VirtualFree 50042->50043 50043->50042 50044->50033 50045->50032 50046->50036 50047 416644 50048 416651 50047->50048 50049 4166ab 50047->50049 50054 416550 CreateWindowExA 50048->50054 50050 416658 SetPropA SetPropA 50050->50049 50051 41668b 50050->50051 50052 41669e SetWindowPos 50051->50052 50052->50049 50054->50050 50055 4162ca 50056 4162f6 50055->50056 50057 4162d6 GetClassInfoA 50055->50057 50057->50056 50058 4162ea GetClassInfoA 50057->50058 50058->50056 50059 492004 50060 49203e 50059->50060 50061 49204a 50060->50061 50062 492040 50060->50062 50064 492059 50061->50064 50065 492082 50061->50065 50258 409098 MessageBeep 50062->50258 50067 446ff8 18 API calls 50064->50067 50072 4920ba 50065->50072 50073 492091 50065->50073 50069 492066 50067->50069 50259 406bb0 50069->50259 50080 4920c9 50072->50080 50081 4920f2 50072->50081 50076 446ff8 18 API calls 50073->50076 50078 49209e 50076->50078 50267 406c00 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50078->50267 50083 446ff8 18 API calls 50080->50083 50086 49211a 50081->50086 50087 492101 50081->50087 50082 4920a9 50268 44734c LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 50082->50268 50085 4920d6 50083->50085 50269 406c34 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50085->50269 50094 492129 50086->50094 50095 49214e 50086->50095 50271 407280 LocalAlloc TlsSetValue TlsGetValue TlsGetValue GetCurrentDirectoryA 50087->50271 50090 4920e1 50270 44734c LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 50090->50270 50091 492109 50272 44734c LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 50091->50272 50096 446ff8 18 API calls 50094->50096 50098 49215d 50095->50098 50099 492186 50095->50099 50097 492136 50096->50097 50273 4072a8 50097->50273 50101 446ff8 18 API calls 50098->50101 50106 4921be 50099->50106 50107 492195 50099->50107 50103 49216a 50101->50103 50102 49213e 50276 4470d0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 50102->50276 50277 42c804 50103->50277 50113 49220a 50106->50113 50114 4921cd 50106->50114 50109 446ff8 18 API calls 50107->50109 50111 4921a2 50109->50111 50287 4071f8 8 API calls 50111->50287 50119 492219 50113->50119 50120 492242 50113->50120 50116 446ff8 18 API calls 50114->50116 50115 4921ad 50288 44734c LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 50115->50288 50118 4921dc 50116->50118 50121 446ff8 18 API calls 50118->50121 50122 446ff8 18 API calls 50119->50122 50127 49227a 50120->50127 50128 492251 50120->50128 50123 4921ed 50121->50123 50124 492226 50122->50124 50289 491d08 8 API calls 50123->50289 50291 42c8a4 50124->50291 50136 492289 50127->50136 50137 4922b2 50127->50137 50131 446ff8 18 API calls 50128->50131 50129 4921f9 50290 44734c LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 50129->50290 50134 49225e 50131->50134 50297 42c8cc 50134->50297 50139 446ff8 18 API calls 50136->50139 50142 4922ea 50137->50142 50143 4922c1 50137->50143 50141 492296 50139->50141 50306 42c8fc LocalAlloc TlsSetValue TlsGetValue TlsGetValue IsDBCSLeadByte 50141->50306 50150 4922f9 50142->50150 50151 492322 50142->50151 50145 446ff8 18 API calls 50143->50145 50147 4922ce 50145->50147 50146 4922a1 50307 44734c LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 50146->50307 50308 42c92c 50147->50308 50153 446ff8 18 API calls 50150->50153 50156 49236e 50151->50156 50157 492331 50151->50157 50155 492306 50153->50155 50314 42c954 50155->50314 50163 49237d 50156->50163 50164 4923c0 50156->50164 50159 446ff8 18 API calls 50157->50159 50162 492340 50159->50162 50165 446ff8 18 API calls 50162->50165 50166 446ff8 18 API calls 50163->50166 50172 4923cf 50164->50172 50173 492433 50164->50173 50167 492351 50165->50167 50168 492390 50166->50168 50320 42c4f8 LocalAlloc TlsSetValue TlsGetValue TlsGetValue IsDBCSLeadByte 50167->50320 50170 446ff8 18 API calls 50168->50170 50174 4923a1 50170->50174 50171 49235d 50321 44734c LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 50171->50321 50246 446ff8 50172->50246 50181 492472 50173->50181 50182 492442 50173->50182 50322 491f00 12 API calls 50174->50322 50180 4923af 50323 44734c LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 50180->50323 50191 4924b1 50181->50191 50192 492481 50181->50192 50183 446ff8 18 API calls 50182->50183 50186 49244f 50183->50186 50184 4923ea 50187 4923ee 50184->50187 50188 492423 50184->50188 50326 452908 50186->50326 50190 446ff8 18 API calls 50187->50190 50325 4470d0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 50188->50325 50195 4923fd 50190->50195 50200 4924f0 50191->50200 50201 4924c0 50191->50201 50196 446ff8 18 API calls 50192->50196 50251 452c80 50195->50251 50199 49248e 50196->50199 50333 452770 50199->50333 50210 492538 50200->50210 50211 4924ff 50200->50211 50204 446ff8 18 API calls 50201->50204 50202 49240d 50324 4470d0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 50202->50324 50207 4924cd 50204->50207 50206 49249b 50340 4470d0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 50206->50340 50341 452e10 50207->50341 50217 492580 50210->50217 50218 492547 50210->50218 50213 446ff8 18 API calls 50211->50213 50215 49250e 50213->50215 50216 446ff8 18 API calls 50215->50216 50219 49251f 50216->50219 50222 492593 50217->50222 50229 492649 50217->50229 50220 446ff8 18 API calls 50218->50220 50348 447278 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 50219->50348 50221 492556 50220->50221 50223 446ff8 18 API calls 50221->50223 50225 446ff8 18 API calls 50222->50225 50226 492567 50223->50226 50228 4925c0 50225->50228 50349 447278 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 50226->50349 50227 492045 50362 403420 50227->50362 50230 446ff8 18 API calls 50228->50230 50229->50227 50353 446f9c 50229->50353 50232 4925d7 50230->50232 50350 407ddc 7 API calls 50232->50350 50239 4925f9 50240 446ff8 18 API calls 50239->50240 50241 49260d 50240->50241 50351 408508 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50241->50351 50243 492618 50352 44734c LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 50243->50352 50245 492624 50247 447000 50246->50247 50370 436078 50247->50370 50249 44701f 50250 42c608 7 API calls 50249->50250 50250->50184 50420 452724 50251->50420 50253 452c9d 50253->50202 50254 452c99 50254->50253 50255 452cc1 MoveFileA GetLastError 50254->50255 50426 452760 50255->50426 50258->50227 50260 406bbf 50259->50260 50261 406be1 50260->50261 50262 406bd8 50260->50262 50429 403778 50261->50429 50263 403400 4 API calls 50262->50263 50265 406bdf 50263->50265 50266 44734c LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 50265->50266 50266->50227 50267->50082 50268->50227 50269->50090 50270->50227 50271->50091 50272->50227 50436 403738 50273->50436 50276->50227 50278 403738 50277->50278 50279 42c827 GetFullPathNameA 50278->50279 50280 42c833 50279->50280 50281 42c84a 50279->50281 50280->50281 50283 42c83b 50280->50283 50282 403494 4 API calls 50281->50282 50285 42c848 50282->50285 50284 4034e0 4 API calls 50283->50284 50284->50285 50286 44734c LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 50285->50286 50286->50227 50287->50115 50288->50227 50289->50129 50290->50227 50438 42c79c 50291->50438 50294 403778 4 API calls 50295 42c8c5 50294->50295 50296 44734c LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 50295->50296 50296->50227 50453 42c674 50297->50453 50300 42c8e0 50302 403400 4 API calls 50300->50302 50301 42c8e9 50303 403778 4 API calls 50301->50303 50304 42c8e7 50302->50304 50303->50304 50305 44734c LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 50304->50305 50305->50227 50306->50146 50307->50227 50309 42c79c IsDBCSLeadByte 50308->50309 50310 42c93c 50309->50310 50311 403778 4 API calls 50310->50311 50312 42c94e 50311->50312 50313 44734c LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 50312->50313 50313->50227 50315 42c79c IsDBCSLeadByte 50314->50315 50316 42c964 50315->50316 50317 403778 4 API calls 50316->50317 50318 42c975 50317->50318 50319 44734c LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 50318->50319 50319->50227 50320->50171 50321->50227 50322->50180 50323->50227 50324->50227 50325->50227 50327 452724 2 API calls 50326->50327 50328 45291e 50327->50328 50329 452922 50328->50329 50330 45293e DeleteFileA GetLastError 50328->50330 50332 4470d0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 50329->50332 50331 452760 Wow64RevertWow64FsRedirection 50330->50331 50331->50329 50332->50227 50334 452724 2 API calls 50333->50334 50335 452786 50334->50335 50336 45278a 50335->50336 50337 4527a8 CreateDirectoryA GetLastError 50335->50337 50336->50206 50338 452760 Wow64RevertWow64FsRedirection 50337->50338 50339 4527ce 50338->50339 50339->50206 50340->50227 50342 452724 2 API calls 50341->50342 50343 452e26 50342->50343 50344 452e46 RemoveDirectoryA GetLastError 50343->50344 50346 452e2a 50343->50346 50345 452760 Wow64RevertWow64FsRedirection 50344->50345 50345->50346 50347 4470d0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 50346->50347 50347->50227 50348->50227 50349->50227 50350->50239 50351->50243 50352->50245 50354 446fa0 50353->50354 50456 435f9c 50354->50456 50356 446fba 50357 42e8c8 FormatMessageA 50356->50357 50358 42e8ee 50357->50358 50359 4034e0 4 API calls 50358->50359 50360 42e90b 50359->50360 50361 44734c LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 50360->50361 50361->50227 50364 403426 50362->50364 50363 40344b 50366 403400 50363->50366 50364->50363 50365 402660 4 API calls 50364->50365 50365->50364 50367 403406 50366->50367 50368 40341f 50366->50368 50367->50368 50369 402660 4 API calls 50367->50369 50369->50368 50371 4360a6 50370->50371 50372 436084 50370->50372 50373 436129 50371->50373 50375 436111 50371->50375 50376 436105 50371->50376 50377 4360f9 50371->50377 50378 4360ed 50371->50378 50379 43611d 50371->50379 50372->50371 50390 408c0c LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50372->50390 50399 408c0c LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50373->50399 50394 403494 50375->50394 50376->50249 50385 403510 4 API calls 50377->50385 50391 403510 50378->50391 50398 4040e8 18 API calls 50379->50398 50384 43613a 50384->50249 50389 436102 50385->50389 50387 436126 50387->50249 50389->50249 50390->50371 50400 4034e0 50391->50400 50396 403498 50394->50396 50395 4034ba 50395->50249 50396->50395 50415 402660 50396->50415 50398->50387 50399->50384 50405 4034bc 50400->50405 50402 4034f0 50403 403400 4 API calls 50402->50403 50404 403508 50403->50404 50404->50249 50406 4034c0 50405->50406 50407 4034dc 50405->50407 50410 402648 50406->50410 50407->50402 50409 4034c9 50409->50402 50411 40264c 50410->50411 50412 402656 50410->50412 50411->50412 50414 4033bc LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50411->50414 50412->50409 50412->50412 50414->50412 50416 402664 50415->50416 50417 40266e 50415->50417 50416->50417 50419 4033bc LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50416->50419 50417->50395 50417->50417 50419->50417 50421 452732 50420->50421 50422 45272e 50420->50422 50423 452754 SetLastError 50421->50423 50424 45273b Wow64DisableWow64FsRedirection 50421->50424 50422->50254 50425 45274f 50423->50425 50424->50425 50425->50254 50427 452765 Wow64RevertWow64FsRedirection 50426->50427 50428 45276f 50426->50428 50427->50428 50428->50202 50430 4037aa 50429->50430 50431 40377d 50429->50431 50432 403400 4 API calls 50430->50432 50431->50430 50434 403791 50431->50434 50433 4037a0 50432->50433 50433->50265 50435 4034e0 4 API calls 50434->50435 50435->50433 50437 40373c SetCurrentDirectoryA 50436->50437 50437->50102 50443 42c67c 50438->50443 50440 42c7fb 50440->50294 50441 42c7b1 50441->50440 50450 42c444 IsDBCSLeadByte 50441->50450 50446 42c68d 50443->50446 50444 42c6f1 50447 42c6ec 50444->50447 50452 42c444 IsDBCSLeadByte 50444->50452 50446->50444 50449 42c6ab 50446->50449 50447->50441 50449->50447 50451 42c444 IsDBCSLeadByte 50449->50451 50450->50441 50451->50449 50452->50447 50454 42c67c IsDBCSLeadByte 50453->50454 50455 42c67b 50454->50455 50455->50300 50455->50301 50457 435fa5 50456->50457 50466 435fc7 50456->50466 50457->50466 50467 408c0c LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50457->50467 50458 436046 50469 408c0c LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50458->50469 50461 43601a 50461->50356 50462 43603d 50468 403f90 18 API calls 50462->50468 50464 436057 50464->50356 50465 436044 50465->50356 50466->50458 50466->50461 50466->50462 50467->50466 50468->50465 50469->50464 50470 423c0c 50491 423c42 50470->50491 50473 423cec 50475 423cf3 50473->50475 50476 423d27 50473->50476 50474 423c8d 50477 423c93 50474->50477 50478 423d50 50474->50478 50483 423cf9 50475->50483 50523 423fb1 50475->50523 50479 423d32 50476->50479 50480 42409a IsIconic 50476->50480 50484 423cc5 50477->50484 50485 423c98 50477->50485 50481 423d62 50478->50481 50482 423d6b 50478->50482 50488 4240d6 50479->50488 50489 423d3b 50479->50489 50490 423c63 50480->50490 50495 4240ae GetFocus 50480->50495 50492 423d78 50481->50492 50493 423d69 50481->50493 50587 424194 11 API calls 50482->50587 50496 423f13 SendMessageA 50483->50496 50497 423d07 50483->50497 50484->50490 50513 423cde 50484->50513 50514 423e3f 50484->50514 50486 423df6 50485->50486 50487 423c9e 50485->50487 50600 423b84 NtdllDefWindowProc_A 50486->50600 50502 423ca7 50487->50502 50503 423e1e PostMessageA 50487->50503 50620 424850 WinHelpA PostMessageA 50488->50620 50499 4240ed 50489->50499 50515 423cc0 50489->50515 50491->50490 50564 423b68 50491->50564 50588 4241dc IsIconic 50492->50588 50596 423b84 NtdllDefWindowProc_A 50493->50596 50495->50490 50501 4240bf 50495->50501 50496->50490 50497->50490 50497->50515 50543 423f56 50497->50543 50511 4240f6 50499->50511 50512 42410b 50499->50512 50618 41eff4 GetCurrentThreadId EnumThreadWindows 50501->50618 50508 423cb0 50502->50508 50509 423ea5 50502->50509 50568 423b84 NtdllDefWindowProc_A 50503->50568 50518 423cb9 50508->50518 50519 423dce IsIconic 50508->50519 50520 423eae 50509->50520 50521 423edf 50509->50521 50510 4240eb 50510->50490 50621 4244d4 50511->50621 50627 42452c LocalAlloc TlsSetValue TlsGetValue TlsGetValue SendMessageA 50512->50627 50513->50515 50524 423e0b 50513->50524 50569 423b84 NtdllDefWindowProc_A 50514->50569 50515->50490 50586 423b84 NtdllDefWindowProc_A 50515->50586 50518->50515 50530 423d91 50518->50530 50532 423dea 50519->50532 50533 423dde 50519->50533 50531 423b14 5 API calls 50520->50531 50583 423b84 NtdllDefWindowProc_A 50521->50583 50523->50490 50540 423fd7 IsWindowEnabled 50523->50540 50601 424178 50524->50601 50528 423e45 50537 423e83 50528->50537 50538 423e61 50528->50538 50529 4240ce SetFocus 50529->50490 50530->50490 50597 422c4c ShowWindow PostMessageA PostQuitMessage 50530->50597 50539 423eb6 50531->50539 50599 423b84 NtdllDefWindowProc_A 50532->50599 50598 423bc0 15 API calls 50533->50598 50536 423ee5 50542 423efd 50536->50542 50584 41eea4 GetCurrentThreadId EnumThreadWindows 50536->50584 50576 423a84 50537->50576 50570 423b14 50538->50570 50547 423ec8 50539->50547 50606 41ef58 50539->50606 50540->50490 50548 423fe5 50540->50548 50550 423a84 6 API calls 50542->50550 50543->50490 50551 423f78 IsWindowEnabled 50543->50551 50612 423b84 NtdllDefWindowProc_A 50547->50612 50557 423fec IsWindowVisible 50548->50557 50550->50490 50551->50490 50556 423f86 50551->50556 50613 412310 7 API calls 50556->50613 50557->50490 50559 423ffa GetFocus 50557->50559 50614 4181e0 50559->50614 50561 42400f SetFocus 50616 415240 50561->50616 50565 423b72 50564->50565 50566 423b7d 50564->50566 50565->50566 50628 408720 GetSystemDefaultLCID 50565->50628 50566->50473 50566->50474 50568->50490 50569->50528 50571 423b62 PostMessageA 50570->50571 50573 423b23 50570->50573 50571->50490 50572 423b5a 50703 40b1d8 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50572->50703 50573->50571 50573->50572 50575 423b4e SetWindowPos 50573->50575 50575->50572 50575->50573 50577 423a94 50576->50577 50579 423b0d PostMessageA 50576->50579 50578 423a9a EnumWindows 50577->50578 50577->50579 50578->50579 50580 423ab6 GetWindow GetWindowLongA 50578->50580 50704 423a1c GetWindow 50578->50704 50579->50490 50581 423ad5 50580->50581 50581->50579 50582 423b01 SetWindowPos 50581->50582 50582->50579 50582->50581 50583->50536 50585 41ef29 50584->50585 50585->50542 50586->50490 50587->50490 50589 424223 50588->50589 50590 4241ed SetActiveWindow 50588->50590 50589->50490 50707 42364c 50590->50707 50593 423b14 5 API calls 50594 42420a 50593->50594 50594->50589 50595 42421d SetFocus 50594->50595 50595->50589 50596->50490 50597->50490 50598->50490 50599->50490 50600->50490 50719 41db30 50601->50719 50604 424190 50604->50490 50605 424184 LoadIconA 50605->50604 50607 41ef60 IsWindow 50606->50607 50608 41ef8c 50606->50608 50609 41ef7a 50607->50609 50610 41ef6f EnableWindow 50607->50610 50608->50547 50609->50607 50609->50608 50611 402660 4 API calls 50609->50611 50610->50609 50611->50609 50612->50490 50613->50490 50615 4181ea 50614->50615 50615->50561 50617 41525b SetFocus 50616->50617 50617->50490 50619 41f022 50618->50619 50619->50490 50619->50529 50620->50510 50622 4244e0 50621->50622 50623 4244fa 50621->50623 50624 42450f 50622->50624 50625 4244e7 SendMessageA 50622->50625 50626 402648 4 API calls 50623->50626 50624->50490 50625->50624 50626->50624 50627->50510 50683 408568 GetLocaleInfoA 50628->50683 50633 408568 5 API calls 50634 408775 50633->50634 50635 408568 5 API calls 50634->50635 50636 408799 50635->50636 50695 4085b4 GetLocaleInfoA 50636->50695 50639 4085b4 GetLocaleInfoA 50640 4087c9 50639->50640 50641 408568 5 API calls 50640->50641 50642 4087e3 50641->50642 50643 4085b4 GetLocaleInfoA 50642->50643 50644 408800 50643->50644 50645 408568 5 API calls 50644->50645 50646 40881a 50645->50646 50647 403450 4 API calls 50646->50647 50648 408827 50647->50648 50649 408568 5 API calls 50648->50649 50650 40883c 50649->50650 50651 403450 4 API calls 50650->50651 50652 408849 50651->50652 50653 4085b4 GetLocaleInfoA 50652->50653 50654 408857 50653->50654 50655 408568 5 API calls 50654->50655 50656 408871 50655->50656 50657 403450 4 API calls 50656->50657 50684 4085a1 50683->50684 50685 40858f 50683->50685 50687 403494 4 API calls 50684->50687 50686 4034e0 4 API calls 50685->50686 50688 40859f 50686->50688 50687->50688 50689 403450 50688->50689 50690 403454 50689->50690 50692 403464 50689->50692 50690->50692 50693 4034bc 4 API calls 50690->50693 50691 403490 50691->50633 50692->50691 50694 402660 4 API calls 50692->50694 50693->50692 50694->50691 50696 4085d0 50695->50696 50696->50639 50703->50571 50705 423a3d GetWindowLongA 50704->50705 50706 423a49 50704->50706 50705->50706 50715 4235f8 SystemParametersInfoA 50707->50715 50710 423665 ShowWindow 50712 423670 50710->50712 50713 423677 50710->50713 50718 423628 SystemParametersInfoA 50712->50718 50713->50593 50716 423616 50715->50716 50716->50710 50717 423628 SystemParametersInfoA 50716->50717 50717->50710 50718->50713 50722 41db54 50719->50722 50723 41db3a 50722->50723 50724 41db61 50722->50724 50723->50604 50723->50605 50724->50723 50731 40ca80 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 50724->50731 50726 41db7e 50726->50723 50727 41db98 50726->50727 50728 41db8b 50726->50728 50732 41bd8c 11 API calls 50727->50732 50733 41b388 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 50728->50733 50731->50726 50732->50723 50733->50723 50734 41ee54 50735 41ee63 IsWindowVisible 50734->50735 50736 41ee99 50734->50736 50735->50736 50737 41ee6d IsWindowEnabled 50735->50737 50737->50736 50738 41ee77 50737->50738 50739 402648 4 API calls 50738->50739 50740 41ee81 EnableWindow 50739->50740 50740->50736 50741 41fb58 50742 41fb61 50741->50742 50745 41fdfc 50742->50745 50744 41fb6e 50746 41feee 50745->50746 50747 41fe13 50745->50747 50746->50744 50747->50746 50766 41f9bc GetWindowLongA GetSystemMetrics GetSystemMetrics GetWindowLongA 50747->50766 50749 41fe49 50750 41fe73 50749->50750 50751 41fe4d 50749->50751 50776 41f9bc GetWindowLongA GetSystemMetrics GetSystemMetrics GetWindowLongA 50750->50776 50767 41fb9c 50751->50767 50755 41fe81 50757 41fe85 50755->50757 50758 41feab 50755->50758 50756 41fb9c 10 API calls 50761 41fe71 50756->50761 50759 41fb9c 10 API calls 50757->50759 50760 41fb9c 10 API calls 50758->50760 50762 41fe97 50759->50762 50763 41febd 50760->50763 50761->50744 50764 41fb9c 10 API calls 50762->50764 50765 41fb9c 10 API calls 50763->50765 50764->50761 50765->50761 50766->50749 50768 41fbb7 50767->50768 50769 41f93c 4 API calls 50768->50769 50770 41fbcd 50768->50770 50769->50770 50777 41f93c 50770->50777 50772 41fc15 50773 41fc38 SetScrollInfo 50772->50773 50785 41fa9c 50773->50785 50776->50755 50778 4181e0 50777->50778 50779 41f959 GetWindowLongA 50778->50779 50780 41f996 50779->50780 50781 41f976 50779->50781 50797 41f8c8 GetWindowLongA GetSystemMetrics GetSystemMetrics 50780->50797 50796 41f8c8 GetWindowLongA GetSystemMetrics GetSystemMetrics 50781->50796 50784 41f982 50784->50772 50786 41faaa 50785->50786 50787 41fab2 50785->50787 50786->50756 50788 41faef 50787->50788 50789 41faf1 50787->50789 50790 41fae1 50787->50790 50793 41fb31 GetScrollPos 50788->50793 50799 417e48 IsWindowVisible ScrollWindow SetWindowPos 50789->50799 50798 417e48 IsWindowVisible ScrollWindow SetWindowPos 50790->50798 50793->50786 50794 41fb3c 50793->50794 50795 41fb4b SetScrollPos 50794->50795 50795->50786 50796->50784 50797->50784 50798->50788 50799->50788 50800 420598 50801 4205ab 50800->50801 50821 415b30 50801->50821 50803 4205e6 50804 4206f2 50803->50804 50805 420651 50803->50805 50814 420642 MulDiv 50803->50814 50808 420709 50804->50808 50828 4146d4 KiUserCallbackDispatcher 50804->50828 50826 420848 20 API calls 50805->50826 50807 420720 50811 420742 50807->50811 50830 420060 12 API calls 50807->50830 50808->50807 50829 414718 KiUserCallbackDispatcher 50808->50829 50812 42066a 50812->50804 50827 420060 12 API calls 50812->50827 50825 41a304 LocalAlloc TlsSetValue TlsGetValue TlsGetValue DeleteObject 50814->50825 50817 420687 50818 4206a3 MulDiv 50817->50818 50819 4206c6 50817->50819 50818->50819 50819->50804 50820 4206cf MulDiv 50819->50820 50820->50804 50822 415b42 50821->50822 50831 414470 50822->50831 50824 415b5a 50824->50803 50825->50805 50826->50812 50827->50817 50828->50808 50829->50807 50830->50811 50832 41448a 50831->50832 50835 410458 50832->50835 50834 4144a0 50834->50824 50838 40dca4 50835->50838 50837 41045e 50837->50834 50839 40dd06 50838->50839 50840 40dcb7 50838->50840 50845 40dd14 50839->50845 50843 40dd14 19 API calls 50840->50843 50844 40dce1 50843->50844 50844->50837 50846 40dd24 50845->50846 50848 40dd3a 50846->50848 50857 40e09c 50846->50857 50873 40d5e0 50846->50873 50876 40df4c 50848->50876 50851 40d5e0 5 API calls 50852 40dd42 50851->50852 50852->50851 50853 40ddae 50852->50853 50879 40db60 50852->50879 50855 40df4c 5 API calls 50853->50855 50856 40dd10 50855->50856 50856->50837 50893 40e96c 50857->50893 50859 403778 4 API calls 50860 40e0d7 50859->50860 50860->50859 50861 40e18d 50860->50861 50956 40d774 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 50860->50956 50957 40e080 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 50860->50957 50862 40e1b7 50861->50862 50863 40e1a8 50861->50863 50953 40ba24 50862->50953 50902 40e3c0 50863->50902 50869 40e1b5 50870 403400 4 API calls 50869->50870 50871 40e25c 50870->50871 50871->50846 50874 40ea08 5 API calls 50873->50874 50875 40d5ea 50874->50875 50875->50846 50994 40d4bc 50876->50994 51003 40df54 50879->51003 50882 40e96c 5 API calls 50883 40db9e 50882->50883 50884 40e96c 5 API calls 50883->50884 50885 40dba9 50884->50885 50886 40dbc4 50885->50886 50887 40dbbb 50885->50887 50892 40dbc1 50885->50892 51010 40d9d8 50886->51010 51013 40dac8 19 API calls 50887->51013 50890 403420 4 API calls 50891 40dc8f 50890->50891 50891->50852 50892->50890 50959 40d780 50893->50959 50896 4034e0 4 API calls 50897 40e98f 50896->50897 50963 403744 50897->50963 50899 40e996 50900 40d780 5 API calls 50899->50900 50901 40e9a4 50900->50901 50901->50860 50903 40e3f6 50902->50903 50904 40e3ec 50902->50904 50906 40e511 50903->50906 50907 40e495 50903->50907 50908 40e4f6 50903->50908 50909 40e576 50903->50909 50910 40e438 50903->50910 50911 40e4d9 50903->50911 50912 40e47a 50903->50912 50913 40e4bb 50903->50913 50946 40e45c 50903->50946 50968 40d440 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 50904->50968 50917 40d764 5 API calls 50906->50917 50976 40de24 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 50907->50976 50981 40e890 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 50908->50981 50921 40d764 5 API calls 50909->50921 50969 40d764 50910->50969 50979 40e9a8 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 50911->50979 50975 40d818 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 50912->50975 50978 40dde4 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 50913->50978 50925 40e519 50917->50925 50920 403400 4 API calls 50926 40e5eb 50920->50926 50927 40e57e 50921->50927 50924 40e4a0 50977 40d470 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 50924->50977 50935 40e523 50925->50935 50936 40e51d 50925->50936 50926->50869 50929 40e582 50927->50929 50930 40e59b 50927->50930 50928 40e4e4 50980 409d38 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50928->50980 50937 40ea08 5 API calls 50929->50937 50988 40de24 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 50930->50988 50932 40e461 50974 40ded8 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 50932->50974 50933 40e444 50972 40de24 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 50933->50972 50982 40ea08 50935->50982 50941 40e521 50936->50941 50942 40e53c 50936->50942 50937->50946 50986 40de24 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 50941->50986 50944 40ea08 5 API calls 50942->50944 50947 40e544 50944->50947 50945 40e44f 50973 40e26c LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 50945->50973 50946->50920 50985 40d8a0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 50947->50985 50950 40e566 50987 40e2d4 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50950->50987 50989 40b9d0 50953->50989 50956->50860 50957->50860 50958 40d774 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 50958->50869 50962 40d78b 50959->50962 50960 40d7c5 50960->50896 50962->50960 50967 40d7cc LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 50962->50967 50964 40374a 50963->50964 50966 40375b 50963->50966 50965 4034bc 4 API calls 50964->50965 50964->50966 50965->50966 50966->50899 50967->50962 50968->50903 50970 40ea08 5 API calls 50969->50970 50971 40d76e 50970->50971 50971->50932 50971->50933 50972->50945 50973->50946 50974->50946 50975->50946 50976->50924 50977->50946 50978->50946 50979->50928 50980->50946 50981->50946 50983 40d780 5 API calls 50982->50983 50984 40ea15 50983->50984 50984->50946 50985->50946 50986->50950 50987->50946 50988->50946 50990 40b9e2 50989->50990 50991 40ba07 50989->50991 50990->50991 50993 40ba84 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50990->50993 50991->50869 50991->50958 50993->50991 50995 40ea08 5 API calls 50994->50995 50996 40d4c9 50995->50996 50997 40d4dc 50996->50997 51001 40eb0c LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 50996->51001 50997->50852 50999 40d4d7 51002 40d458 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 50999->51002 51001->50999 51002->50997 51004 40d764 5 API calls 51003->51004 51005 40df6b 51004->51005 51006 40db93 51005->51006 51007 40ea08 5 API calls 51005->51007 51006->50882 51008 40df78 51007->51008 51008->51006 51014 40ded8 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 51008->51014 51015 40ab7c 19 API calls 51010->51015 51012 40da00 51012->50892 51013->50892 51014->51006 51015->51012 51016 480dd3 51017 480ddc 51016->51017 51018 480de8 51017->51018 51019 480e06 51017->51019 51020 480dfd 51018->51020 51409 47f8e8 42 API calls 51018->51409 51411 47f718 24 API calls 51019->51411 51410 47f718 24 API calls 51020->51410 51024 480e04 51025 480e41 51024->51025 51026 480e33 51024->51026 51029 480e80 51025->51029 51414 47f880 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 51025->51414 51412 476fe4 189 API calls 51026->51412 51028 480ea4 51031 480ebc 51028->51031 51032 480eb6 51028->51032 51029->51028 51034 480e99 51029->51034 51035 480e97 51029->51035 51037 480eba 51031->51037 51042 47f8c4 42 API calls 51031->51042 51032->51037 51142 47f8c4 51032->51142 51033 480e73 51415 47f8e8 42 API calls 51033->51415 51416 47f958 42 API calls 51034->51416 51041 47f8c4 42 API calls 51035->51041 51036 480e38 51036->51025 51413 408be0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 51036->51413 51147 47ca48 51037->51147 51041->51028 51042->51037 51477 47f3ac 42 API calls 51142->51477 51144 47f8df 51478 408be0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 51144->51478 51479 42d898 GetWindowsDirectoryA 51147->51479 51149 47ca6c 51150 403450 4 API calls 51149->51150 51151 47ca79 51150->51151 51481 42d8c4 GetSystemDirectoryA 51151->51481 51153 47ca81 51154 403450 4 API calls 51153->51154 51155 47ca8e 51154->51155 51483 42d8f0 51155->51483 51157 47ca96 51158 403450 4 API calls 51157->51158 51159 47caa3 51158->51159 51160 47caac 51159->51160 51161 47cac8 51159->51161 51539 42d208 51160->51539 51163 403400 4 API calls 51161->51163 51165 47cac6 51163->51165 51167 47cb0d 51165->51167 51169 42c8cc 5 API calls 51165->51169 51166 403450 4 API calls 51166->51165 51487 47c8d0 51167->51487 51171 47cae8 51169->51171 51173 403450 4 API calls 51171->51173 51175 47caf5 51173->51175 51175->51167 51179 403450 4 API calls 51175->51179 51179->51167 51409->51020 51410->51024 51411->51024 51412->51036 51414->51033 51415->51029 51416->51028 51477->51144 51480 42d8b9 51479->51480 51480->51149 51482 42d8e5 51481->51482 51482->51153 51484 403400 4 API calls 51483->51484 51485 42d900 GetModuleHandleA GetProcAddress 51484->51485 51486 42d919 51485->51486 51486->51157 51551 42de1c 51487->51551 51489 47c8f6 51490 47c91c 51489->51490 51491 47c8fa 51489->51491 51540 4038a4 4 API calls 51539->51540 51541 42d21b 51540->51541 51542 42d232 GetEnvironmentVariableA 51541->51542 51546 42d245 51541->51546 51585 42dbd0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 51541->51585 51542->51541 51543 42d23e 51542->51543 51545 403400 4 API calls 51543->51545 51545->51546 51546->51166 51552 42de27 51551->51552 51553 42de2d RegOpenKeyExA 51551->51553 51552->51553 51553->51489 51585->51541 53642 416a1c 53643 416a47 53642->53643 53644 416a2f 53642->53644 53647 416a42 53643->53647 53667 416990 PtInRect GetCapture 53643->53667 53645 416a31 53644->53645 53646 416a9a 53644->53646 53651 416a36 53645->53651 53652 416a64 53645->53652 53659 415270 53646->53659 53650 415270 59 API calls 53647->53650 53657 416ad1 53647->53657 53650->53657 53651->53647 53654 416b01 GetCapture 53651->53654 53652->53647 53658 421aec 6 API calls 53652->53658 53654->53647 53655 416aa3 53655->53657 53666 4168d0 PtInRect 53655->53666 53658->53647 53660 41527d 53659->53660 53661 4152e3 53660->53661 53662 4152d8 53660->53662 53665 4152e1 53660->53665 53668 424b8c 13 API calls 53661->53668 53662->53665 53669 41505c 46 API calls 53662->53669 53665->53655 53666->53657 53667->53647 53668->53665 53669->53665 53670 42285c 53671 42288c 53670->53671 53672 42286f 53670->53672 53674 4228c6 53671->53674 53675 422aa1 53671->53675 53679 422aff 53671->53679 53672->53671 53710 408cbc 53672->53710 53680 42291d 53674->53680 53718 4231a8 GetSystemMetrics 53674->53718 53676 422af3 53675->53676 53677 422ae9 53675->53677 53676->53679 53683 422b37 53676->53683 53684 422b18 53676->53684 53721 421e2c 11 API calls 53677->53721 53681 4229c9 53680->53681 53682 422a7c 53680->53682 53685 422a0b 53681->53685 53688 4229d5 53681->53688 53687 422a96 ShowWindow 53682->53687 53692 422b41 GetActiveWindow 53683->53692 53691 422b2f SetWindowPos 53684->53691 53690 422a25 ShowWindow 53685->53690 53687->53679 53693 4229df SendMessageA 53688->53693 53689 422961 53719 4231a0 GetSystemMetrics 53689->53719 53695 4181e0 53690->53695 53691->53679 53696 422b4c 53692->53696 53697 422b6b 53692->53697 53698 4181e0 53693->53698 53700 422a47 CallWindowProcA 53695->53700 53705 422b54 IsIconic 53696->53705 53701 422b71 53697->53701 53702 422b96 53697->53702 53699 422a03 ShowWindow 53698->53699 53703 422a5a SendMessageA 53699->53703 53720 414cc4 53700->53720 53706 422b88 SetWindowPos SetActiveWindow 53701->53706 53707 422ba0 ShowWindow 53702->53707 53703->53679 53705->53697 53708 422b5e 53705->53708 53706->53679 53707->53679 53709 41eff4 2 API calls 53708->53709 53709->53697 53711 408cc8 53710->53711 53722 406dec LoadStringA 53711->53722 53714 403450 4 API calls 53715 408cf9 53714->53715 53716 403400 4 API calls 53715->53716 53717 408d0e 53716->53717 53717->53671 53718->53689 53719->53680 53720->53703 53721->53676 53723 4034e0 4 API calls 53722->53723 53724 406e19 53723->53724 53724->53714 53725 4990e8 53783 403344 53725->53783 53727 4990f6 53786 4056a0 53727->53786 53729 4990fb 53789 40631c GetModuleHandleA GetProcAddress 53729->53789 53733 499105 53797 40994c 53733->53797 53737 49910f 53810 412928 53737->53810 54095 4032fc 53783->54095 53785 403349 GetModuleHandleA GetCommandLineA 53785->53727 53788 4056db 53786->53788 54096 4033bc LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53786->54096 53788->53729 53790 406338 53789->53790 53791 40633f GetProcAddress 53789->53791 53790->53791 53792 406355 GetProcAddress 53791->53792 53793 40634e 53791->53793 53794 406364 SetProcessDEPPolicy 53792->53794 53795 406368 53792->53795 53793->53792 53794->53795 53796 4063c4 7035DB20 53795->53796 53796->53733 54097 409024 53797->54097 53802 408720 7 API calls 53803 40996f 53802->53803 54112 409070 GetVersionExA 53803->54112 53806 410764 53807 41076e 53806->53807 53808 4107ad GetCurrentThreadId 53807->53808 53809 4107c8 53808->53809 53809->53737 54114 40ad0c 53810->54114 54095->53785 54096->53788 54098 408cbc 5 API calls 54097->54098 54099 409035 54098->54099 54100 4085dc GetSystemDefaultLCID 54099->54100 54104 408612 54100->54104 54101 406dec LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 54101->54104 54102 408568 LocalAlloc TlsSetValue TlsGetValue TlsGetValue GetLocaleInfoA 54102->54104 54103 403450 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 54103->54104 54104->54101 54104->54102 54104->54103 54108 408674 54104->54108 54105 406dec LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 54105->54108 54106 408568 LocalAlloc TlsSetValue TlsGetValue TlsGetValue GetLocaleInfoA 54106->54108 54107 403450 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 54107->54108 54108->54105 54108->54106 54108->54107 54109 4086f7 54108->54109 54110 403420 4 API calls 54109->54110 54111 408711 54110->54111 54111->53802 54113 409087 54112->54113 54113->53806 54115 40ad13 54114->54115 54115->54115 54116 40ad32 54115->54116 54125 40ac44 19 API calls 54115->54125 54125->54115 55764 42f520 55765 42f52f NtdllDefWindowProc_A 55764->55765 55766 42f52b 55764->55766 55765->55766 55767 47d124 55768 47d12f 55767->55768 55769 452908 5 API calls 55768->55769 55770 47d145 GetLastError 55768->55770 55771 47d170 55768->55771 55769->55768 55770->55771 55772 47d14f GetLastError 55770->55772 55772->55771 55773 47d159 GetTickCount 55772->55773 55773->55771 55774 47d167 Sleep 55773->55774 55774->55768 55775 4222e4 55776 4222f3 55775->55776 55781 421274 55776->55781 55779 422313 55782 4212e3 55781->55782 55784 421283 55781->55784 55787 4212f4 55782->55787 55806 4124d0 GetMenuItemCount GetMenuStringA GetMenuState 55782->55806 55784->55782 55805 408d2c 19 API calls 55784->55805 55785 4213ba 55790 421393 55785->55790 55791 4213ce SetMenu 55785->55791 55786 421322 55788 421395 55786->55788 55794 42133d 55786->55794 55787->55785 55787->55786 55788->55790 55796 4213a9 55788->55796 55789 4213e6 55809 4211bc 10 API calls 55789->55809 55790->55789 55808 421e2c 11 API calls 55790->55808 55791->55790 55794->55790 55799 421360 GetMenu 55794->55799 55795 4213ed 55795->55779 55804 4221e8 10 API calls 55795->55804 55798 4213b2 SetMenu 55796->55798 55798->55790 55800 421383 55799->55800 55801 42136a 55799->55801 55807 4124d0 GetMenuItemCount GetMenuStringA GetMenuState 55800->55807 55803 42137d SetMenu 55801->55803 55803->55800 55804->55779 55805->55784 55806->55787 55807->55790 55808->55789 55809->55795 55810 48e360 55811 48e3b1 55810->55811 55812 48e3dd 55811->55812 55813 48e3b3 55811->55813 55817 48e3ec 55812->55817 55818 48e416 55812->55818 55814 446ff8 18 API calls 55813->55814 55815 48e3c0 55814->55815 56484 452da0 55815->56484 55820 446ff8 18 API calls 55817->55820 55823 48e44f 55818->55823 55824 48e425 55818->55824 55822 48e3f9 55820->55822 56492 452980 55822->56492 55834 48e45e 55823->55834 55835 48e4c3 55823->55835 55827 446ff8 18 API calls 55824->55827 55825 48e3d8 55830 403420 4 API calls 55825->55830 55829 48e432 55827->55829 55828 48e406 56500 4470d0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 55828->56500 55832 4529f0 11 API calls 55829->55832 55833 48f9c7 55830->55833 55836 48e43f 55832->55836 55837 403420 4 API calls 55833->55837 55838 446ff8 18 API calls 55834->55838 55844 48e548 55835->55844 55845 48e4d2 55835->55845 56501 4470d0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 55836->56501 55840 48f9d4 55837->55840 55841 48e46d 55838->55841 55843 403400 4 API calls 55840->55843 55842 446ff8 18 API calls 55841->55842 55846 48e484 55842->55846 55847 48f9dc 55843->55847 55852 48e5b3 55844->55852 55853 48e557 55844->55853 55848 446f9c 18 API calls 55845->55848 55849 446ff8 18 API calls 55846->55849 55850 48e4de 55848->55850 55854 48e497 55849->55854 55851 446f9c 18 API calls 55850->55851 55855 48e4eb 55851->55855 55861 48e60f 55852->55861 55862 48e5c2 55852->55862 55856 446ff8 18 API calls 55853->55856 55857 446ff8 18 API calls 55854->55857 55858 446ff8 18 API calls 55855->55858 55859 48e566 55856->55859 55860 48e4a8 55857->55860 55863 48e4fb 55858->55863 55864 446ff8 18 API calls 55859->55864 56502 42cd94 6 API calls 55860->56502 55877 48e61e 55861->55877 55878 48e657 55861->55878 55866 446ff8 18 API calls 55862->55866 55867 446ff8 18 API calls 55863->55867 55868 48e579 55864->55868 55870 48e5d1 55866->55870 55871 48e50e 55867->55871 55872 446ff8 18 API calls 55868->55872 55869 48e4b2 56503 44734c LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 55869->56503 55874 446ff8 18 API calls 55870->55874 55875 446ff8 18 API calls 55871->55875 55876 48e58a 55872->55876 55880 48e5e4 55874->55880 55881 48e51f 55875->55881 56506 446f50 18 API calls 55876->56506 55879 446ff8 18 API calls 55877->55879 55891 48e6c6 55878->55891 55892 48e666 55878->55892 55883 48e62d 55879->55883 55884 446ff8 18 API calls 55880->55884 55885 446f9c 18 API calls 55881->55885 55887 446ff8 18 API calls 55883->55887 55888 48e5f5 55884->55888 55889 48e52f 55885->55889 55886 48e59a 56507 42cf2c 6 API calls 55886->56507 55893 48e63e 55887->55893 56509 42cfdc GetPrivateProfileStringA GetProfileStringA lstrcmp 55888->56509 56504 42ce98 6 API calls 55889->56504 55905 48e731 55891->55905 55906 48e6d5 55891->55906 55897 446ff8 18 API calls 55892->55897 56511 42d028 GetPrivateProfileStringA GetProfileStringA 55893->56511 55896 48e5a3 56508 4470d0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 55896->56508 55902 48e675 55897->55902 55899 48e5ff 56510 4470d0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 55899->56510 55900 48e538 56505 447278 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 55900->56505 55908 446ff8 18 API calls 55902->55908 55903 48e647 56512 4470d0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 55903->56512 55915 48e79c 55905->55915 55916 48e740 55905->55916 55910 446ff8 18 API calls 55906->55910 55911 48e688 55908->55911 55913 48e6e4 55910->55913 55912 446ff8 18 API calls 55911->55912 55914 48e69b 55912->55914 55917 446ff8 18 API calls 55913->55917 55918 446ff8 18 API calls 55914->55918 55926 48e7ea 55915->55926 55927 48e7ab 55915->55927 55919 446ff8 18 API calls 55916->55919 55920 48e6f7 55917->55920 55922 48e6ac 55918->55922 55923 48e74f 55919->55923 55921 446ff8 18 API calls 55920->55921 55924 48e708 55921->55924 56513 42d098 WritePrivateProfileStringA WriteProfileStringA 55922->56513 55928 446ff8 18 API calls 55923->55928 55929 446f9c 18 API calls 55924->55929 55939 48e7f9 55926->55939 55940 48e824 55926->55940 55931 446ff8 18 API calls 55927->55931 55932 48e762 55928->55932 55934 48e718 55929->55934 55930 48e6b6 56514 4470d0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 55930->56514 55936 48e7ba 55931->55936 55933 446ff8 18 API calls 55932->55933 55937 48e773 55933->55937 56515 42d108 21 API calls 55934->56515 55941 446ff8 18 API calls 55936->55941 56517 446f50 18 API calls 55937->56517 55944 446ff8 18 API calls 55939->55944 55950 48e85c 55940->55950 55951 48e833 55940->55951 55945 48e7cb 55941->55945 55943 48e721 56516 4470d0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 55943->56516 55949 48e806 55944->55949 55946 446ff8 18 API calls 55945->55946 55952 48e7db 55946->55952 55947 48e783 56518 42d168 21 API calls 55947->56518 55954 446ff8 18 API calls 55949->55954 55963 48e86b 55950->55963 55964 48e884 55950->55964 55955 446ff8 18 API calls 55951->55955 56520 42d180 WritePrivateProfileStringA WriteProfileStringA 55952->56520 55958 48e816 55954->55958 55959 48e840 55955->55959 55957 48e78c 56519 4470d0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 55957->56519 56521 42d1cc WritePrivateProfileStringA WriteProfileStringA 55958->56521 55962 42d208 5 API calls 55959->55962 55965 48e84b 55962->55965 55966 42d32c 5 API calls 55963->55966 55969 48e8a8 55964->55969 55970 48e893 55964->55970 56522 44734c LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 55965->56522 55968 48e873 55966->55968 56523 44734c LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 55968->56523 55975 48e8da 55969->55975 55976 48e8b7 55969->55976 55972 42d3f0 5 API calls 55970->55972 55973 48e898 55972->55973 56524 447278 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 55973->56524 55979 48e8e9 55975->55979 55980 48e912 55975->55980 55977 446f9c 18 API calls 55976->55977 55978 48e8c1 55977->55978 55981 42d44c 6 API calls 55978->55981 55982 446ff8 18 API calls 55979->55982 55987 48e94a 55980->55987 55988 48e921 55980->55988 55983 48e8c9 55981->55983 55985 48e8f6 55982->55985 56525 44734c LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 55983->56525 55986 42c3fc 5 API calls 55985->55986 55990 48e901 55986->55990 55994 48e959 55987->55994 55995 48e982 55987->55995 55989 446ff8 18 API calls 55988->55989 55991 48e92e 55989->55991 56526 44734c LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 55990->56526 56527 42cb68 LocalAlloc TlsSetValue TlsGetValue TlsGetValue CharPrevA 55991->56527 55997 446ff8 18 API calls 55994->55997 56000 48e9ba 55995->56000 56001 48e991 55995->56001 55996 48e939 56528 44734c LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 55996->56528 55999 48e966 55997->55999 56002 42cbc0 6 API calls 55999->56002 56008 48e9c9 56000->56008 56009 48e9f2 56000->56009 56003 446ff8 18 API calls 56001->56003 56004 48e971 56002->56004 56005 48e99e 56003->56005 56529 44734c LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 56004->56529 56530 42d4e8 6 API calls 56005->56530 56011 446ff8 18 API calls 56008->56011 56015 48ea2f 56009->56015 56016 48ea01 56009->56016 56010 48e9a9 56531 44734c LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 56010->56531 56013 48e9d6 56011->56013 56532 42d540 LocalAlloc TlsSetValue TlsGetValue TlsGetValue CharPrevA 56013->56532 56021 48ea3e 56015->56021 56022 48ea57 56015->56022 56018 446ff8 18 API calls 56016->56018 56017 48e9e1 56533 44734c LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 56017->56533 56020 48ea0e 56018->56020 56534 452b58 8 API calls 56020->56534 56024 42d898 GetWindowsDirectoryA 56021->56024 56029 48ea7f 56022->56029 56030 48ea66 56022->56030 56026 48ea46 56024->56026 56025 48ea1e 56535 44734c LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 56025->56535 56536 44734c LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 56026->56536 56033 48ea8e 56029->56033 56034 48eaa7 56029->56034 56031 42d8c4 GetSystemDirectoryA 56030->56031 56032 48ea6e 56031->56032 56537 44734c LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 56032->56537 56036 42d8f0 6 API calls 56033->56036 56039 48ead4 56034->56039 56040 48eab6 56034->56040 56037 48ea96 56036->56037 56538 44734c LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 56037->56538 56043 48eafc 56039->56043 56044 48eae3 56039->56044 56539 42d974 8 API calls 56040->56539 56042 48eac3 56540 44734c LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 56042->56540 56050 48eb0b 56043->56050 56051 48eb63 56043->56051 56046 42da18 10 API calls 56044->56046 56048 48eaeb 56046->56048 56047 48eacf 56047->55825 56541 44734c LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 56048->56541 56052 446ff8 18 API calls 56050->56052 56054 48eb72 56051->56054 56055 48ebd7 56051->56055 56053 48eb18 56052->56053 56056 446ff8 18 API calls 56053->56056 56057 446ff8 18 API calls 56054->56057 56061 48ebfb 56055->56061 56062 48ebe6 56055->56062 56058 48eb27 56056->56058 56059 48eb7f 56057->56059 56060 446ff8 18 API calls 56058->56060 56544 446f50 18 API calls 56059->56544 56064 48eb3a 56060->56064 56070 48ec0a 56061->56070 56071 48ec7e 56061->56071 56547 4470d0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 56062->56547 56065 42dbc8 5 API calls 56064->56065 56066 48eb8b 56068 446ff8 18 API calls 56066->56068 56073 48eb9b 56068->56073 56076 446ff8 18 API calls 56070->56076 56082 48ec8d 56071->56082 56083 48ecbf 56071->56083 56079 48ec17 56076->56079 56548 42c608 7 API calls 56079->56548 56086 446ff8 18 API calls 56082->56086 56092 48ed3c 56083->56092 56093 48ecce 56083->56093 56090 48ec9a 56086->56090 56105 48edde 56092->56105 56106 48ed4f 56092->56106 56097 446f9c 18 API calls 56093->56097 56101 48ecd8 56097->56101 56485 452724 2 API calls 56484->56485 56486 452db6 56485->56486 56487 42cd24 GetFileAttributesA 56486->56487 56490 452dba 56486->56490 56488 452dd5 GetLastError 56487->56488 56489 452760 Wow64RevertWow64FsRedirection 56488->56489 56489->56490 56491 4470d0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 56490->56491 56491->55825 56493 452724 2 API calls 56492->56493 56494 452996 56493->56494 56495 45299a 56494->56495 56496 42cd48 7 API calls 56494->56496 56495->55828 56497 4529b5 GetLastError 56496->56497 56498 452760 Wow64RevertWow64FsRedirection 56497->56498 56499 4529d5 56498->56499 56499->55828 56500->55825 56501->55825 56502->55869 56503->55825 56504->55900 56505->55825 56506->55886 56507->55896 56508->55825 56509->55899 56510->55825 56511->55903 56512->55825 56513->55930 56514->55825 56515->55943 56516->55825 56517->55947 56518->55957 56519->55825 56520->55825 56521->55825 56522->55825 56523->55825 56524->55825 56525->55825 56526->55825 56527->55996 56528->55825 56529->55825 56530->56010 56531->55825 56532->56017 56533->55825 56534->56025 56535->55825 56536->55825 56537->55825 56538->55825 56539->56042 56540->56047 56541->55825 56544->56066 56547->55825 56647 404d2a 56654 404d3a 56647->56654 56648 404e07 ExitProcess 56649 404de0 56663 404cf0 56649->56663 56651 404e12 56653 404cf0 4 API calls 56655 404df4 56653->56655 56654->56648 56654->56649 56654->56651 56656 404db7 MessageBoxA 56654->56656 56657 404dcc 56654->56657 56667 401a90 56655->56667 56656->56649 56679 40500c LocalAlloc TlsSetValue TlsGetValue TlsGetValue 56657->56679 56659 404df9 56659->56648 56659->56651 56665 404cfe 56663->56665 56664 404d13 56664->56653 56665->56664 56680 402728 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 56665->56680 56668 401aa1 56667->56668 56669 401b6f 56667->56669 56670 401ac2 LocalFree 56668->56670 56671 401ab8 RtlEnterCriticalSection 56668->56671 56669->56659 56672 401af5 56670->56672 56671->56670 56673 401ae3 VirtualFree 56672->56673 56674 401afd 56672->56674 56673->56672 56675 401b24 LocalFree 56674->56675 56676 401b3b 56674->56676 56675->56675 56675->56676 56677 401b53 RtlLeaveCriticalSection 56676->56677 56678 401b5d RtlDeleteCriticalSection 56676->56678 56677->56678 56678->56659 56680->56664 56681 44b4a8 56682 44b4b6 56681->56682 56684 44b4d5 56681->56684 56683 44b38c 11 API calls 56682->56683 56682->56684 56683->56684 56685 4165ec DestroyWindow 56686 42e3ef SetErrorMode 56687 46bb68 56688 46c005 56687->56688 56689 46bb9c 56687->56689 56690 403400 4 API calls 56688->56690 56691 46bbd8 56689->56691 56694 46bc34 56689->56694 56695 46bc12 56689->56695 56696 46bc23 56689->56696 56697 46bbf0 56689->56697 56698 46bc01 56689->56698 56693 46c044 56690->56693 56691->56688 56692 468c90 19 API calls 56691->56692 56707 46bc70 56692->56707 56699 403400 4 API calls 56693->56699 56987 46baf8 45 API calls 56694->56987 56742 46b728 56695->56742 56986 46b8e8 68 API calls 56696->56986 56984 46b478 47 API calls 56697->56984 56985 46b5e0 42 API calls 56698->56985 56705 46c04c 56699->56705 56706 46bbf6 56706->56688 56706->56691 56707->56688 56708 4952e0 18 API calls 56707->56708 56719 46bcb3 56707->56719 56708->56719 56709 468bcc 19 API calls 56709->56719 56710 414ae8 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 56710->56719 56713 42cbc0 6 API calls 56713->56719 56715 403450 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 56715->56719 56716 46af84 23 API calls 56716->56719 56719->56688 56719->56709 56719->56710 56719->56713 56719->56715 56719->56716 56720 46be2f 56719->56720 56739 46bef7 56719->56739 56777 483968 56719->56777 56802 46acf0 56719->56802 56912 483460 56719->56912 56988 46b234 19 API calls 56719->56988 56809 469f38 56720->56809 56721 46af84 23 API calls 56721->56688 56723 46be95 56724 403450 4 API calls 56723->56724 56725 46bea5 56724->56725 56726 46bf01 56725->56726 56727 46beb1 56725->56727 56730 46af84 23 API calls 56726->56730 56732 46bfc3 56726->56732 56728 457f1c 24 API calls 56727->56728 56729 46bed0 56728->56729 56731 457f1c 24 API calls 56729->56731 56733 46bf1b 56730->56733 56731->56739 56734 46bf44 SetActiveWindow 56733->56734 56735 46bf5c 56733->56735 56734->56735 56870 46a2e0 56735->56870 56737 46bf86 56738 46bfa6 56737->56738 56737->56739 56740 46ae00 21 API calls 56738->56740 56739->56721 56741 46bfbb 56740->56741 56989 46c47c 56742->56989 56745 46b8aa 56747 403420 4 API calls 56745->56747 56746 414ae8 4 API calls 56748 46b776 56746->56748 56749 46b8c4 56747->56749 56776 46b896 56748->56776 56992 455f84 56748->56992 56750 403400 4 API calls 56749->56750 56751 46b8cc 56750->56751 56754 403400 4 API calls 56751->56754 56753 403450 4 API calls 56753->56745 56755 46b8d4 56754->56755 56755->56691 56756 46b7f9 56756->56745 56757 42cd48 7 API calls 56756->56757 56770 46b859 56756->56770 56758 46b832 56757->56758 56763 451458 4 API calls 56758->56763 56758->56770 56759 46b794 56759->56756 56761 466600 19 API calls 56759->56761 56760 42cd48 7 API calls 56762 46b86f 56760->56762 56764 46b7c3 56761->56764 56769 451458 4 API calls 56762->56769 56762->56776 56765 46b849 56763->56765 56766 466600 19 API calls 56764->56766 57002 47f3ac 42 API calls 56765->57002 56768 46b7d4 56766->56768 56771 451428 4 API calls 56768->56771 56772 46b886 56769->56772 56770->56745 56770->56760 56770->56776 56773 46b7e9 56771->56773 57003 47f3ac 42 API calls 56772->57003 57001 47f3ac 42 API calls 56773->57001 56776->56745 56776->56753 56778 4181e0 56777->56778 56779 48399f GetForegroundWindow 56778->56779 56780 4839aa SetActiveWindow 56779->56780 56781 4839b8 56779->56781 56780->56781 56783 4839d9 56781->56783 57143 483864 56781->57143 56784 483a05 56783->56784 56789 483a9a 56783->56789 56790 483a64 56783->56790 56786 483adc 56784->56786 56787 457d10 24 API calls 56784->56787 56785 4839d4 KiUserCallbackDispatcher 56785->56783 57154 482890 56786->57154 56787->56786 56791 466800 20 API calls 56789->56791 56793 466800 20 API calls 56790->56793 56794 483a98 56791->56794 56795 483a88 56793->56795 57153 47f3ac 42 API calls 56794->57153 56798 403634 4 API calls 56795->56798 56798->56794 56799 483b18 56800 403420 4 API calls 56799->56800 56801 46bdf1 KiUserCallbackDispatcher 56800->56801 56801->56719 56803 46ad01 56802->56803 56804 46acfc 56802->56804 57491 469a9c 45 API calls 56803->57491 56806 46acff 56804->56806 57406 46a75c 56804->57406 56806->56719 56807 46ad09 56807->56719 56810 403400 4 API calls 56809->56810 56811 469f66 56810->56811 57507 47e0dc 56811->57507 56813 469fc9 56814 469fe6 56813->56814 56815 469fcd 56813->56815 56817 469fd7 56814->56817 57514 4951d0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 56814->57514 56816 466800 20 API calls 56815->56816 56816->56817 56819 46a105 56817->56819 56820 46a170 56817->56820 56869 46a27a 56817->56869 56824 403494 4 API calls 56819->56824 56825 403494 4 API calls 56820->56825 56821 403420 4 API calls 56826 46a2a4 56821->56826 56822 46a002 56822->56817 56823 46a00a 56822->56823 56827 46af84 23 API calls 56823->56827 56828 46a112 56824->56828 56829 46a17d 56825->56829 56826->56723 56836 46a017 56827->56836 56830 40357c 4 API calls 56828->56830 56831 40357c 4 API calls 56829->56831 56832 46a11f 56830->56832 56833 46a18a 56831->56833 56834 40357c 4 API calls 56832->56834 56835 40357c 4 API calls 56833->56835 56837 46a12c 56834->56837 56838 46a197 56835->56838 56841 46a040 SetActiveWindow 56836->56841 56842 46a058 56836->56842 56839 40357c 4 API calls 56837->56839 56840 40357c 4 API calls 56838->56840 56843 46a139 56839->56843 56844 46a1a4 56840->56844 56841->56842 56851 42f560 14 API calls 56842->56851 56846 466800 20 API calls 56843->56846 56845 40357c 4 API calls 56844->56845 56848 46a1b2 56845->56848 56847 46a147 56846->56847 56849 40357c 4 API calls 56847->56849 56850 414b18 4 API calls 56848->56850 56852 46a150 56849->56852 56860 46a16e 56850->56860 56853 46a06e 56851->56853 56854 40357c 4 API calls 56852->56854 57515 49547c 18 API calls 56853->57515 56857 46a15d 56854->56857 56855 466b38 11 API calls 56863 46a1d4 56855->56863 56859 414b18 4 API calls 56857->56859 56858 46a0a9 56861 46ae00 21 API calls 56858->56861 56859->56860 56860->56855 56862 46a0db 56861->56862 56862->56723 56864 414b18 4 API calls 56863->56864 56863->56869 56865 46a237 56864->56865 57516 496090 MulDiv 56865->57516 56867 46a254 56868 414b18 4 API calls 56867->56868 56868->56869 56869->56821 56871 46a30c 56870->56871 56872 46a347 56871->56872 57558 47e3e4 56871->57558 56877 46a4bc 56872->56877 56893 46a35b 56872->56893 56874 46a4e3 56879 414b18 4 API calls 56874->56879 56875 403400 4 API calls 56882 46a661 56875->56882 56876 402648 4 API calls 56876->56893 56877->56874 56878 46a4f9 56877->56878 56911 46a63c 56877->56911 56885 414b18 4 API calls 56878->56885 56884 46a4f7 56879->56884 56880 46a4b4 56880->56737 56881 46a499 56881->56880 56887 402660 4 API calls 56881->56887 56882->56737 56883 402660 4 API calls 56883->56893 57574 496090 MulDiv 56884->57574 56885->56884 56886 46a465 56888 457f1c 24 API calls 56886->56888 56887->56880 56888->56881 56891 46a51a 56895 466b38 11 API calls 56891->56895 56892 457f1c 24 API calls 56894 46a3ce 56892->56894 56893->56876 56893->56883 56893->56894 56894->56881 56894->56886 56894->56892 56897 40357c LocalAlloc TlsSetValue TlsGetValue TlsGetValue 56894->56897 57573 403ba4 7 API calls 56894->57573 56896 46a54e 56895->56896 57575 466b40 KiUserCallbackDispatcher 56896->57575 56897->56894 56911->56875 56913 46c47c 48 API calls 56912->56913 56914 4834a3 56913->56914 56915 4834ac 56914->56915 57818 408be0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 56914->57818 56917 414ae8 4 API calls 56915->56917 56918 4834bc 56917->56918 56919 403450 4 API calls 56918->56919 56920 4834c9 56919->56920 57605 46c7d4 56920->57605 56923 4834d9 56925 414ae8 4 API calls 56923->56925 56926 4834e9 56925->56926 56927 403450 4 API calls 56926->56927 56928 4834f6 56927->56928 56929 469884 SendMessageA 56928->56929 56930 48350f 56929->56930 56931 483560 56930->56931 57820 47a1f4 23 API calls 56930->57820 56933 4241dc 11 API calls 56931->56933 56934 48356a 56933->56934 56935 48357b SetActiveWindow 56934->56935 56936 483590 56934->56936 56935->56936 56937 482890 18 API calls 56936->56937 56938 4835a3 56937->56938 57634 475f64 56938->57634 56984->56706 56985->56691 56986->56691 56987->56691 56988->56719 57004 46c514 56989->57004 56993 42cbc0 6 API calls 56992->56993 56998 455fb2 56993->56998 56994 403420 4 API calls 56996 456016 56994->56996 56996->56759 56997 455fca 56997->56994 56998->56997 56999 42c8a4 5 API calls 56998->56999 57000 403494 4 API calls 56998->57000 57118 455e0c GetModuleHandleA GetProcAddress 56998->57118 56999->56998 57000->56998 57001->56756 57002->56770 57003->56776 57005 414ae8 4 API calls 57004->57005 57006 46c548 57005->57006 57065 466898 57006->57065 57009 414b18 4 API calls 57010 46c55a 57009->57010 57011 46c569 57010->57011 57013 46c582 57010->57013 57094 47f3ac 42 API calls 57011->57094 57016 46c5c9 57013->57016 57018 46c5b0 57013->57018 57014 403420 4 API calls 57015 46b75a 57014->57015 57015->56745 57015->56746 57017 46c62e 57016->57017 57023 46c5cd 57016->57023 57097 42cb4c CharNextA 57017->57097 57095 47f3ac 42 API calls 57018->57095 57021 46c63d 57022 46c641 57021->57022 57027 46c65a 57021->57027 57098 47f3ac 42 API calls 57022->57098 57025 46c615 57023->57025 57023->57027 57096 47f3ac 42 API calls 57025->57096 57028 46c67e 57027->57028 57074 466a08 57027->57074 57099 47f3ac 42 API calls 57028->57099 57031 46c57d 57031->57014 57035 46c697 57036 403778 4 API calls 57035->57036 57037 46c6ad 57036->57037 57082 42c99c 57037->57082 57040 46c6be 57100 466a94 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 57040->57100 57041 46c6ef 57042 42c8cc 5 API calls 57041->57042 57044 46c6fa 57042->57044 57046 42c3fc 5 API calls 57044->57046 57045 46c6d1 57047 451458 4 API calls 57045->57047 57048 46c705 57046->57048 57049 46c6de 57047->57049 57050 42cbc0 6 API calls 57048->57050 57101 47f3ac 42 API calls 57049->57101 57052 46c710 57050->57052 57068 4668b2 57065->57068 57067 42cbc0 6 API calls 57067->57068 57068->57067 57069 403450 4 API calls 57068->57069 57070 406bb0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 57068->57070 57071 4668fb 57068->57071 57104 42caac 57068->57104 57069->57068 57070->57068 57072 403420 4 API calls 57071->57072 57073 466915 57072->57073 57073->57009 57075 466a12 57074->57075 57076 466a25 57075->57076 57115 42cb3c CharNextA 57075->57115 57076->57028 57078 466a38 57076->57078 57079 466a42 57078->57079 57080 466a6f 57079->57080 57116 42cb3c CharNextA 57079->57116 57080->57028 57080->57035 57083 42c9f5 57082->57083 57084 42c9b2 57082->57084 57083->57040 57083->57041 57084->57083 57117 42cb3c CharNextA 57084->57117 57094->57031 57095->57031 57096->57031 57097->57021 57098->57031 57099->57031 57100->57045 57101->57031 57105 403494 4 API calls 57104->57105 57106 42cabc 57105->57106 57107 403744 4 API calls 57106->57107 57111 42caf2 57106->57111 57113 42c444 IsDBCSLeadByte 57106->57113 57107->57106 57109 42cb36 57109->57068 57111->57109 57112 4037b8 4 API calls 57111->57112 57114 42c444 IsDBCSLeadByte 57111->57114 57112->57111 57113->57106 57114->57111 57115->57075 57116->57079 57117->57084 57119 452724 2 API calls 57118->57119 57120 455e54 57119->57120 57121 455e61 57120->57121 57122 455e58 57120->57122 57123 455ea5 57121->57123 57124 455e73 57121->57124 57125 403420 4 API calls 57122->57125 57126 42c804 5 API calls 57123->57126 57127 42c804 5 API calls 57124->57127 57128 455f4a 57125->57128 57129 455ebf 57126->57129 57130 455e84 57127->57130 57128->56998 57131 42c8cc 5 API calls 57129->57131 57132 42c3fc 5 API calls 57130->57132 57134 455eca 57131->57134 57133 455e8f 57132->57133 57136 455e97 GetDiskFreeSpaceExA 57133->57136 57135 42c3fc 5 API calls 57134->57135 57137 455ed5 57135->57137 57138 455f13 57136->57138 57140 455edd GetDiskFreeSpaceA 57137->57140 57139 452760 Wow64RevertWow64FsRedirection 57138->57139 57140->57138 57144 48389a 57143->57144 57145 483937 57144->57145 57159 42f560 57144->57159 57175 47e594 57144->57175 57179 479638 57144->57179 57182 482b3c 57144->57182 57279 47967c 19 API calls 57144->57279 57146 483942 57145->57146 57272 48382c GetTickCount 57145->57272 57146->56785 57153->56784 57155 4828b3 57154->57155 57157 4828e1 57154->57157 57405 49522c 18 API calls 57155->57405 57158 482048 PostMessageA 57157->57158 57158->56799 57160 42f56c 57159->57160 57161 42f58f GetActiveWindow GetFocus 57160->57161 57162 41eea4 2 API calls 57161->57162 57163 42f5a6 57162->57163 57164 42f5c3 57163->57164 57165 42f5b3 RegisterClassA 57163->57165 57166 42f652 SetFocus 57164->57166 57167 42f5d1 CreateWindowExA 57164->57167 57165->57164 57169 403400 4 API calls 57166->57169 57167->57166 57168 42f604 57167->57168 57280 42427c 57168->57280 57171 42f66e 57169->57171 57171->57144 57172 42f62c 57173 42f634 CreateWindowExA 57172->57173 57173->57166 57174 42f64a ShowWindow 57173->57174 57174->57166 57176 47e63b 57175->57176 57177 47e5a8 57175->57177 57176->57144 57177->57176 57286 457470 15 API calls 57177->57286 57287 479594 57179->57287 57183 457d10 24 API calls 57182->57183 57184 482b81 57183->57184 57185 482b98 57184->57185 57186 482b8c 57184->57186 57187 457d10 24 API calls 57185->57187 57188 457d10 24 API calls 57186->57188 57189 482b96 57187->57189 57188->57189 57190 482ba8 57189->57190 57191 482bb4 57189->57191 57192 457d10 24 API calls 57190->57192 57193 457d10 24 API calls 57191->57193 57194 482bb2 57192->57194 57193->57194 57195 47c648 43 API calls 57194->57195 57196 482bc8 57195->57196 57197 403494 4 API calls 57196->57197 57198 482bd5 57197->57198 57199 40357c 4 API calls 57198->57199 57200 482be0 57199->57200 57201 457d10 24 API calls 57200->57201 57202 482be8 57201->57202 57203 47c648 43 API calls 57202->57203 57204 482bf3 57203->57204 57205 482c19 57204->57205 57206 403494 4 API calls 57204->57206 57209 482c3e 57205->57209 57210 482d51 57205->57210 57207 482c06 57206->57207 57208 40357c 4 API calls 57207->57208 57212 482c11 57208->57212 57295 482ac8 57209->57295 57211 482d67 57210->57211 57215 42cd5c 7 API calls 57210->57215 57216 47c648 43 API calls 57211->57216 57217 457d10 24 API calls 57212->57217 57219 482d5f 57215->57219 57220 482d76 57216->57220 57217->57205 57218 482c61 57219->57211 57223 482e25 57219->57223 57224 47c648 43 API calls 57220->57224 57221 452da0 5 API calls 57228 457d10 24 API calls 57223->57228 57277 483844 57272->57277 57274 483861 57274->57146 57275 483836 GetTickCount 57275->57274 57275->57277 57276 482884 12 API calls 57276->57277 57277->57274 57277->57275 57277->57276 57400 42ec74 MsgWaitForMultipleObjects 57277->57400 57401 4837f8 GetForegroundWindow 57277->57401 57279->57144 57281 4242ae 57280->57281 57282 42428e GetWindowTextA 57280->57282 57284 403494 4 API calls 57281->57284 57283 4034e0 4 API calls 57282->57283 57285 4242ac 57283->57285 57284->57285 57285->57172 57286->57176 57288 4795a0 57287->57288 57289 4795c8 57287->57289 57290 4795c1 57288->57290 57293 453344 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 57288->57293 57289->57144 57294 479454 19 API calls 57290->57294 57293->57290 57294->57289 57296 482ad4 57295->57296 57297 482aef 57296->57297 57330 453344 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 57296->57330 57297->57218 57297->57221 57330->57297 57400->57277 57402 48380b GetWindowThreadProcessId 57401->57402 57403 483824 57401->57403 57402->57403 57404 483819 GetCurrentProcessId 57402->57404 57403->57277 57404->57403 57405->57157 57408 46a7a3 57406->57408 57407 46ac1b 57410 46ac36 57407->57410 57411 46ac67 57407->57411 57408->57407 57409 46a85e 57408->57409 57413 403494 4 API calls 57408->57413 57412 46a87f 57409->57412 57416 46a8c0 57409->57416 57414 403494 4 API calls 57410->57414 57415 403494 4 API calls 57411->57415 57417 403494 4 API calls 57412->57417 57418 46a7e2 57413->57418 57419 46ac44 57414->57419 57420 46ac75 57415->57420 57424 403400 4 API calls 57416->57424 57421 46a88d 57417->57421 57422 414ae8 4 API calls 57418->57422 57503 469178 12 API calls 57419->57503 57504 469178 12 API calls 57420->57504 57426 414ae8 4 API calls 57421->57426 57427 46a803 57422->57427 57428 46a8be 57424->57428 57430 46a8ae 57426->57430 57431 403634 4 API calls 57427->57431 57449 46a9a4 57428->57449 57492 469884 57428->57492 57429 46ac52 57432 403400 4 API calls 57429->57432 57434 403634 4 API calls 57430->57434 57435 46a813 57431->57435 57437 46ac98 57432->57437 57433 46aa2c 57440 403400 4 API calls 57433->57440 57434->57428 57439 414ae8 4 API calls 57435->57439 57438 403400 4 API calls 57437->57438 57442 46aca0 57438->57442 57443 46a827 57439->57443 57444 46aa2a 57440->57444 57441 46a8e0 57445 46a8e6 57441->57445 57446 46a91e 57441->57446 57448 403420 4 API calls 57442->57448 57443->57409 57455 414ae8 4 API calls 57443->57455 57498 469cc0 43 API calls 57444->57498 57447 403494 4 API calls 57445->57447 57450 403400 4 API calls 57446->57450 57451 46a8f4 57447->57451 57452 46acad 57448->57452 57449->57433 57453 46a9eb 57449->57453 57454 46a91c 57450->57454 57457 47c648 43 API calls 57451->57457 57452->56806 57458 403494 4 API calls 57453->57458 57466 469b78 43 API calls 57454->57466 57459 46a84e 57455->57459 57461 46a90c 57457->57461 57462 46a9f9 57458->57462 57463 403634 4 API calls 57459->57463 57460 46aa55 57469 46aab6 57460->57469 57470 46aa60 57460->57470 57464 403634 4 API calls 57461->57464 57465 414ae8 4 API calls 57462->57465 57463->57409 57464->57454 57467 46aa1a 57465->57467 57468 46a945 57466->57468 57471 403634 4 API calls 57467->57471 57475 46a9a6 57468->57475 57476 46a950 57468->57476 57472 403400 4 API calls 57469->57472 57473 403494 4 API calls 57470->57473 57471->57444 57474 46aabe 57472->57474 57481 46aa6e 57473->57481 57479 46aab4 57474->57479 57490 46ab67 57474->57490 57478 403400 4 API calls 57475->57478 57477 403494 4 API calls 57476->57477 57483 46a95e 57477->57483 57478->57449 57479->57474 57499 4951d0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 57479->57499 57481->57474 57481->57479 57485 403634 4 API calls 57481->57485 57482 46aae1 57482->57490 57500 49547c 18 API calls 57482->57500 57483->57449 57486 403634 4 API calls 57483->57486 57485->57481 57486->57483 57488 46ac08 57502 429144 SendMessageA SendMessageA 57488->57502 57501 4290f4 SendMessageA 57490->57501 57491->56807 57505 42a040 SendMessageA 57492->57505 57494 469893 57495 4698b3 57494->57495 57506 42a040 SendMessageA 57494->57506 57495->57441 57497 4698a3 57497->57441 57498->57460 57499->57482 57500->57490 57501->57488 57502->57407 57503->57429 57504->57429 57505->57494 57506->57497 57508 47e0f5 57507->57508 57511 47e132 57507->57511 57517 455d0c 57508->57517 57511->56813 57513 47e149 57513->56813 57514->56822 57515->56858 57516->56867 57518 455d1d 57517->57518 57519 455d21 57518->57519 57520 455d2a 57518->57520 57542 455a10 57519->57542 57550 455af0 29 API calls 57520->57550 57523 455d27 57523->57511 57524 47dd4c 57523->57524 57531 47dd8c 57524->57531 57532 47de48 57524->57532 57525 403420 4 API calls 57526 47df2b 57525->57526 57526->57513 57528 479b34 19 API calls 57528->57531 57529 479cb0 4 API calls 57529->57531 57530 47c648 43 API calls 57530->57532 57531->57528 57531->57529 57531->57532 57534 47c648 43 API calls 57531->57534 57537 47ddeb 57531->57537 57539 47ddf4 57531->57539 57532->57530 57535 454100 20 API calls 57532->57535 57532->57537 57557 4799f4 19 API calls 57532->57557 57533 47c648 43 API calls 57533->57539 57534->57531 57535->57532 57536 42c92c 5 API calls 57536->57539 57537->57525 57538 42c954 5 API calls 57538->57539 57539->57531 57539->57533 57539->57536 57539->57538 57541 47de35 57539->57541 57556 47da58 52 API calls 57539->57556 57541->57537 57543 42de1c RegOpenKeyExA 57542->57543 57544 455a2d 57543->57544 57545 455a7b 57544->57545 57551 455944 57544->57551 57545->57523 57548 455944 6 API calls 57549 455a5c RegCloseKey 57548->57549 57549->57523 57550->57523 57552 42dd58 6 API calls 57551->57552 57555 45596c 57552->57555 57553 403420 4 API calls 57554 4559f6 57553->57554 57554->57548 57555->57553 57556->57539 57557->57532 57559 402648 4 API calls 57558->57559 57560 47e408 57559->57560 57561 47dd4c 61 API calls 57560->57561 57562 47e42b 57561->57562 57563 47e4c0 57562->57563 57564 47e438 57562->57564 57566 47e4d4 57563->57566 57578 47e174 57563->57578 57601 49522c 18 API calls 57564->57601 57569 47e500 57566->57569 57572 402660 4 API calls 57566->57572 57567 47e47a 57567->56872 57570 402660 4 API calls 57569->57570 57571 47e50a 57570->57571 57571->56872 57572->57566 57573->56894 57574->56891 57579 403494 4 API calls 57578->57579 57580 47e1a3 57579->57580 57581 42c92c 5 API calls 57580->57581 57582 47e207 57580->57582 57601->57567 57606 46c7fd 57605->57606 57607 46c84a 57606->57607 57608 414ae8 4 API calls 57606->57608 57610 403420 4 API calls 57607->57610 57609 46c813 57608->57609 57824 466924 6 API calls 57609->57824 57612 46c8f4 57610->57612 57612->56923 57819 408be0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 57612->57819 57613 46c81b 57614 414b18 4 API calls 57613->57614 57615 46c829 57614->57615 57616 46c836 57615->57616 57619 46c84f 57615->57619 57825 47f3ac 42 API calls 57616->57825 57618 46c867 57826 47f3ac 42 API calls 57618->57826 57619->57618 57620 466a08 CharNextA 57619->57620 57622 46c863 57620->57622 57622->57618 57623 46c87d 57622->57623 57624 46c883 57623->57624 57625 46c899 57623->57625 57827 47f3ac 42 API calls 57624->57827 57627 42c99c CharNextA 57625->57627 57628 46c8a6 57627->57628 57628->57607 57828 466a94 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 57628->57828 57630 46c8bd 57631 451458 4 API calls 57630->57631 57632 46c8ca 57631->57632 57829 47f3ac 42 API calls 57632->57829 57635 457d10 24 API calls 57634->57635 57636 475fb0 57635->57636 57637 4072a8 SetCurrentDirectoryA 57636->57637 57638 475fba 57637->57638 57820->56931 57824->57613 57825->57607 57826->57607 57827->57607 57828->57630 57829->57607 59291 480d39 59292 451004 5 API calls 59291->59292 59293 480d4d 59292->59293 59294 47fde8 21 API calls 59293->59294 59295 480d71 59294->59295 59296 40cc34 59299 406f10 WriteFile 59296->59299 59300 406f2d 59299->59300 59301 416bf8 59304 4136f4 59301->59304 59303 416c04 59305 413724 59304->59305 59306 4136ff GetWindowThreadProcessId 59304->59306 59305->59303 59306->59305 59307 41370a GetCurrentProcessId 59306->59307 59307->59305 59308 413714 GetPropA 59307->59308 59308->59305 59309 40ce7c 59310 40ce84 59309->59310 59311 40ceb2 59310->59311 59312 40cea7 59310->59312 59320 40ceae 59310->59320 59313 40ceb6 59311->59313 59314 40cec8 59311->59314 59321 406288 GlobalHandle GlobalUnWire GlobalFree 59312->59321 59322 40625c GlobalAlloc GlobalFix 59313->59322 59323 40626c GlobalHandle GlobalUnWire GlobalReAlloc GlobalFix 59314->59323 59318 40cec4 59319 408cbc 5 API calls 59318->59319 59318->59320 59319->59320 59321->59320 59322->59318 59323->59318 59324 41363c SetWindowLongA GetWindowLongA 59325 413699 SetPropA SetPropA 59324->59325 59326 41367b GetWindowLongA 59324->59326 59331 41f39c KiUserCallbackDispatcher 59325->59331 59326->59325 59327 41368a SetWindowLongA 59326->59327 59327->59325 59329 4136e9 59331->59329

                                                    Executed Functions

                                                    Function 0048E360, Relevance: 138.4, APIs: 22, Strings: 56, Instructions: 1883COMMONCrypto
                                                    Download Yara Rule
                                                    C-Code - Quality: 86%
                                                    			E0048E360(void* __ebx, void* __edx, void* __edi, void* __esi, void* __fp0, intOrPtr _a4) {
				char _v5;
				char _v12;
				char _v13;
				void* _v20;
				char _v24;
				char _v28;
				void* _v32;
				long _v36;
				char _v40;
				int _v44;
				int _v48;
				char _v52;
				int _v56;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				void* _t491;
				void* _t553;
				intOrPtr _t554;
				void* _t562;
				void* _t563;
				long _t597;
				int _t605;
				char* _t607;
				long _t611;
				long _t627;
				long _t638;
				long _t654;
				void* _t662;
				char* _t665;
				long _t669;
				void* _t677;
				long _t689;
				void* _t697;
				char* _t700;
				long _t704;
				long _t720;
				long _t731;
				void* _t733;
				long _t739;
				long _t755;
				long _t765;
				char* _t774;
				long _t779;
				long _t795;
				long _t806;
				long _t824;
				long _t850;
				long _t902;
				long _t946;
				long _t968;
				long _t986;
				signed int _t990;
				intOrPtr _t994;
				signed int _t995;
				intOrPtr _t1033;
				intOrPtr _t1051;
				void* _t1145;
				void* _t1146;
				void* _t1196;
				void* _t1197;
				void* _t1215;
				void* _t1216;
				intOrPtr _t1238;
				intOrPtr _t1244;
				intOrPtr _t1250;
				void* _t1257;
				void* _t1395;
				void* _t1432;
				void* _t1455;
				void* _t1471;
				intOrPtr _t1536;
				void* _t1543;
				long _t1600;
				intOrPtr _t1752;
				void* _t1826;
				void* _t1832;
				void* _t1851;
				void* _t1861;
				void* _t1867;
				void* _t1875;
				void* _t1885;
				void* _t1899;
				void* _t1909;
				char* _t1925;
				void* _t1932;
				void* _t1935;

				_t1939 = __fp0;
				_t1934 = _t1935;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v72 = 0;
				_v76 = 0;
				_v80 = 0;
				_v84 = 0;
				_v88 = 0;
				_v12 = 0;
				_v28 = 0;
				_v32 = 0;
				_v36 = 0;
				_v40 = 0;
				_t1924 = __edx;
				_t1256 = _a4;
				_push(_t1935);
				_push(0x48f9dd);
				_push( *[fs:eax]);
				 *[fs:eax] = _t1935 + 0xffffffac;
				_t1932 =  *((intOrPtr*)(_a4 + 0xc)) - 1;
				_t1937 = _t1932;
				_v5 = 1;
				E00403684( *((intOrPtr*)(__edx + 0x10)), "FILEEXISTS");
				if(_t1932 != 0) {
					E00403684( *((intOrPtr*)(__edx + 0x10)), "DIREXISTS");
					if(__eflags != 0) {
						E00403684( *((intOrPtr*)(__edx + 0x10)), "FILEORDIREXISTS");
						if(__eflags != 0) {
							E00403684( *((intOrPtr*)(__edx + 0x10)), "GETINISTRING");
							if(__eflags != 0) {
								E00403684( *((intOrPtr*)(__edx + 0x10)), "GETINIINT");
								if(__eflags != 0) {
									E00403684( *((intOrPtr*)(__edx + 0x10)), "GETINIBOOL");
									if(__eflags != 0) {
										E00403684( *((intOrPtr*)(__edx + 0x10)), "INIKEYEXISTS");
										if(__eflags != 0) {
											E00403684( *((intOrPtr*)(__edx + 0x10)), "ISINISECTIONEMPTY");
											if(__eflags != 0) {
												E00403684( *((intOrPtr*)(__edx + 0x10)), "SETINISTRING");
												if(__eflags != 0) {
													E00403684( *((intOrPtr*)(__edx + 0x10)), "SETINIINT");
													if(__eflags != 0) {
														E00403684( *((intOrPtr*)(__edx + 0x10)), "SETINIBOOL");
														if(__eflags != 0) {
															E00403684( *((intOrPtr*)(__edx + 0x10)), "DELETEINIENTRY");
															if(__eflags != 0) {
																E00403684( *((intOrPtr*)(__edx + 0x10)), "DELETEINISECTION");
																if(__eflags != 0) {
																	E00403684( *((intOrPtr*)(__edx + 0x10)), "GETENV");
																	if(__eflags != 0) {
																		E00403684( *((intOrPtr*)(__edx + 0x10)), "GETCMDTAIL");
																		if(__eflags != 0) {
																			E00403684( *((intOrPtr*)(__edx + 0x10)), "PARAMCOUNT");
																			if(__eflags != 0) {
																				E00403684( *((intOrPtr*)(__edx + 0x10)), "PARAMSTR");
																				if(__eflags != 0) {
																					E00403684( *((intOrPtr*)(__edx + 0x10)), "ADDBACKSLASH");
																					if(__eflags != 0) {
																						E00403684( *((intOrPtr*)(__edx + 0x10)), "REMOVEBACKSLASH");
																						if(__eflags != 0) {
																							E00403684( *((intOrPtr*)(__edx + 0x10)), "REMOVEBACKSLASHUNLESSROOT");
																							if(__eflags != 0) {
																								E00403684( *((intOrPtr*)(__edx + 0x10)), "ADDQUOTES");
																								if(__eflags != 0) {
																									E00403684( *((intOrPtr*)(__edx + 0x10)), "REMOVEQUOTES");
																									if(__eflags != 0) {
																										E00403684( *((intOrPtr*)(__edx + 0x10)), "GETSHORTNAME");
																										if(__eflags != 0) {
																											E00403684( *((intOrPtr*)(__edx + 0x10)), "GETWINDIR");
																											if(__eflags != 0) {
																												E00403684( *((intOrPtr*)(__edx + 0x10)), "GETSYSTEMDIR");
																												if(__eflags != 0) {
																													E00403684( *((intOrPtr*)(__edx + 0x10)), "GETSYSWOW64DIR");
																													if(__eflags != 0) {
																														E00403684( *((intOrPtr*)(__edx + 0x10)), "GETSYSNATIVEDIR");
																														if(__eflags != 0) {
																															E00403684( *((intOrPtr*)(__edx + 0x10)), "GETTEMPDIR");
																															if(__eflags != 0) {
																																E00403684( *((intOrPtr*)(__edx + 0x10)), "STRINGCHANGE");
																																if(__eflags != 0) {
																																	E00403684( *((intOrPtr*)(__edx + 0x10)), "STRINGCHANGEEX");
																																	if(__eflags != 0) {
																																		_t491 = E00403684( *((intOrPtr*)(__edx + 0x10)), "USINGWINNT");
																																		if(__eflags != 0) {
																																			E00403684( *((intOrPtr*)(__edx + 0x10)), "FILECOPY");
																																			if(__eflags != 0) {
																																				E00403684( *((intOrPtr*)(__edx + 0x10)), "CONVERTPERCENTSTR");
																																				if(__eflags != 0) {
																																					E00403684( *((intOrPtr*)(__edx + 0x10)), "REGKEYEXISTS");
																																					if(__eflags != 0) {
																																						E00403684( *((intOrPtr*)(__edx + 0x10)), "REGVALUEEXISTS");
																																						if(__eflags != 0) {
																																							E00403684( *((intOrPtr*)(__edx + 0x10)), "REGDELETEKEYINCLUDINGSUBKEYS");
																																							if(__eflags != 0) {
																																								E00403684( *((intOrPtr*)(__edx + 0x10)), "REGDELETEKEYIFEMPTY");
																																								if(__eflags != 0) {
																																									E00403684( *((intOrPtr*)(__edx + 0x10)), "REGDELETEVALUE");
																																									if(__eflags != 0) {
																																										E00403684( *((intOrPtr*)(__edx + 0x10)), "REGGETSUBKEYNAMES");
																																										if(__eflags != 0) {
																																											E00403684( *((intOrPtr*)(__edx + 0x10)), "REGGETVALUENAMES");
																																											if(__eflags != 0) {
																																												E00403684( *((intOrPtr*)(__edx + 0x10)), "REGQUERYSTRINGVALUE");
																																												if(__eflags != 0) {
																																													E00403684( *((intOrPtr*)(__edx + 0x10)), "REGQUERYMULTISTRINGVALUE");
																																													if(__eflags != 0) {
																																														E00403684( *((intOrPtr*)(__edx + 0x10)), "REGQUERYDWORDVALUE");
																																														if(__eflags != 0) {
																																															E00403684( *((intOrPtr*)(__edx + 0x10)), "REGQUERYBINARYVALUE");
																																															if(__eflags != 0) {
																																																E00403684( *((intOrPtr*)(__edx + 0x10)), "REGWRITESTRINGVALUE");
																																																if(__eflags != 0) {
																																																	E00403684( *((intOrPtr*)(__edx + 0x10)), "REGWRITEEXPANDSTRINGVALUE");
																																																	if(__eflags != 0) {
																																																		E00403684( *((intOrPtr*)(__edx + 0x10)), "REGWRITEMULTISTRINGVALUE");
																																																		if(__eflags != 0) {
																																																			E00403684( *((intOrPtr*)(__edx + 0x10)), "REGWRITEDWORDVALUE");
																																																			if(__eflags != 0) {
																																																				E00403684( *((intOrPtr*)(__edx + 0x10)), "REGWRITEBINARYVALUE");
																																																				if(__eflags != 0) {
																																																					E00403684( *((intOrPtr*)(__edx + 0x10)), "ISADMINLOGGEDON");
																																																					if(__eflags != 0) {
																																																						E00403684( *((intOrPtr*)(__edx + 0x10)), "ISPOWERUSERLOGGEDON");
																																																						if(__eflags != 0) {
																																																							E00403684( *((intOrPtr*)(__edx + 0x10)), "FONTEXISTS");
																																																							if(__eflags != 0) {
																																																								E00403684( *((intOrPtr*)(__edx + 0x10)), "GETUILANGUAGE");
																																																								if(__eflags != 0) {
																																																									E00403684( *((intOrPtr*)(__edx + 0x10)), "ADDPERIOD");
																																																									if(__eflags != 0) {
																																																										E00403684( *((intOrPtr*)(__edx + 0x10)), "CHARLENGTH");
																																																										if(__eflags != 0) {
																																																											E00403684( *((intOrPtr*)(__edx + 0x10)), "SETNTFSCOMPRESSION");
																																																											if(__eflags != 0) {
																																																												_v5 = 0;
																																																											} else {
																																																												E00446FF8(_t1256,  &_v72, _t1932 - 1, __edx);
																																																												_push(_v72);
																																																												_t553 = E00446F50(_t1256, _t1932 - 2, _t1924, _t1932, __fp0);
																																																												_t554 =  *0x49d44a; // 0x1
																																																												_pop(_t1543);
																																																												E004470D0(_t1256, E00452F04(_t554, _t553, _t1543, __eflags), _t1932, _t1934, __fp0);
																																																											}
																																																										} else {
																																																											E00446FF8(_t1256,  &_v72, _t1932 - 1, __edx);
																																																											_push(_v72);
																																																											_t562 = E00446F9C(_t1256,  &_v72, _t1932 - 2, __fp0);
																																																											_pop(_t563);
																																																											E00447278(_t1256, E0042C444(_t563, _t562), _t1932, _t1934, __fp0);
																																																										}
																																																									} else {
																																																										E00446FF8(_t1256,  &_v76, _t1932 - 1, __edx);
																																																										E0042E6AC(_v76,  &_v76,  &_v72);
																																																										E0044734C(_t1256, _v72, _t1932, _t1934);
																																																									}
																																																								} else {
																																																									E00447278(_t1256, E0042E418(_t1256, __edx, _t1932) & 0x0000ffff, _t1932, _t1934, __fp0);
																																																								}
																																																							} else {
																																																								E00446FF8(_t1256,  &_v72, _t1932 - 1, __edx);
																																																								E004470D0(_t1256, E0042E31C(_v72, _t1256), _t1932, _t1934, __fp0);
																																																							}
																																																						} else {
																																																							E004470D0(_t1256, E0042E2C4(), _t1932, _t1934, __fp0);
																																																						}
																																																					} else {
																																																						E004470D0(_t1256, E0042E2B8(), _t1932, _t1934, __fp0);
																																																					}
																																																				} else {
																																																					E0048E0D8(E00446F9C(_t1256, _t1257, _t1932 - 1, __fp0),  &_v24,  &_v13);
																																																					E00446FF8(_t1256,  &_v28, _t1932 - 2, _t1924);
																																																					_t597 = E0042DDE4(_v13, E00403738(_v28), _v24, 0,  &_v20, 0, 2, 0, 0, 0);
																																																					__eflags = _t597;
																																																					if(_t597 != 0) {
																																																						E004470D0(_t1256, 0, _t1932, _t1934, __fp0);
																																																					} else {
																																																						E00446FF8(_t1256,  &_v32, _t1932 - 3, _t1924);
																																																						E0048D0D4(_t1256,  &_v40, _t1932 - 4);
																																																						_t605 = E00403574(_v40);
																																																						_t607 = E00403744( &_v40);
																																																						_t611 = RegSetValueExA(_v20, E00403738(_v32), 0, 3, _t607, _t605);
																																																						__eflags = _t611;
																																																						if(_t611 != 0) {
																																																							__eflags = 0;
																																																							E004470D0(_t1256, 0, _t1932, _t1934, __fp0);
																																																						} else {
																																																							E004470D0(_t1256, 1, _t1932, _t1934, __fp0);
																																																						}
																																																						RegCloseKey(_v20);
																																																					}
																																																				}
																																																			} else {
																																																				E0048E0D8(E00446F9C(_t1256, _t1257, _t1932 - 1, __fp0),  &_v24,  &_v13);
																																																				E00446FF8(_t1256,  &_v28, _t1932 - 2, _t1924);
																																																				_t627 = E0042DDE4(_v13, E00403738(_v28), _v24, 0,  &_v20, 0, 2, 0, 0, 0);
																																																				__eflags = _t627;
																																																				if(_t627 != 0) {
																																																					E004470D0(_t1256, 0, _t1932, _t1934, __fp0);
																																																				} else {
																																																					E00446FF8(_t1256,  &_v32, _t1932 - 3, _t1924);
																																																					_v52 = E00446F9C(_t1256,  &_v32, _t1932 - 4, __fp0);
																																																					_t638 = RegSetValueExA(_v20, E00403738(_v32), 0, 4,  &_v52, 4);
																																																					__eflags = _t638;
																																																					if(_t638 != 0) {
																																																						__eflags = 0;
																																																						E004470D0(_t1256, 0, _t1932, _t1934, __fp0);
																																																					} else {
																																																						E004470D0(_t1256, 1, _t1932, _t1934, __fp0);
																																																					}
																																																					RegCloseKey(_v20);
																																																				}
																																																			}
																																																		} else {
																																																			E0048E0D8(E00446F9C(_t1256, _t1257, _t1932 - 1, __fp0),  &_v24,  &_v13);
																																																			E00446FF8(_t1256,  &_v28, _t1932 - 2, _t1924);
																																																			_t654 = E0042DDE4(_v13, E00403738(_v28), _v24, 0,  &_v20, 0, 2, 0, 0, 0);
																																																			__eflags = _t654;
																																																			if(_t654 != 0) {
																																																				E004470D0(_t1256, 0, _t1932, _t1934, __fp0);
																																																			} else {
																																																				E00446FF8(_t1256,  &_v32, _t1932 - 3, _t1924);
																																																				E00446FF8(_t1256,  &_v36, _t1932 - 4, _t1924);
																																																				__eflags = _v36;
																																																				if(_v36 != 0) {
																																																					_t677 = E00403574(_v36);
																																																					_t1600 = _v36;
																																																					__eflags =  *((char*)(_t1600 + _t677 - 1));
																																																					if( *((char*)(_t1600 + _t677 - 1)) != 0) {
																																																						E0040357C( &_v36, 0x48fe88);
																																																					}
																																																				}
																																																				_t662 = E00403574(_v36);
																																																				_t665 = E00403738(_v36);
																																																				_t669 = RegSetValueExA(_v20, E00403738(_v32), 0, 7, _t665, _t662 + 1);
																																																				__eflags = _t669;
																																																				if(_t669 != 0) {
																																																					__eflags = 0;
																																																					E004470D0(_t1256, 0, _t1932, _t1934, _t1939);
																																																				} else {
																																																					E004470D0(_t1256, 1, _t1932, _t1934, _t1939);
																																																				}
																																																				RegCloseKey(_v20);
																																																			}
																																																		}
																																																	} else {
																																																		E0048E0D8(E00446F9C(_t1256, _t1257, _t1932 - 1, __fp0),  &_v24,  &_v13);
																																																		E00446FF8(_t1256,  &_v28, _t1932 - 2, _t1924);
																																																		_t689 = E0042DDE4(_v13, E00403738(_v28), _v24, 0,  &_v20, 0, 2, 0, 0, 0);
																																																		__eflags = _t689;
																																																		if(_t689 != 0) {
																																																			E004470D0(_t1256, 0, _t1932, _t1934, __fp0);
																																																		} else {
																																																			E00446FF8(_t1256,  &_v32, _t1932 - 3, _t1924);
																																																			E00446FF8(_t1256,  &_v36, _t1932 - 4, _t1924);
																																																			_t697 = E00403574(_v36);
																																																			_t700 = E00403738(_v36);
																																																			_t704 = RegSetValueExA(_v20, E00403738(_v32), 0, 2, _t700, _t697 + 1);
																																																			__eflags = _t704;
																																																			if(_t704 != 0) {
																																																				__eflags = 0;
																																																				E004470D0(_t1256, 0, _t1932, _t1934, __fp0);
																																																			} else {
																																																				E004470D0(_t1256, 1, _t1932, _t1934, __fp0);
																																																			}
																																																			RegCloseKey(_v20);
																																																		}
																																																	}
																																																	goto L172;
																																																}
																																																E0048E0D8(E00446F9C(_t1256, _t1257, _t1932 - 1, __fp0),  &_v24,  &_v13);
																																																E00446FF8(_t1256,  &_v28, _t1932 - 2, _t1924);
																																																_t720 = E0042DDE4(_v13, E00403738(_v28), _v24, 0,  &_v20, 0, 3, 0, 0, 0);
																																																__eflags = _t720;
																																																if(_t720 != 0) {
																																																	E004470D0(_t1256, 0, _t1932, _t1934, __fp0);
																																																	goto L172;
																																																}
																																																E00446FF8(_t1256,  &_v32, _t1932 - 3, _t1924);
																																																E00446FF8(_t1256,  &_v36, _t1932 - 4, _t1924);
																																																_t1925 = E00403738(_v32);
																																																_t731 = RegQueryValueExA(_v20, _t1925, 0,  &_v48, 0, 0);
																																																__eflags = _t731;
																																																if(_t731 != 0) {
																																																	L120:
																																																	_v44 = 1;
																																																	L121:
																																																	_t733 = E00403574(_v36);
																																																	_t739 = RegSetValueExA(_v20, _t1925, 0, _v44, E00403738(_v36), _t733 + 1);
																																																	__eflags = _t739;
																																																	if(_t739 != 0) {
																																																		__eflags = 0;
																																																		E004470D0(_t1256, 0, _t1932, _t1934, _t1939);
																																																	} else {
																																																		E004470D0(_t1256, 1, _t1932, _t1934, _t1939);
																																																	}
																																																	RegCloseKey(_v20);
																																																	goto L172;
																																																}
																																																__eflags = _v48 - 2;
																																																if(_v48 != 2) {
																																																	goto L120;
																																																}
																																																_v44 = 2;
																																																goto L121;
																																															}
																																															E0048E0D8(E00446F9C(_t1256, _t1257, _t1932 - 1, __fp0),  &_v24,  &_v13);
																																															E00446FF8(_t1256,  &_v28, _t1932 - 2, _t1924);
																																															_t755 = E0042DE1C(_v13, E00403738(_v28), _v24,  &_v20, 1, 0);
																																															__eflags = _t755;
																																															if(_t755 != 0) {
																																																E004470D0(_t1256, 0, _t1932, _t1934, __fp0);
																																																goto L172;
																																															}
																																															E00446FF8(_t1256,  &_v32, _t1932 - 3, _t1924);
																																															_t765 = RegQueryValueExA(_v20, E00403738(_v32), 0,  &_v44, 0,  &_v56);
																																															__eflags = _t765;
																																															if(_t765 != 0) {
																																																L112:
																																																__eflags = 0;
																																																E004470D0(_t1256, 0, _t1932, _t1934, _t1939);
																																																L113:
																																																RegCloseKey(_v20);
																																																goto L172;
																																															}
																																															__eflags = _v44 - 3;
																																															if(_v44 != 3) {
																																																goto L112;
																																															}
																																															E004038A4( &_v40, _v56);
																																															_t774 = E00403744( &_v40);
																																															_t779 = RegQueryValueExA(_v20, E00403738(_v32), 0,  &_v44, _t774,  &_v56);
																																															__eflags = _t779;
																																															if(_t779 != 0) {
																																																L111:
																																																E004470D0(_t1256, 0, _t1932, _t1934, _t1939);
																																																goto L113;
																																															}
																																															__eflags = _v44 - 3;
																																															if(_v44 != 3) {
																																																goto L111;
																																															}
																																															E0048D0EC();
																																															E004470D0(_t1256, 1, _t1932, _t1934, __fp0);
																																															goto L113;
																																														}
																																														E0048E0D8(E00446F9C(_t1256, _t1257, _t1932 - 1, __fp0),  &_v24,  &_v13);
																																														E00446FF8(_t1256,  &_v28, _t1932 - 2, _t1924);
																																														_t795 = E0042DE1C(_v13, E00403738(_v28), _v24,  &_v20, 1, 0);
																																														__eflags = _t795;
																																														if(_t795 != 0) {
																																															E004470D0(_t1256, 0, _t1932, _t1934, __fp0);
																																															goto L172;
																																														}
																																														E00446FF8(_t1256,  &_v32, _t1932 - 3, _t1924);
																																														_v56 = 4;
																																														_t806 = RegQueryValueExA(_v20, E00403738(_v32), 0,  &_v44,  &_v52,  &_v56);
																																														__eflags = _t806;
																																														if(_t806 != 0) {
																																															L101:
																																															__eflags = 0;
																																															E004470D0(_t1256, 0, _t1932, _t1934, _t1939);
																																															L102:
																																															RegCloseKey(_v20);
																																															goto L172;
																																														}
																																														__eflags = _v44 - 4;
																																														if(_v44 != 4) {
																																															goto L101;
																																														}
																																														E00447278(_t1256, _v52, _t1932 - 4, _t1934, __fp0);
																																														E004470D0(_t1256, 1, _t1932, _t1934, __fp0);
																																														goto L102;
																																													}
																																													E0048E0D8(E00446F9C(_t1256, _t1257, _t1932 - 1, __fp0),  &_v24,  &_v13);
																																													E00446FF8(_t1256,  &_v28, _t1932 - 2, _t1924);
																																													_t824 = E0042DE1C(_v13, E00403738(_v28), _v24,  &_v20, 1, 0);
																																													__eflags = _t824;
																																													if(_t824 != 0) {
																																														E004470D0(_t1256, 0, _t1932, _t1934, __fp0);
																																													} else {
																																														E00446FF8(_t1256,  &_v32, _t1932 - 3, _t1924);
																																														E00446FF8(_t1256,  &_v28, _t1932 - 4, _t1932 - 4);
																																														E00403738(_v32);
																																														E004470D0(_t1256, E0042DD58(), _t1932, _t1934, __fp0);
																																														E0044734C(_t1256, _v28, _t1932 - 4, _t1934);
																																														RegCloseKey(_v20);
																																													}
																																													goto L172;
																																												}
																																												E0048E0D8(E00446F9C(_t1256, _t1257, _t1932 - 1, __fp0),  &_v24,  &_v13);
																																												E00446FF8(_t1256,  &_v28, _t1932 - 2, _t1924);
																																												_t850 = E0042DE1C(_v13, E00403738(_v28), _v24,  &_v20, 1, 0); // executed
																																												__eflags = _t850;
																																												if(_t850 != 0) {
																																													E004470D0(_t1256, 0, _t1932, _t1934, __fp0);
																																												} else {
																																													E00446FF8(_t1256,  &_v32, _t1932 - 3, _t1924);
																																													E00446FF8(_t1256,  &_v28, _t1932 - 4, _t1932 - 4);
																																													E00403738(_v32);
																																													E004470D0(_t1256, E0042DD4C(), _t1932, _t1934, __fp0);
																																													E0044734C(_t1256, _v28, _t1932 - 4, _t1934);
																																													RegCloseKey(_v20);
																																												}
																																												goto L172;
																																											}
																																											E0048E0D8(E00446F9C(_t1256, _t1257, _t1932 - 1, __fp0),  &_v24,  &_v13);
																																											E004434C4(E00446FBC(_t1256, _t1932 - 3),  &_v68, 1);
																																											E00446FF8(_t1256,  &_v72, _t1932 - 2, _t1924);
																																											E004470D0(_t1256, E0048E1AC(_v13, _t1256, _v72, _v24, _t1924, _t1932, __eflags, 0,  &_v68), _t1932, _t1934, __fp0);
																																											goto L172;
																																										}
																																										E0048E0D8(E00446F9C(_t1256, _t1257, _t1932 - 1, __fp0),  &_v24,  &_v13);
																																										E004434C4(E00446FBC(_t1256, _t1932 - 3),  &_v68, 1);
																																										E00446FF8(_t1256,  &_v72, _t1932 - 2, _t1924);
																																										E004470D0(_t1256, E0048E1AC(_v13, _t1256, _v72, _v24, _t1924, _t1932, __eflags, 1,  &_v68), _t1932, _t1934, __fp0);
																																										goto L172;
																																									}
																																									E0048E0D8(E00446F9C(_t1256, _t1257, _t1932 - 1, __fp0),  &_v24,  &_v13);
																																									E00446FF8(_t1256,  &_v28, _t1932 - 2, _t1924);
																																									_t902 = E0042DE1C(_v13, E00403738(_v28), _v24,  &_v20, 2, 0);
																																									__eflags = _t902;
																																									if(_t902 != 0) {
																																										E004470D0(_t1256, 0, _t1932, _t1934, __fp0);
																																									} else {
																																										E00446FF8(_t1256,  &_v32, _t1932 - 3, _t1924);
																																										__eflags = RegDeleteValueA(_v20, E00403738(_v32));
																																										E004470D0(_t1256,  &_v32 & 0xffffff00 | RegDeleteValueA(_v20, E00403738(_v32)) == 0x00000000, _t1932, _t1934, __fp0);
																																										RegCloseKey(_v20);
																																									}
																																									goto L172;
																																								}
																																								E0048E0D8(E00446F9C(_t1256, _t1257, _t1932 - 1, __fp0),  &_v24,  &_v13);
																																								E00446FF8(_t1256,  &_v28, _t1932 - 2, _t1924);
																																								E004470D0(_t1256, _t921 & 0xffffff00 | E0042E014(_v13, E00403738(_v28), _v24, __eflags) == 0x00000000, _t1932, _t1934, __fp0);
																																								goto L172;
																																							}
																																							E0048E0D8(E00446F9C(_t1256, _t1257, _t1932 - 1, __fp0),  &_v24,  &_v13);
																																							E00446FF8(_t1256,  &_v28, _t1932 - 2, _t1924);
																																							__eflags = E0042DEC0(_v13, _t1256, E00403738(_v28), _v24, _t1924, _t1932);
																																							E004470D0(_t1256, _t932 & 0xffffff00 | E0042DEC0(_v13, _t1256, E00403738(_v28), _v24, _t1924, _t1932) == 0x00000000, _t1932, _t1934, __fp0);
																																							goto L172;
																																						}
																																						E0048E0D8(E00446F9C(_t1256, _t1257, _t1932 - 1, __fp0),  &_v24,  &_v13);
																																						E00446FF8(_t1256,  &_v28, _t1932 - 2, _t1924);
																																						_t946 = E0042DE1C(_v13, E00403738(_v28), _v24,  &_v20, 1, 0);
																																						__eflags = _t946;
																																						if(_t946 != 0) {
																																							E004470D0(_t1256, 0, _t1932, _t1934, __fp0);
																																						} else {
																																							E00446FF8(_t1256,  &_v32, _t1932 - 3, _t1924);
																																							E004470D0(_t1256, E0042DD64(_v20, E00403738(_v32)), _t1932, _t1934, __fp0);
																																							RegCloseKey(_v20);
																																						}
																																						goto L172;
																																					}
																																					E0048E0D8(E00446F9C(_t1256, _t1257, _t1932 - 1, __fp0),  &_v24,  &_v13);
																																					E00446FF8(_t1256,  &_v28, _t1932 - 2, _t1924);
																																					_t968 = E0042DE1C(_v13, E00403738(_v28), _v24,  &_v20, 1, 0);
																																					__eflags = _t968;
																																					if(_t968 != 0) {
																																						E004470D0(_t1256, 0, _t1932, _t1934, __fp0);
																																					} else {
																																						E004470D0(_t1256, 1, _t1932, _t1934, __fp0);
																																						RegCloseKey(_v20);
																																					}
																																					goto L172;
																																				}
																																				E00446FF8(_t1256,  &_v28, _t1932 - 1, __edx);
																																				E004470D0(_t1256, E0042D598( &_v28, _t1256, _t1924, _t1932), _t1932, _t1934, __fp0);
																																				E0044734C(_t1256, _v28, _t1932 - 1, _t1934);
																																				goto L172;
																																			}
																																			E00446FF8(_t1256,  &_v12, _t1932 - 1, __edx);
																																			_t1752 =  *0x49d0f8; // 0x21a2a54
																																			_t986 = E0042C608(_v12, _t1256,  &_v12, _t1752, _t1924, _t1932, __eflags);
																																			__eflags = _t986;
																																			if(_t986 == 0) {
																																				E004470D0(_t1256, 0, _t1932, _t1934, __fp0);
																																			} else {
																																				_t990 = E00446F50(_t1256, _t1932 - 3, _t1924, _t1932, __fp0);
																																				E00446FF8(_t1256,  &_v72, _t1932 - 2, _t1924);
																																				_t994 =  *0x49d44a; // 0x1
																																				_t995 = E00452880(_t994, _v72, _v12, __eflags, _t990 & 0x0000007f);
																																				asm("sbb ecx, ecx");
																																				E004470D0(_t1256,  ~( ~_t995), _t1932, _t1934, __fp0);
																																			}
																																			goto L172;
																																		}
																																		E004470D0(_t1256, E0042DBF4(_t491), _t1932, _t1934, __fp0);
																																		goto L172;
																																	}
																																	E00446FF8(_t1256,  &_v28, _t1932 - 1, __edx);
																																	_push(E00446F50(_t1256, _t1932 - 4, _t1924, _t1932, __fp0));
																																	E00446FF8(_t1256,  &_v72, _t1932 - 3, _t1924);
																																	_push(_v72);
																																	E00446FF8(_t1256,  &_v76, _t1932 - 2, _t1924);
																																	_pop(_t1395);
																																	E00447278(_t1256, E0042DB10( &_v28, _t1395, _v76), _t1932, _t1934, __fp0);
																																	E0044734C(_t1256, _v28, _t1932 - 1, _t1934);
																																	goto L172;
																																}
																																E00446FF8(_t1256,  &_v28, _t1932 - 1, __edx);
																																E00446FF8(_t1256,  &_v72, _t1932 - 3, _t1924);
																																_push(_v72);
																																E00446FF8(_t1256,  &_v76, _t1932 - 2, _t1924);
																																E00447278(_t1256, E0042DBC8(), _t1932, _t1934, __fp0);
																																E0044734C(_t1256, _v28, _t1932 - 1, _t1934);
																																goto L172;
																															}
																															E0042DA18( &_v72, _t1256, _t1257, __edx, _t1932);
																															E0044734C(_t1256, _v72, _t1932, _t1934);
																															goto L172;
																														}
																														_t1033 =  *0x49d43e; // 0x1
																														E0042D974(_t1033, _t1256, _t1257,  &_v72, __edx, _t1932);
																														E0044734C(_t1256, _v72, _t1932, _t1934);
																														goto L172;
																													}
																													E0042D8F0( &_v72);
																													E0044734C(_t1256, _v72, _t1932, _t1934);
																													goto L172;
																												}
																												E0042D8C4( &_v72);
																												E0044734C(_t1256, _v72, _t1932, _t1934);
																												goto L172;
																											}
																											E0042D898( &_v72);
																											E0044734C(_t1256, _v72, _t1932, _t1934);
																											goto L172;
																										}
																										E00446FF8(_t1256,  &_v76, _t1932 - 1, __edx);
																										_t1051 =  *0x49d44a; // 0x1
																										E00452B58(_t1051,  &_v72, _v76, __eflags);
																										E0044734C(_t1256, _v72, _t1932, _t1934);
																										goto L172;
																									}
																									E00446FF8(_t1256,  &_v76, _t1932 - 1, __edx);
																									E0042D540(_v76,  &_v76,  &_v72);
																									E0044734C(_t1256, _v72, _t1932, _t1934);
																								} else {
																									E00446FF8(_t1256,  &_v76, _t1932 - 1, __edx);
																									E0042D4E8(_v76,  &_v72, __eflags);
																									E0044734C(_t1256, _v72, _t1932, _t1934);
																								}
																							} else {
																								E00446FF8(_t1256,  &_v76, _t1932 - 1, __edx);
																								E0042CBC0(_v76,  &_v76,  &_v72, __eflags);
																								E0044734C(_t1256, _v72, _t1932, _t1934);
																							}
																						} else {
																							E00446FF8(_t1256,  &_v76, _t1932 - 1, __edx);
																							E0042CB68(_v76,  &_v72);
																							E0044734C(_t1256, _v72, _t1932, _t1934);
																						}
																					} else {
																						E00446FF8(_t1256,  &_v76, _t1932 - 1, __edx);
																						E0042C3FC(_v76,  &_v72);
																						E0044734C(_t1256, _v72, _t1932, _t1934);
																					}
																				} else {
																					E0042D44C(E00446F9C(_t1256, _t1257, _t1932 - 1, __fp0), _t1256,  &_v72, _t1924, _t1932);
																					E0044734C(_t1256, _v72, _t1932, _t1934);
																				}
																			} else {
																				E00447278(_t1256, E0042D3F0(_t1256, __edx, _t1932, __eflags), _t1932, _t1934, __fp0);
																			}
																		} else {
																			E0042D32C( &_v72, _t1256, _t1257, __edx, _t1932, __eflags);
																			E0044734C(_t1256, _v72, _t1932, _t1934);
																		}
																	} else {
																		E00446FF8(_t1256,  &_v76, _t1932 - 1, __edx);
																		E0042D208(_v76,  &_v76,  &_v72);
																		E0044734C(_t1256, _v72, _t1932, _t1934);
																	}
																} else {
																	E00446FF8(_t1256,  &_v72, _t1932 - 1, __edx);
																	_push(_v72);
																	E00446FF8(_t1256,  &_v76, _t1932, _t1924);
																	_pop(_t1826);
																	E0042D1CC(_v76, _t1826);
																}
															} else {
																E00446FF8(_t1256,  &_v72, _t1932 - 2, __edx);
																_push(_v72);
																E00446FF8(_t1256,  &_v76, _t1932 - 1, _t1924);
																_push(_v76);
																E00446FF8(_t1256,  &_v80, _t1932, _t1924);
																_pop(_t1832);
																_pop(_t1432);
																E0042D180(_v80, _t1432, _t1832);
															}
														} else {
															E00446FF8(_t1256,  &_v72, _t1932 - 4, __edx);
															_push(_v72);
															E00446FF8(_t1256,  &_v76, _t1932 - 2, _t1924);
															_push(_v76);
															E00446FF8(_t1256,  &_v80, _t1932 - 1, _t1924);
															E004470D0(_t1256, E0042D168(E00446F50(_t1256, _t1932 - 3, _t1924, _t1932, __fp0), _v80), _t1932, _t1934, __fp0);
														}
													} else {
														E00446FF8(_t1256,  &_v72, _t1932 - 4, __edx);
														_push(_v72);
														E00446FF8(_t1256,  &_v76, _t1932 - 2, _t1924);
														_push(_v76);
														E00446FF8(_t1256,  &_v80, _t1932 - 1, _t1924);
														_push(_v80);
														_t1145 = E00446F9C(_t1256,  &_v80, _t1932 - 3, __fp0);
														_pop(_t1146);
														_pop(_t1851);
														E004470D0(_t1256, E0042D108(_t1146, _t1256, _t1145, _t1851, _t1924, _t1932), _t1932, _t1934, __fp0);
													}
												} else {
													E00446FF8(_t1256,  &_v72, _t1932 - 4, __edx);
													_push(_v72);
													E00446FF8(_t1256,  &_v76, _t1932 - 3, _t1924);
													_push(_v76);
													E00446FF8(_t1256,  &_v80, _t1932 - 2, _t1924);
													_push(_v80);
													E00446FF8(_t1256,  &_v84, _t1932 - 1, _t1924);
													_pop(_t1861);
													E004470D0(_t1256, E0042D098(_v84, _t1861), _t1932, _t1934, __fp0);
												}
											} else {
												E00446FF8(_t1256,  &_v72, _t1932 - 2, __edx);
												_push(_v72);
												E00446FF8(_t1256,  &_v76, _t1932 - 1, _t1924);
												_pop(_t1867);
												E004470D0(_t1256, E0042D028(_v76, _t1867), _t1932, _t1934, __fp0);
											}
										} else {
											E00446FF8(_t1256,  &_v72, _t1932 - 3, __edx);
											_push(_v72);
											E00446FF8(_t1256,  &_v76, _t1932 - 2, _t1924);
											_push(_v76);
											E00446FF8(_t1256,  &_v80, _t1932 - 1, _t1924);
											_pop(_t1875);
											_pop(_t1455);
											E004470D0(_t1256, E0042CFDC(_v80, _t1455, _t1875, __eflags), _t1932, _t1934, __fp0);
										}
									} else {
										E00446FF8(_t1256,  &_v72, _t1932 - 4, __edx);
										_push(_v72);
										E00446FF8(_t1256,  &_v76, _t1932 - 2, _t1924);
										_push(_v76);
										E00446FF8(_t1256,  &_v80, _t1932 - 1, _t1924);
										_push(_v80);
										_t1196 = E00446F50(_t1256, _t1932 - 3, _t1924, _t1932, __fp0);
										_pop(_t1197);
										_pop(_t1885);
										E004470D0(_t1256, E0042CF2C(_t1197, _t1196, _t1885, __eflags), _t1932, _t1934, __fp0);
									}
								} else {
									_push(E00446F9C(_t1256, _t1257, _t1932 - 4, __fp0));
									_push(E00446F9C(_t1256, _t1257, _t1932 - 5, __fp0));
									E00446FF8(_t1256,  &_v72, _t1932 - 6, _t1924);
									_push(_v72);
									E00446FF8(_t1256,  &_v76, _t1932 - 2, _t1924);
									_push(_v76);
									E00446FF8(_t1256,  &_v80, _t1932 - 1, _t1924);
									_push(_v80);
									_t1215 = E00446F9C(_t1256,  &_v80, _t1932 - 3, __fp0);
									_pop(_t1216);
									_pop(_t1899);
									E00447278(_t1256, E0042CE98(_t1216, _t1256, _t1215, _t1899, _t1924, _t1932, __eflags), _t1932, _t1934, __fp0);
								}
							} else {
								E00446FF8(_t1256,  &_v76, _t1932 - 4, __edx);
								_push(_v76);
								_push( &_v72);
								E00446FF8(_t1256,  &_v80, _t1932 - 3, _t1924);
								_push(_v80);
								E00446FF8(_t1256,  &_v84, _t1932 - 2, _t1924);
								_push(_v84);
								E00446FF8(_t1256,  &_v88, _t1932 - 1, _t1924);
								_pop(_t1909);
								_pop(_t1471);
								E0042CD94(_v88, _t1256, _t1471, _t1909, _t1924, _t1932);
								E0044734C(_t1256, _v72, _t1932, _t1934);
							}
						} else {
							E00446FF8(_t1256,  &_v72, _t1932 - 1, __edx);
							_t1238 =  *0x49d44a; // 0x1
							E004470D0(_t1256, E004529F0(_t1238, _v72, __eflags), _t1932, _t1934, __fp0);
						}
					} else {
						E00446FF8(_t1256,  &_v72, _t1932 - 1, __edx);
						_t1244 =  *0x49d44a; // 0x1
						E004470D0(_t1256, E00452980(_t1244, _v72, __eflags), _t1932, _t1934, __fp0);
					}
					goto L172;
				} else {
					E00446FF8(_t1256,  &_v72, _t1932 - 1, __edx);
					_t1250 =  *0x49d44a; // 0x1
					E004470D0(_t1256, E00452DA0(_t1250, _v72, _t1937), _t1932, _t1934, __fp0);
					L172:
					_pop(_t1536);
					 *[fs:eax] = _t1536;
					_push(0x48f9e4);
					E00403420( &_v88, 5);
					E00403420( &_v40, 4);
					return E00403400( &_v12);
				}
			}





























































































                                                    0x0048e360
                                                    0x0048e361
                                                    0x0048e366
                                                    0x0048e367
                                                    0x0048e368
                                                    0x0048e36b
                                                    0x0048e36e
                                                    0x0048e371
                                                    0x0048e374
                                                    0x0048e377
                                                    0x0048e37a
                                                    0x0048e37d
                                                    0x0048e380
                                                    0x0048e383
                                                    0x0048e386
                                                    0x0048e389
                                                    0x0048e38b
                                                    0x0048e390
                                                    0x0048e391
                                                    0x0048e396
                                                    0x0048e399
                                                    0x0048e39f
                                                    0x0048e39f
                                                    0x0048e3a0
                                                    0x0048e3ac
                                                    0x0048e3b1
                                                    0x0048e3e5
                                                    0x0048e3ea
                                                    0x0048e41e
                                                    0x0048e423
                                                    0x0048e457
                                                    0x0048e45c
                                                    0x0048e4cb
                                                    0x0048e4d0
                                                    0x0048e550
                                                    0x0048e555
                                                    0x0048e5bb
                                                    0x0048e5c0
                                                    0x0048e617
                                                    0x0048e61c
                                                    0x0048e65f
                                                    0x0048e664
                                                    0x0048e6ce
                                                    0x0048e6d3
                                                    0x0048e739
                                                    0x0048e73e
                                                    0x0048e7a4
                                                    0x0048e7a9
                                                    0x0048e7f2
                                                    0x0048e7f7
                                                    0x0048e82c
                                                    0x0048e831
                                                    0x0048e864
                                                    0x0048e869
                                                    0x0048e88c
                                                    0x0048e891
                                                    0x0048e8b0
                                                    0x0048e8b5
                                                    0x0048e8e2
                                                    0x0048e8e7
                                                    0x0048e91a
                                                    0x0048e91f
                                                    0x0048e952
                                                    0x0048e957
                                                    0x0048e98a
                                                    0x0048e98f
                                                    0x0048e9c2
                                                    0x0048e9c7
                                                    0x0048e9fa
                                                    0x0048e9ff
                                                    0x0048ea37
                                                    0x0048ea3c
                                                    0x0048ea5f
                                                    0x0048ea64
                                                    0x0048ea87
                                                    0x0048ea8c
                                                    0x0048eaaf
                                                    0x0048eab4
                                                    0x0048eadc
                                                    0x0048eae1
                                                    0x0048eb04
                                                    0x0048eb09
                                                    0x0048eb6b
                                                    0x0048eb70
                                                    0x0048ebdf
                                                    0x0048ebe4
                                                    0x0048ec03
                                                    0x0048ec08
                                                    0x0048ec86
                                                    0x0048ec8b
                                                    0x0048ecc7
                                                    0x0048eccc
                                                    0x0048ed44
                                                    0x0048ed49
                                                    0x0048ede6
                                                    0x0048edeb
                                                    0x0048ee41
                                                    0x0048ee46
                                                    0x0048ee9c
                                                    0x0048eea1
                                                    0x0048ef41
                                                    0x0048ef46
                                                    0x0048efae
                                                    0x0048efb3
                                                    0x0048f01b
                                                    0x0048f020
                                                    0x0048f0dd
                                                    0x0048f0e2
                                                    0x0048f19f
                                                    0x0048f1a4
                                                    0x0048f27c
                                                    0x0048f281
                                                    0x0048f39b
                                                    0x0048f3a0
                                                    0x0048f4b2
                                                    0x0048f4b7
                                                    0x0048f593
                                                    0x0048f598
                                                    0x0048f69d
                                                    0x0048f6a2
                                                    0x0048f771
                                                    0x0048f776
                                                    0x0048f851
                                                    0x0048f856
                                                    0x0048f875
                                                    0x0048f87a
                                                    0x0048f899
                                                    0x0048f89e
                                                    0x0048f8cd
                                                    0x0048f8d2
                                                    0x0048f8f2
                                                    0x0048f8f7
                                                    0x0048f92a
                                                    0x0048f92f
                                                    0x0048f96b
                                                    0x0048f970
                                                    0x0048f9a9
                                                    0x0048f972
                                                    0x0048f97a
                                                    0x0048f982
                                                    0x0048f98a
                                                    0x0048f991
                                                    0x0048f996
                                                    0x0048f9a2
                                                    0x0048f9a2
                                                    0x0048f931
                                                    0x0048f939
                                                    0x0048f941
                                                    0x0048f949
                                                    0x0048f950
                                                    0x0048f95c
                                                    0x0048f95c
                                                    0x0048f8f9
                                                    0x0048f901
                                                    0x0048f90c
                                                    0x0048f918
                                                    0x0048f918
                                                    0x0048f8d4
                                                    0x0048f8e0
                                                    0x0048f8e0
                                                    0x0048f8a0
                                                    0x0048f8a8
                                                    0x0048f8bb
                                                    0x0048f8bb
                                                    0x0048f87c
                                                    0x0048f887
                                                    0x0048f887
                                                    0x0048f858
                                                    0x0048f863
                                                    0x0048f863
                                                    0x0048f77c
                                                    0x0048f78c
                                                    0x0048f79b
                                                    0x0048f7c0
                                                    0x0048f7c5
                                                    0x0048f7c7
                                                    0x0048f83f
                                                    0x0048f7c9
                                                    0x0048f7d3
                                                    0x0048f7e2
                                                    0x0048f7ea
                                                    0x0048f7f3
                                                    0x0048f80a
                                                    0x0048f80f
                                                    0x0048f811
                                                    0x0048f820
                                                    0x0048f826
                                                    0x0048f813
                                                    0x0048f819
                                                    0x0048f819
                                                    0x0048f82f
                                                    0x0048f82f
                                                    0x0048f7c7
                                                    0x0048f6a8
                                                    0x0048f6b8
                                                    0x0048f6c7
                                                    0x0048f6ec
                                                    0x0048f6f1
                                                    0x0048f6f3
                                                    0x0048f75f
                                                    0x0048f6f5
                                                    0x0048f6ff
                                                    0x0048f710
                                                    0x0048f72a
                                                    0x0048f72f
                                                    0x0048f731
                                                    0x0048f740
                                                    0x0048f746
                                                    0x0048f733
                                                    0x0048f739
                                                    0x0048f739
                                                    0x0048f74f
                                                    0x0048f74f
                                                    0x0048f6f3
                                                    0x0048f59e
                                                    0x0048f5ae
                                                    0x0048f5bd
                                                    0x0048f5e2
                                                    0x0048f5e7
                                                    0x0048f5e9
                                                    0x0048f68b
                                                    0x0048f5ef
                                                    0x0048f5f9
                                                    0x0048f608
                                                    0x0048f60d
                                                    0x0048f611
                                                    0x0048f616
                                                    0x0048f61b
                                                    0x0048f61e
                                                    0x0048f623
                                                    0x0048f62d
                                                    0x0048f62d
                                                    0x0048f623
                                                    0x0048f635
                                                    0x0048f63f
                                                    0x0048f656
                                                    0x0048f65b
                                                    0x0048f65d
                                                    0x0048f66c
                                                    0x0048f672
                                                    0x0048f65f
                                                    0x0048f665
                                                    0x0048f665
                                                    0x0048f67b
                                                    0x0048f67b
                                                    0x0048f5e9
                                                    0x0048f4bd
                                                    0x0048f4cd
                                                    0x0048f4dc
                                                    0x0048f501
                                                    0x0048f506
                                                    0x0048f508
                                                    0x0048f581
                                                    0x0048f50a
                                                    0x0048f514
                                                    0x0048f523
                                                    0x0048f52b
                                                    0x0048f535
                                                    0x0048f54c
                                                    0x0048f551
                                                    0x0048f553
                                                    0x0048f562
                                                    0x0048f568
                                                    0x0048f555
                                                    0x0048f55b
                                                    0x0048f55b
                                                    0x0048f571
                                                    0x0048f571
                                                    0x0048f508
                                                    0x00000000
                                                    0x0048f4b7
                                                    0x0048f3b6
                                                    0x0048f3c5
                                                    0x0048f3ea
                                                    0x0048f3ef
                                                    0x0048f3f1
                                                    0x0048f4a0
                                                    0x00000000
                                                    0x0048f4a0
                                                    0x0048f401
                                                    0x0048f410
                                                    0x0048f427
                                                    0x0048f42e
                                                    0x0048f433
                                                    0x0048f435
                                                    0x0048f446
                                                    0x0048f446
                                                    0x0048f44d
                                                    0x0048f450
                                                    0x0048f46b
                                                    0x0048f470
                                                    0x0048f472
                                                    0x0048f481
                                                    0x0048f487
                                                    0x0048f474
                                                    0x0048f47a
                                                    0x0048f47a
                                                    0x0048f490
                                                    0x00000000
                                                    0x0048f490
                                                    0x0048f437
                                                    0x0048f43b
                                                    0x00000000
                                                    0x00000000
                                                    0x0048f43d
                                                    0x00000000
                                                    0x0048f43d
                                                    0x0048f297
                                                    0x0048f2a6
                                                    0x0048f2c3
                                                    0x0048f2c8
                                                    0x0048f2ca
                                                    0x0048f389
                                                    0x00000000
                                                    0x0048f389
                                                    0x0048f2da
                                                    0x0048f2f8
                                                    0x0048f2fd
                                                    0x0048f2ff
                                                    0x0048f36a
                                                    0x0048f36a
                                                    0x0048f370
                                                    0x0048f375
                                                    0x0048f379
                                                    0x00000000
                                                    0x0048f379
                                                    0x0048f301
                                                    0x0048f305
                                                    0x00000000
                                                    0x00000000
                                                    0x0048f30d
                                                    0x0048f319
                                                    0x0048f332
                                                    0x0048f337
                                                    0x0048f339
                                                    0x0048f35d
                                                    0x0048f363
                                                    0x00000000
                                                    0x0048f363
                                                    0x0048f33b
                                                    0x0048f33f
                                                    0x00000000
                                                    0x00000000
                                                    0x0048f34b
                                                    0x0048f356
                                                    0x00000000
                                                    0x0048f356
                                                    0x0048f1ba
                                                    0x0048f1c9
                                                    0x0048f1e6
                                                    0x0048f1eb
                                                    0x0048f1ed
                                                    0x0048f26a
                                                    0x00000000
                                                    0x0048f26a
                                                    0x0048f1f9
                                                    0x0048f1fe
                                                    0x0048f220
                                                    0x0048f225
                                                    0x0048f227
                                                    0x0048f24b
                                                    0x0048f24b
                                                    0x0048f251
                                                    0x0048f256
                                                    0x0048f25a
                                                    0x00000000
                                                    0x0048f25a
                                                    0x0048f229
                                                    0x0048f22d
                                                    0x00000000
                                                    0x00000000
                                                    0x0048f239
                                                    0x0048f244
                                                    0x00000000
                                                    0x0048f244
                                                    0x0048f0f8
                                                    0x0048f107
                                                    0x0048f124
                                                    0x0048f129
                                                    0x0048f12b
                                                    0x0048f18d
                                                    0x0048f12d
                                                    0x0048f137
                                                    0x0048f148
                                                    0x0048f150
                                                    0x0048f168
                                                    0x0048f174
                                                    0x0048f17d
                                                    0x0048f17d
                                                    0x00000000
                                                    0x0048f12b
                                                    0x0048f036
                                                    0x0048f045
                                                    0x0048f062
                                                    0x0048f067
                                                    0x0048f069
                                                    0x0048f0cb
                                                    0x0048f06b
                                                    0x0048f075
                                                    0x0048f086
                                                    0x0048f08e
                                                    0x0048f0a6
                                                    0x0048f0b2
                                                    0x0048f0bb
                                                    0x0048f0bb
                                                    0x00000000
                                                    0x0048f069
                                                    0x0048efc5
                                                    0x0048efdb
                                                    0x0048eff0
                                                    0x0048f009
                                                    0x00000000
                                                    0x0048f009
                                                    0x0048ef58
                                                    0x0048ef6e
                                                    0x0048ef83
                                                    0x0048ef9c
                                                    0x00000000
                                                    0x0048ef9c
                                                    0x0048eeb7
                                                    0x0048eec6
                                                    0x0048eee3
                                                    0x0048eee8
                                                    0x0048eeea
                                                    0x0048ef2f
                                                    0x0048eeec
                                                    0x0048eef6
                                                    0x0048ef0d
                                                    0x0048ef16
                                                    0x0048ef1f
                                                    0x0048ef1f
                                                    0x00000000
                                                    0x0048eeea
                                                    0x0048ee58
                                                    0x0048ee67
                                                    0x0048ee8a
                                                    0x00000000
                                                    0x0048ee8a
                                                    0x0048edfd
                                                    0x0048ee0c
                                                    0x0048ee26
                                                    0x0048ee2f
                                                    0x00000000
                                                    0x0048ee2f
                                                    0x0048ed5f
                                                    0x0048ed6e
                                                    0x0048ed8b
                                                    0x0048ed90
                                                    0x0048ed92
                                                    0x0048edd4
                                                    0x0048ed94
                                                    0x0048ed9e
                                                    0x0048edbb
                                                    0x0048edc4
                                                    0x0048edc4
                                                    0x00000000
                                                    0x0048ed92
                                                    0x0048ecde
                                                    0x0048eced
                                                    0x0048ed0a
                                                    0x0048ed0f
                                                    0x0048ed11
                                                    0x0048ed32
                                                    0x0048ed13
                                                    0x0048ed19
                                                    0x0048ed22
                                                    0x0048ed22
                                                    0x00000000
                                                    0x0048ed11
                                                    0x0048ec95
                                                    0x0048eca8
                                                    0x0048ecb5
                                                    0x00000000
                                                    0x0048ecb5
                                                    0x0048ec12
                                                    0x0048ec17
                                                    0x0048ec20
                                                    0x0048ec25
                                                    0x0048ec27
                                                    0x0048ec74
                                                    0x0048ec29
                                                    0x0048ec30
                                                    0x0048ec43
                                                    0x0048ec4e
                                                    0x0048ec53
                                                    0x0048ec5c
                                                    0x0048ec64
                                                    0x0048ec64
                                                    0x00000000
                                                    0x0048ec27
                                                    0x0048ebf1
                                                    0x00000000
                                                    0x0048ebf1
                                                    0x0048eb7a
                                                    0x0048eb8b
                                                    0x0048eb96
                                                    0x0048eb9e
                                                    0x0048eba9
                                                    0x0048ebb4
                                                    0x0048ebc0
                                                    0x0048ebcd
                                                    0x00000000
                                                    0x0048ebcd
                                                    0x0048eb13
                                                    0x0048eb22
                                                    0x0048eb2a
                                                    0x0048eb35
                                                    0x0048eb4c
                                                    0x0048eb59
                                                    0x00000000
                                                    0x0048eb59
                                                    0x0048eae6
                                                    0x0048eaf2
                                                    0x00000000
                                                    0x0048eaf2
                                                    0x0048eab9
                                                    0x0048eabe
                                                    0x0048eaca
                                                    0x00000000
                                                    0x0048eaca
                                                    0x0048ea91
                                                    0x0048ea9d
                                                    0x00000000
                                                    0x0048ea9d
                                                    0x0048ea69
                                                    0x0048ea75
                                                    0x00000000
                                                    0x0048ea75
                                                    0x0048ea41
                                                    0x0048ea4d
                                                    0x00000000
                                                    0x0048ea4d
                                                    0x0048ea09
                                                    0x0048ea14
                                                    0x0048ea19
                                                    0x0048ea25
                                                    0x00000000
                                                    0x0048ea25
                                                    0x0048e9d1
                                                    0x0048e9dc
                                                    0x0048e9e8
                                                    0x0048e991
                                                    0x0048e999
                                                    0x0048e9a4
                                                    0x0048e9b0
                                                    0x0048e9b0
                                                    0x0048e959
                                                    0x0048e961
                                                    0x0048e96c
                                                    0x0048e978
                                                    0x0048e978
                                                    0x0048e921
                                                    0x0048e929
                                                    0x0048e934
                                                    0x0048e940
                                                    0x0048e940
                                                    0x0048e8e9
                                                    0x0048e8f1
                                                    0x0048e8fc
                                                    0x0048e908
                                                    0x0048e908
                                                    0x0048e8b7
                                                    0x0048e8c4
                                                    0x0048e8d0
                                                    0x0048e8d0
                                                    0x0048e893
                                                    0x0048e89e
                                                    0x0048e89e
                                                    0x0048e86b
                                                    0x0048e86e
                                                    0x0048e87a
                                                    0x0048e87a
                                                    0x0048e833
                                                    0x0048e83b
                                                    0x0048e846
                                                    0x0048e852
                                                    0x0048e852
                                                    0x0048e7f9
                                                    0x0048e801
                                                    0x0048e809
                                                    0x0048e811
                                                    0x0048e819
                                                    0x0048e81a
                                                    0x0048e81a
                                                    0x0048e7ab
                                                    0x0048e7b5
                                                    0x0048e7bd
                                                    0x0048e7c6
                                                    0x0048e7ce
                                                    0x0048e7d6
                                                    0x0048e7de
                                                    0x0048e7df
                                                    0x0048e7e0
                                                    0x0048e7e0
                                                    0x0048e740
                                                    0x0048e74a
                                                    0x0048e752
                                                    0x0048e75d
                                                    0x0048e765
                                                    0x0048e76e
                                                    0x0048e792
                                                    0x0048e792
                                                    0x0048e6d5
                                                    0x0048e6df
                                                    0x0048e6e7
                                                    0x0048e6f2
                                                    0x0048e6fa
                                                    0x0048e703
                                                    0x0048e70b
                                                    0x0048e713
                                                    0x0048e71a
                                                    0x0048e71b
                                                    0x0048e727
                                                    0x0048e727
                                                    0x0048e666
                                                    0x0048e670
                                                    0x0048e678
                                                    0x0048e683
                                                    0x0048e68b
                                                    0x0048e696
                                                    0x0048e69e
                                                    0x0048e6a7
                                                    0x0048e6af
                                                    0x0048e6bc
                                                    0x0048e6bc
                                                    0x0048e61e
                                                    0x0048e628
                                                    0x0048e630
                                                    0x0048e639
                                                    0x0048e641
                                                    0x0048e64d
                                                    0x0048e64d
                                                    0x0048e5c2
                                                    0x0048e5cc
                                                    0x0048e5d4
                                                    0x0048e5df
                                                    0x0048e5e7
                                                    0x0048e5f0
                                                    0x0048e5f8
                                                    0x0048e5f9
                                                    0x0048e605
                                                    0x0048e605
                                                    0x0048e557
                                                    0x0048e561
                                                    0x0048e569
                                                    0x0048e574
                                                    0x0048e57c
                                                    0x0048e585
                                                    0x0048e58d
                                                    0x0048e595
                                                    0x0048e59c
                                                    0x0048e59d
                                                    0x0048e5a9
                                                    0x0048e5a9
                                                    0x0048e4d2
                                                    0x0048e4de
                                                    0x0048e4eb
                                                    0x0048e4f6
                                                    0x0048e4fe
                                                    0x0048e509
                                                    0x0048e511
                                                    0x0048e51a
                                                    0x0048e522
                                                    0x0048e52a
                                                    0x0048e531
                                                    0x0048e532
                                                    0x0048e53e
                                                    0x0048e53e
                                                    0x0048e45e
                                                    0x0048e468
                                                    0x0048e470
                                                    0x0048e474
                                                    0x0048e47f
                                                    0x0048e487
                                                    0x0048e492
                                                    0x0048e49a
                                                    0x0048e4a3
                                                    0x0048e4ab
                                                    0x0048e4ac
                                                    0x0048e4ad
                                                    0x0048e4b9
                                                    0x0048e4b9
                                                    0x0048e425
                                                    0x0048e42d
                                                    0x0048e435
                                                    0x0048e445
                                                    0x0048e445
                                                    0x0048e3ec
                                                    0x0048e3f4
                                                    0x0048e3fc
                                                    0x0048e40c
                                                    0x0048e40c
                                                    0x00000000
                                                    0x0048e3b3
                                                    0x0048e3bb
                                                    0x0048e3c3
                                                    0x0048e3d3
                                                    0x0048f9ad
                                                    0x0048f9af
                                                    0x0048f9b2
                                                    0x0048f9b5
                                                    0x0048f9c2
                                                    0x0048f9cf
                                                    0x0048f9dc
                                                    0x0048f9dc

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: ADDBACKSLASH$ADDPERIOD$ADDQUOTES$CHARLENGTH$CONVERTPERCENTSTR$DELETEINIENTRY$DELETEINISECTION$DIREXISTS$FILECOPY$FILEEXISTS$FILEORDIREXISTS$FONTEXISTS$GETCMDTAIL$GETENV$GETINIBOOL$GETINIINT$GETINISTRING$GETSHORTNAME$GETSYSNATIVEDIR$GETSYSTEMDIR$GETSYSWOW64DIR$GETTEMPDIR$GETUILANGUAGE$GETWINDIR$INIKEYEXISTS$ISADMINLOGGEDON$ISINISECTIONEMPTY$ISPOWERUSERLOGGEDON$PARAMCOUNT$PARAMSTR$REGDELETEKEYIFEMPTY$REGDELETEKEYINCLUDINGSUBKEYS$REGDELETEVALUE$REGGETSUBKEYNAMES$REGGETVALUENAMES$REGKEYEXISTS$REGQUERYBINARYVALUE$REGQUERYDWORDVALUE$REGQUERYMULTISTRINGVALUE$REGQUERYSTRINGVALUE$REGVALUEEXISTS$REGWRITEBINARYVALUE$REGWRITEDWORDVALUE$REGWRITEEXPANDSTRINGVALUE$REGWRITEMULTISTRINGVALUE$REGWRITESTRINGVALUE$REMOVEBACKSLASH$REMOVEBACKSLASHUNLESSROOT$REMOVEQUOTES$SETINIBOOL$SETINIINT$SETINISTRING$SETNTFSCOMPRESSION$STRINGCHANGE$STRINGCHANGEEX$USINGWINNT
                                                    • API String ID: 0-4234653879
                                                    • Opcode ID: add2b8e199d916b027578dddde840a3806afbdb7ba50b6175dae497a2de70fb0
                                                    • Instruction ID: 7fa6873f8bec8e4d0890114630a126dfd32c1e999db0c1a9ce137a4c38a592d9
                                                    • Opcode Fuzzy Hash: add2b8e199d916b027578dddde840a3806afbdb7ba50b6175dae497a2de70fb0
                                                    • Instruction Fuzzy Hash: 28D27370B002055BDB14FF7AD8816AEA6B5AF88704F50893FF451A7386DE3CED0A8759
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004707F8, Relevance: 78.0, APIs: 4, Strings: 40, Instructions: 962COMMONCrypto
                                                    Download Yara Rule
                                                    C-Code - Quality: 91%
                                                    			E004707F8(signed int __eax, void* __ebx, intOrPtr __ecx, char __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, signed int* _a8, signed int _a12, intOrPtr _a16) {
				signed int _v8;
				char _v9;
				intOrPtr _v16;
				char _v17;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				signed int _v36;
				signed int _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v53;
				char _v54;
				char _v55;
				char _v56;
				char _v57;
				char _v58;
				char _v64;
				char _v65;
				signed short _v70;
				signed int _v72;
				signed short _v74;
				signed int _v76;
				signed short _v78;
				signed int _v80;
				signed short _v82;
				signed int _v84;
				char _v85;
				signed int _v86;
				char _v87;
				signed int _v92;
				struct _FILETIME _v100;
				struct _FILETIME _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				intOrPtr _v120;
				void _v140;
				char _v160;
				signed int _v164;
				char _v168;
				char _v172;
				char _v176;
				signed int _v180;
				char _v184;
				signed int _v188;
				char _v192;
				signed int _v196;
				char _v200;
				signed int _v204;
				char _v208;
				intOrPtr _v212;
				intOrPtr _v216;
				intOrPtr _v220;
				intOrPtr _v224;
				char _v228;
				char _v232;
				intOrPtr _t548;
				intOrPtr _t549;
				signed int _t563;
				char _t580;
				signed int _t585;
				signed int _t598;
				signed int _t599;
				intOrPtr _t607;
				intOrPtr _t614;
				signed int _t640;
				signed int _t661;
				signed int _t679;
				signed int _t740;
				signed int _t757;
				signed int _t767;
				signed int _t777;
				signed int _t784;
				signed int _t799;
				signed int _t804;
				signed int _t807;
				signed int _t808;
				void* _t821;
				signed int _t833;
				signed int _t842;
				void* _t855;
				signed int _t860;
				signed int _t861;
				signed int _t862;
				signed int _t866;
				signed int _t876;
				signed int _t890;
				FILETIME* _t911;
				signed int _t913;
				void* _t916;
				intOrPtr _t929;
				signed int _t935;
				signed int _t936;
				intOrPtr _t978;
				intOrPtr _t984;
				intOrPtr _t990;
				intOrPtr _t992;
				intOrPtr _t994;
				intOrPtr _t997;
				intOrPtr _t999;
				intOrPtr _t1000;
				intOrPtr _t1010;
				intOrPtr _t1014;
				intOrPtr _t1026;
				intOrPtr _t1029;
				intOrPtr _t1031;
				intOrPtr _t1034;
				intOrPtr _t1038;
				intOrPtr _t1047;
				intOrPtr _t1050;
				intOrPtr _t1052;
				intOrPtr _t1063;
				void* _t1070;
				void* _t1071;
				intOrPtr _t1072;
				void* _t1089;
				char _t1095;

				_t1068 = __esi;
				_t1065 = __edi;
				_t937 = __ecx;
				_t1070 = _t1071;
				_t1072 = _t1071 + 0xffffff1c;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v164 = 0;
				_v208 = 0;
				_v32 = 0;
				_v40 = 0;
				_v44 = 0;
				_v48 = 0;
				_v52 = 0;
				_v64 = 0;
				_v16 = __ecx;
				_v9 = __edx;
				_v8 = __eax;
				E00403728(_v16);
				E00403728(_a12);
				_push(_t1070);
				_push(0x471a56);
				_push( *[fs:eax]);
				 *[fs:eax] = _t1072;
				E00457D10("-- File entry --", 0, __ecx, __edi, __esi);
				_v55 = 0;
				_v54 = 0;
				_t933 =  *((intOrPtr*)(_v8 + 0x3c));
				if( *((intOrPtr*)(_v8 + 0x3c)) == 0xffffffff) {
					__eflags = 0;
					_v36 = 0;
				} else {
					_t929 =  *0x49d380; // 0x0
					_v36 = E0040B24C(_t929, _t933);
				}
				E00403400( &_v44);
				E00403400( &_v48);
				_v56 = 0;
				_v17 = 0;
				_t548 =  *0x49d0cc; // 0x3849af
				_v28 = _t548;
				_t549 =  *0x49d0d0; // 0x0
				_v24 = _t549;
				E00403400( &_v32);
				E00403400( &_v64);
				_push(_t1070);
				_push(0x47191d);
				_push( *[fs:edx]);
				 *[fs:edx] = _t1072;
				_push(_t1070);
				_push(0x4718d2);
				_push( *[fs:edx]);
				 *[fs:edx] = _t1072;
				_v58 = 0;
				_v92 = 0;
				if(_v9 != 0) {
					_v92 = _v92 | 0x00000800;
				}
				if(( *(_v8 + 0x4e) & 0x00000010) != 0) {
					_v92 = _v92 | 0x00000010;
				}
				if(( *(_v8 + 0x4e) & 0x00000020) != 0) {
					_v92 = _v92 | 0x00000040;
				}
				if(( *(_v8 + 0x4f) & 0x00000080) != 0) {
					_v92 = _v92 | 0x00000080;
				}
				if(( *(_v8 + 0x50) & 0x00000010) != 0) {
					_v92 = _v92 | 0x00000100;
				}
				if(( *(_v8 + 0x51) & 0x00000080) != 0) {
					_v92 = _v92 | 0x00001000;
				}
				E00403400( &_v52);
				_push(_t1070);
				_push(0x4709ab);
				_push( *[fs:eax]);
				 *[fs:eax] = _t1072;
				_t563 = _v8;
				_t1088 =  *((intOrPtr*)(_t563 + 0x52)) != 1;
				if( *((intOrPtr*)(_t563 + 0x52)) != 1) {
					__eflags = _a12;
					if(_a12 != 0) {
						E00403494( &_v44, _a12);
					} else {
						E0047C648( *((intOrPtr*)(_v8 + 4)), _t937,  &_v44);
					}
				} else {
					_t1063 =  *0x49d1c4; // 0x21f6f44
					E00403494( &_v44, _t1063);
				}
				E0042C804(_v44,  &_v164);
				E00403494( &_v44, _v164);
				_pop(_t978);
				 *[fs:eax] = _t978;
				E0046E278(_v44, _t933, 1, _t1065, _t1068, _t1088);
				_v172 = _v44;
				_v168 = 0xb;
				_t940 = 0;
				E00457F1C("Dest filename: %s", _t933, 0,  &_v172, _t1065, _t1068);
				_t1089 = _v9 -  *0x49d449; // 0x1
				if(_t1089 != 0) {
					if(_v9 == 0) {
						E00457D10("Non-default bitness: 32-bit", _t933, 0, _t1065, _t1068);
					} else {
						E00457D10("Non-default bitness: 64-bit", _t933, 0, _t1065, _t1068);
					}
				}
				_v86 = 0;
				if( *0x49d43d != 0 &&  *0x49d450 >= 0x5000000) {
					_t916 = E00454DD4(_v9, _t933, _v44, _t1065, _t1068); // executed
					if(_t916 != 0) {
						E00457D10("Dest file is protected by Windows File Protection.", _t933, _t940, _t1065, _t1068);
						_t89 =  &_v86;
						 *_t89 =  *((char*)(_v8 + 0x52)) == 0;
						_t1095 =  *_t89;
					}
				}
				_t580 = E00452DA0(_v9, _v44, _t1095); // executed
				_v53 = _t580;
				if(_v55 == 0) {
					_v54 = _v53;
					_v55 = 1;
				}
				if(_v54 != 0) {
					_v92 = _v92 | 0x00000001;
				}
				if(_v36 == 0) {
					_t940 =  &_v100;
					_t934 = E00454BF8( &_v100, _v16, __eflags);
				} else {
					if(( *(_v36 + 0x48) & 0x00000004) == 0) {
						_t911 = _v36 + 0x38;
						__eflags = _t911;
						LocalFileTimeToFileTime(_t911,  &_v100);
					} else {
						_t913 = _v36;
						_v100.dwLowDateTime =  *(_t913 + 0x38);
						_v100.dwHighDateTime =  *((intOrPtr*)(_t913 + 0x3c));
					}
					_t934 = 1;
				}
				if(_t934 == 0) {
					E00457D10("Time stamp of our file: (failed to read)", _t934, _t940, _t1065, _t1068);
				} else {
					E0046E760( &_v100,  &_v164);
					_v172 = _v164;
					_v168 = 0xb;
					_t940 = 0;
					E00457F1C("Time stamp of our file: %s", _t934, 0,  &_v172, _t1065, _t1068);
				}
				if(_v53 == 0) {
					_t585 = _v8;
					__eflags =  *(_t585 + 0x4f) & 0x00000020;
					if(( *(_t585 + 0x4f) & 0x00000020) == 0) {
						goto L110;
					} else {
						__eflags = _v54;
						if(_v54 != 0) {
							goto L110;
						} else {
							E00457D10("Skipping due to \"onlyifdestfileexists\" flag.", _t934, _t940, _t1065, _t1068);
							goto L133;
						}
					}
				} else {
					E00457D10("Dest file exists.", _t934, _t940, _t1065, _t1068);
					if(( *(_v8 + 0x50) & 0x00000001) == 0) {
						_t1026 =  *0x49cd4c; // 0x0
						E00403494( &_v32, _t1026);
						_t940 =  &_v108;
						_v85 = E00454BF8( &_v108, _v44, __eflags);
						__eflags = _v85;
						if(_v85 == 0) {
							E00457D10("Time stamp of existing file: (failed to read)", _t934,  &_v108, _t1065, _t1068);
						} else {
							E0046E760( &_v108,  &_v164);
							_v172 = _v164;
							_v168 = 0xb;
							_t940 = 0;
							E00457F1C("Time stamp of existing file: %s", _t934, 0,  &_v172, _t1065, _t1068);
						}
						_t767 = _v8;
						__eflags =  *(_t767 + 0x50) & 0x00000002;
						if(( *(_t767 + 0x50) & 0x00000002) != 0) {
							_v87 = 1;
							goto L81;
						} else {
							_v87 = 0;
							__eflags = _v36;
							if(_v36 == 0) {
								E0042C804(_v16,  &_v164);
								_t940 =  &_v76;
								_v65 = E00452BBC(_v9,  &_v76, _v164, __eflags);
							} else {
								_t890 = _v36;
								__eflags =  *(_t890 + 0x48) & 0x00000001;
								_v65 = _t890 & 0xffffff00 | ( *(_t890 + 0x48) & 0x00000001) != 0x00000000;
								_v76 =  *(_v36 + 0x40);
								_v72 =  *(_v36 + 0x44);
							}
							__eflags = _v65;
							if(_v65 == 0) {
								E00457D10("Version of our file: (none)", _t934, _t940, _t1065, _t1068);
							} else {
								_v204 = _v74 & 0x0000ffff;
								_v200 = 0;
								_v196 = _v76 & 0x0000ffff;
								_v192 = 0;
								_v188 = _v70 & 0x0000ffff;
								_v184 = 0;
								_v180 = _v72 & 0x0000ffff;
								_v176 = 0;
								E00457F1C("Version of our file: %u.%u.%u.%u", _t934, 3,  &_v204, _t1065, _t1068);
							}
							E0042C804(_v44,  &_v164);
							_t940 =  &_v84;
							_t833 = E00452BBC(_v9,  &_v84, _v164, __eflags);
							__eflags = _t833;
							if(_t833 == 0) {
								E00457D10("Version of existing file: (none)", _t934,  &_v84, _t1065, _t1068);
								__eflags = _v65;
								if(_v65 == 0) {
									_v87 = 1;
								}
								goto L81;
							} else {
								_v204 = _v82 & 0x0000ffff;
								_v200 = 0;
								_v196 = _v84 & 0x0000ffff;
								_v192 = 0;
								_v188 = _v78 & 0x0000ffff;
								_v184 = 0;
								_v180 = _v80 & 0x0000ffff;
								_v176 = 0;
								_t940 = 3;
								E00457F1C("Version of existing file: %u.%u.%u.%u", _t934, 3,  &_v204, _t1065, _t1068);
								__eflags = _v65;
								if(_v65 == 0) {
									L60:
									_t842 = _v8;
									 *(_t842 + 0x50) & 0x00000004 = (_t842 & 0xffffff00 | ( *(_t842 + 0x50) & 0x00000004) != 0x00000000) ^ 0x00000001 | _v86;
									if(((_t842 & 0xffffff00 | ( *(_t842 + 0x50) & 0x00000004) != 0x00000000) ^ 0x00000001 | _v86) != 0) {
										L62:
										E00457D10("Existing file is a newer version. Skipping.", _t934, _t940, _t1065, _t1068);
										goto L133;
									} else {
										E00403494( &_v164, _v44);
										E0040357C( &_v164, 0x471cb4);
										_t1047 =  *0x49cd84; // 0x0
										E0040357C( &_v164, _t1047);
										_t940 = 2;
										_t855 = E0047F3AC(_v164, _t934, 2, 0, _t1065, _t1068, 6, 1, 4);
										__eflags = _t855 - 7;
										if(_t855 == 7) {
											goto L81;
										} else {
											goto L62;
										}
									}
								} else {
									__eflags = _v84 - _v76;
									if(_v84 > _v76) {
										goto L60;
									} else {
										__eflags = _v84 - _v76;
										if(_v84 != _v76) {
											L63:
											__eflags = _v84 - _v76;
											if(_v84 != _v76) {
												L81:
												__eflags = _v87;
												if(_v87 == 0) {
													L92:
													E00403400( &_v32);
													__eflags = _v86;
													if(_v86 == 0) {
														__eflags =  *(_v8 + 0x4e) & 0x00000001;
														if(__eflags == 0) {
															goto L97;
														} else {
															E00403494( &_v164, _v44);
															E0040357C( &_v164, 0x471cb4);
															_t1034 =  *0x49cd9c; // 0x0
															E0040357C( &_v164, _t1034);
															_t940 = 1;
															__eflags = E0047F3AC(_v164, _t934, 1, 0, _t1065, _t1068, 7, 1, 4) - 6;
															if(__eflags == 0) {
																while(1) {
																	L97:
																	_t934 = E00452AE0(_v9, _v44, __eflags);
																	__eflags = _t934 - 0xffffffff;
																	if(_t934 == 0xffffffff) {
																		break;
																	}
																	__eflags = _t934 & 0x00000001;
																	if((_t934 & 0x00000001) == 0) {
																		break;
																	} else {
																		__eflags =  *(_v8 + 0x4f) & 0x00000004;
																		if(__eflags != 0) {
																			L102:
																			_t1029 =  *0x49cd1c; // 0x0
																			E00403494( &_v32, _t1029);
																			_t940 = _t934 & 0xfffffffe;
																			_t777 = E00452E88(_v9, _t934 & 0xfffffffe, _v44, __eflags);
																			__eflags = _t777;
																			if(_t777 == 0) {
																				E00457D10("Failed to strip read-only attribute.", _t934, _t940, _t1065, _t1068);
																			} else {
																				E00457D10("Stripped read-only attribute.", _t934, _t940, _t1065, _t1068);
																			}
																			__eflags =  *(_v8 + 0x4f) & 0x00000004;
																			if(__eflags != 0) {
																				break;
																			} else {
																				continue;
																			}
																		} else {
																			_t1031 =  *0x49cd88; // 0x0
																			_t784 = E0046E670(_v44, _t934, _t940, _t1031, _t1065, _t1068, __eflags);
																			__eflags = _t784;
																			if(_t784 == 0) {
																				goto L102;
																			} else {
																				E00457D10("User opted not to strip the existing file\'s read-only attribute. Skipping.", _t934, _t940, _t1065, _t1068);
																				goto L133;
																			}
																		}
																	}
																	goto L170;
																}
																L110:
																E00457D10("Installing the file.", _t934, _t940, _t1065, _t1068);
																E00403494( &_v40, _v16);
																__eflags = _v9 -  *0x49d449; // 0x1
																if(__eflags != 0) {
																	_v57 = 0;
																} else {
																	__eflags = _v40;
																	if(_v40 == 0) {
																		_t940 =  &_v164;
																		_t934 =  *_a8;
																		 *((intOrPtr*)( *_a8 + 0xc))();
																		__eflags = _v164;
																		if(__eflags != 0) {
																			_t940 =  &_v208;
																			_t934 =  *_a8;
																			 *((intOrPtr*)( *_a8 + 0xc))();
																			_t661 = E00452DA0(_v9, _v208, __eflags);
																			__eflags = _t661;
																			if(_t661 != 0) {
																				_t940 =  &_v40;
																				_t934 =  *_a8;
																				 *((intOrPtr*)( *_a8 + 0xc))();
																			}
																		}
																	}
																	__eflags = _v40;
																	_v57 = _v40 == 0;
																}
																_t984 =  *0x49cd2c; // 0x0
																E00403494( &_v32, _t984);
																E0042C954(_v44, _t940,  &_v164);
																E004537B0(_v9, _t934, 0x47202c, _v164, _t1065, _t1068,  &_v48);
																_t935 =  *0x472034; // 0x0
																_t598 = _v8;
																__eflags =  *(_t598 + 0x4e) & 0x00000002;
																if(( *(_t598 + 0x4e) & 0x00000002) != 0) {
																	_t935 = _t935 | 0x00000001;
																	__eflags = _t935;
																}
																_t599 = _v8;
																__eflags =  *(_t599 + 0x4e) & 0x00000008;
																if(( *(_t599 + 0x4e) & 0x00000008) != 0) {
																	__eflags = _t935;
																}
																E0042C8A4(_v48, 0x47202c,  &_v164);
																E0046FC2C(_v9, _t935, _t935, _v164, _t1065, _t1068, __eflags, _a16); // executed
																_t607 = E00452F7C(_v9, 1, 0, 2, 0, _v48); // executed
																_v112 = _t607;
																_push(_t1070);
																_push(0x47131e);
																_push( *[fs:eax]);
																 *[fs:eax] = _t1072;
																_v56 = 1;
																_push(_t1070);
																_push(0x471273);
																_push( *[fs:eax]);
																 *[fs:eax] = _t1072;
																_v17 = 1;
																_t990 =  *0x49cd50; // 0x0
																E00403494( &_v32, _t990);
																__eflags = _v40;
																if(_v40 != 0) {
																	_t614 = E00452F7C(_v9, 1, 1, 0, 2, _v40); // executed
																	_v116 = _t614;
																	_push(_t1070);
																	_push(0x471262);
																	_push( *[fs:eax]);
																	 *[fs:eax] = _t1072;
																	_t992 =  *0x49cd24; // 0x0
																	E00403494( &_v32, _t992);
																	__eflags = _v36;
																	if(_v36 == 0) {
																		E0046E8A4(_v116, _a4, _v112);
																	} else {
																		E0046E8A4(_v116, _v36 + 0x14, _v112);
																	}
																	__eflags = 0;
																	_pop(_t994);
																	 *[fs:eax] = _t994;
																	_push(0x471269);
																	return E00402B58(_v116);
																} else {
																	E0046DC38(E0046D480(), _t935, 0x46e664, _v36, _t1065, _t1068); // executed
																	_t997 =  *0x49cd24; // 0x0
																	E00403494( &_v32, _t997);
																	__eflags =  *(_v8 + 0x50) & 0x00000080;
																	E0046DF50(E0046D480(), _t935, _v112, _v36, _t1065, _t1068, (_v8 & 0xffffff00 | __eflags != 0x00000000) ^ 0x00000001, 0x46e664); // executed
																	_pop(_t999);
																	 *[fs:eax] = _t999;
																	SetFileTime( *(_v112 + 4), 0, 0,  &_v100); // executed
																	_t640 = _v8;
																	__eflags =  *((char*)(_t640 + 0x52)) - 1;
																	if( *((char*)(_t640 + 0x52)) == 1) {
																		_v57 = 0;
																		E0047025C(_v112, 0x6e556e49); // executed
																		_v172 =  *((intOrPtr*)(0x49ab10 + ( *(_a16 - 9) & 0x000000ff) * 4));
																		_v168 = 0xb;
																		E00457F1C("Uninstaller requires administrator: %s", _t935, 0,  &_v172, _t1065, _t1068);
																		__eflags =  *0x49d31b & 0x00000002;
																		if(( *0x49d31b & 0x00000002) == 0) {
																			__eflags =  *0x49d145;
																			if(__eflags == 0) {
																				E00470288(_v112, 0,  &_v172, __eflags, _a16);
																			}
																		}
																	}
																	__eflags = 0;
																	_pop(_t1000);
																	 *[fs:eax] = _t1000;
																	_push(0x471325);
																	return E00402B58(_v112);
																}
															} else {
																E00457D10("User opted not to overwrite the existing file. Skipping.", _t934, 1, _t1065, _t1068);
																goto L133;
															}
														}
													} else {
														E00457D10("Existing file is protected by Windows File Protection. Skipping.", _t934, _t940, _t1065, _t1068);
														goto L133;
													}
												} else {
													_t799 = _v8;
													__eflags =  *(_t799 + 0x4e) & 0x00000080;
													if(( *(_t799 + 0x4e) & 0x00000080) == 0) {
														goto L92;
													} else {
														__eflags = _t934;
														if(_t934 == 0) {
															L85:
															E00457D10("Couldn\'t read time stamp. Skipping.", _t934, _t940, _t1065, _t1068);
															goto L133;
														} else {
															__eflags = _v85;
															if(_v85 != 0) {
																_t804 = CompareFileTime( &_v108,  &_v100);
																__eflags = _t804;
																if(_t804 != 0) {
																	_t807 = CompareFileTime( &_v108,  &_v100);
																	__eflags = _t807;
																	if(_t807 <= 0) {
																		goto L92;
																	} else {
																		_t808 = _v8;
																		 *(_t808 + 0x50) & 0x00000004 = (_t808 & 0xffffff00 | ( *(_t808 + 0x50) & 0x00000004) != 0x00000000) ^ 0x00000001 | _v86;
																		if(((_t808 & 0xffffff00 | ( *(_t808 + 0x50) & 0x00000004) != 0x00000000) ^ 0x00000001 | _v86) != 0) {
																			L91:
																			E00457D10("Existing file has a later time stamp. Skipping.", _t934, _t940, _t1065, _t1068);
																			goto L133;
																		} else {
																			E00403494( &_v164, _v44);
																			E0040357C( &_v164, 0x471cb4);
																			_t1038 =  *0x49cd84; // 0x0
																			E0040357C( &_v164, _t1038);
																			_t940 = 2;
																			_t821 = E0047F3AC(_v164, _t934, 2, 0, _t1065, _t1068, 6, 1, 4);
																			__eflags = _t821 - 7;
																			if(_t821 == 7) {
																				goto L92;
																			} else {
																				goto L91;
																			}
																		}
																	}
																} else {
																	E00457D10("Same time stamp. Skipping.", _t934, _t940, _t1065, _t1068);
																	goto L133;
																}
															} else {
																goto L85;
															}
														}
													}
												}
											} else {
												__eflags = _v80 - _v72;
												if(_v80 != _v72) {
													goto L81;
												} else {
													_t860 = _v8;
													__eflags =  *(_t860 + 0x4f) & 0x00000008;
													if(( *(_t860 + 0x4f) & 0x00000008) != 0) {
														goto L81;
													} else {
														_t861 = _v8;
														__eflags =  *(_t861 + 0x50) & 0x00000040;
														if(( *(_t861 + 0x50) & 0x00000040) == 0) {
															_t862 = _v8;
															__eflags =  *(_t862 + 0x4e) & 0x00000080;
															if(( *(_t862 + 0x4e) & 0x00000080) != 0) {
																_v87 = 1;
																goto L81;
															} else {
																E00457D10("Same version. Skipping.", _t934, _t940, _t1065, _t1068);
																goto L133;
															}
														} else {
															_t940 =  &_v160;
															_t866 = E0046E84C(_v9,  &_v160, _v44);
															__eflags = _t866;
															if(_t866 == 0) {
																E00457D10("Failed to read existing file\'s SHA-1 hash. Proceeding.", _t934,  &_v160, _t1065, _t1068);
																goto L81;
															} else {
																__eflags = _v36;
																if(_v36 == 0) {
																	_t1050 =  *0x49cd50; // 0x0
																	E00403494( &_v32, _t1050);
																	_t940 =  &_v140;
																	E00454CE8(_v9, _t934,  &_v140, _v16, _t1068);
																	_t1052 =  *0x49cd4c; // 0x0
																	E00403494( &_v32, _t1052);
																} else {
																	_t1068 = _v36 + 0x24;
																	memcpy( &_v140, _t1068, 5 << 2);
																	_t1072 = _t1072 + 0xc;
																	_t1065 = _t1068 + 0xa;
																	_t940 = 0;
																}
																_t876 = E00431154( &_v160,  &_v140);
																__eflags = _t876;
																if(_t876 == 0) {
																	E00457D10("Existing file\'s SHA-1 hash is different from our file. Proceeding.", _t934, _t940, _t1065, _t1068);
																	goto L81;
																} else {
																	E00457D10("Existing file\'s SHA-1 hash matches our file. Skipping.", _t934, _t940, _t1065, _t1068);
																	goto L133;
																}
															}
														}
													}
												}
											}
										} else {
											__eflags = _v80 - _v72;
											if(_v80 <= _v72) {
												goto L63;
											} else {
												goto L60;
											}
										}
									}
								}
							}
						}
					} else {
						E00457D10("Skipping due to \"onlyifdoesntexist\" flag.", _t934, _t940, _t1065, _t1068);
						L133:
						if(( *(_v8 + 0x4e) & 0x00000010) != 0) {
							L135:
							if(E00452DA0(_v9, _v44, _t1105) != 0) {
								E00403400( &_v32);
								_t740 = _v8;
								_t1107 =  *(_t740 + 0x4e) & 0x00000020;
								if(( *(_t740 + 0x4e) & 0x00000020) == 0) {
									E00457D10("Will register the file (a DLL/OCX) later.", _t934, _t940, _t1065, _t1068);
								} else {
									E00457D10("Will register the file (a type library) later.", _t934, _t940, _t1065, _t1068);
								}
								_t934 = E00403B80(_t1107);
								E00403450(_t934, _t934, _v44, _t1065, _t1068);
								 *((char*)(_t934 + 4)) = _v9;
								 *((char*)(_t934 + 5)) = _v8 & 0xffffff00 | ( *(_v8 + 0x4e) & 0x00000020) != 0x00000000;
								 *((char*)(_t934 + 6)) = _v8 & 0xffffff00 | ( *(_v8 + 0x4f) & 0x00000040) != 0x00000000;
								E0040B1B0( *((intOrPtr*)(_a16 - 0x18)), _t934);
							}
						} else {
							_t757 = _v8;
							_t1105 =  *(_t757 + 0x4e) & 0x00000020;
							if(( *(_t757 + 0x4e) & 0x00000020) != 0) {
								goto L135;
							}
						}
						if(( *(_v8 + 0x4e) & 0x00000040) != 0) {
							E00403400( &_v32);
							_t1112 = _v9;
							if(_v9 == 0) {
								E00457D10("Incrementing shared file count (32-bit).", _t934, _t940, _t1065, _t1068);
								E00454528(_t934, _v54, _v44, _t1065, _t1068, __eflags);
							} else {
								E00457D10("Incrementing shared file count (64-bit).", _t934, _t940, _t1065, _t1068);
								E00454528(_t934, _v54, _v44, _t1065, _t1068, _t1112);
							}
							if(( *(_v8 + 0x4e) & 0x00000002) != 0) {
								__eflags = _v9;
								if(_v9 == 0) {
									_v232 = _v44;
									E0045A204( *((intOrPtr*)(_a16 - 4)), _t934,  &_v232, 0x8a, _t1065, _t1068, 0, 0);
								} else {
									_v232 = _v44;
									E0045A204( *((intOrPtr*)(_a16 - 4)), _t934,  &_v232, 0x8a, _t1065, _t1068, 1, 0);
								}
							} else {
								_v92 = _v92 | 0x00000008;
								if(_v9 != 0) {
									_v92 = _v92 | 0x00000400;
								}
								if(( *(_v8 + 0x51) & 0x00000001) != 0) {
									_v92 = _v92 | 0x00000200;
								}
								_v228 = _v44;
								_v224 = _v48;
								_v220 =  *((intOrPtr*)(_v8 + 8));
								_v216 = _v52;
								_v212 =  *((intOrPtr*)(_v8 + 0xc));
								E0045A204( *((intOrPtr*)(_a16 - 4)), _t934,  &_v228, 0x82, _t1065, _t1068, _v92, 4);
							}
						}
						E00403400( &_v32);
						if(_v48 == 0) {
							_t958 =  *((short*)(_v8 + 0x4c));
							E00470608(_v9,  *((short*)(_v8 + 0x4c)), _v44, _t1065);
						} else {
							_t958 =  *((short*)(_v8 + 0x4c));
							E00470608(_v9,  *((short*)(_v8 + 0x4c)), _v48, _t1065);
						}
						_t936 = _t934 & 0xffffff00 | ( *(_v8 + 0x51) & 0x00000020) != 0x00000000;
						if(_t936 != 0 || ( *(_v8 + 0x51) & 0x00000040) != 0) {
							E00403400( &_v32);
							if(_v48 == 0) {
								_t679 = _v8;
								 *(_t679 + 0x51) & 0x00000020 = ( *(_t679 + 0x51) & 0x00000020) != 0;
								_t958 = _t936;
								E004706F0(_v9, _t936, _v44, _t1065);
							} else {
								_t958 = _t936;
								E004706F0(_v9, _t936, _v48, _t1065);
							}
						}
						if(( *(_v8 + 0x51) & 0x00000080) == 0) {
							_pop(_t1010);
							 *[fs:eax] = _t1010;
							_pop( *[fs:0x0]);
							_push(0x471924);
							__eflags = _v56;
							if(__eflags != 0) {
								return E00452908(_v9, _v48, __eflags);
							}
							return 0;
						} else {
							E00457D10("Installing into GAC", _t936, _t958, _t1065, _t1068);
							_v120 = E00459784(_t936, 0, 1, _t1065, _t1068);
							_push(_t1070);
							_push(0x4718c1);
							_push( *[fs:eax]);
							 *[fs:eax] = _t1072;
							_t1125 = _v48;
							if(_v48 == 0) {
								E004599C8(_v120, _t936, _v44, _t1065, _t1068, __eflags);
							} else {
								E004599C8(_v120, _t936, _v48, _t1065, _t1068, _t1125);
							}
							_pop(_t1014);
							 *[fs:eax] = _t1014;
							_push(0x4718c8);
							return E00402B58(_v120);
						}
					}
				}
				L170:
			}

























































































































                                                    0x004707f8
                                                    0x004707f8
                                                    0x004707f8
                                                    0x004707f9
                                                    0x004707fb
                                                    0x00470801
                                                    0x00470802
                                                    0x00470803
                                                    0x00470806
                                                    0x0047080c
                                                    0x00470812
                                                    0x00470815
                                                    0x00470818
                                                    0x0047081b
                                                    0x0047081e
                                                    0x00470821
                                                    0x00470824
                                                    0x00470827
                                                    0x0047082a
                                                    0x00470830
                                                    0x00470838
                                                    0x0047083f
                                                    0x00470840
                                                    0x00470845
                                                    0x00470848
                                                    0x00470850
                                                    0x00470855
                                                    0x00470859
                                                    0x00470860
                                                    0x00470866
                                                    0x00470879
                                                    0x0047087b
                                                    0x00470868
                                                    0x0047086a
                                                    0x00470874
                                                    0x00470874
                                                    0x00470881
                                                    0x00470889
                                                    0x0047088e
                                                    0x00470892
                                                    0x00470896
                                                    0x0047089c
                                                    0x0047089f
                                                    0x004708a5
                                                    0x004708ab
                                                    0x004708b3
                                                    0x004708ba
                                                    0x004708bb
                                                    0x004708c0
                                                    0x004708c3
                                                    0x004708c8
                                                    0x004708c9
                                                    0x004708ce
                                                    0x004708d1
                                                    0x004708d4
                                                    0x004708da
                                                    0x004708e1
                                                    0x004708e3
                                                    0x004708e3
                                                    0x004708f1
                                                    0x004708f3
                                                    0x004708f3
                                                    0x004708fe
                                                    0x00470900
                                                    0x00470900
                                                    0x0047090b
                                                    0x0047090d
                                                    0x0047090d
                                                    0x0047091b
                                                    0x0047091d
                                                    0x0047091d
                                                    0x0047092b
                                                    0x0047092d
                                                    0x0047092d
                                                    0x00470937
                                                    0x0047093e
                                                    0x0047093f
                                                    0x00470944
                                                    0x00470947
                                                    0x0047094a
                                                    0x00470950
                                                    0x00470952
                                                    0x00470964
                                                    0x00470968
                                                    0x00470980
                                                    0x0047096a
                                                    0x00470973
                                                    0x00470973
                                                    0x00470954
                                                    0x00470957
                                                    0x0047095d
                                                    0x0047095d
                                                    0x0047098e
                                                    0x0047099c
                                                    0x004709a3
                                                    0x004709a6
                                                    0x004709c7
                                                    0x004709cf
                                                    0x004709d5
                                                    0x004709e2
                                                    0x004709e9
                                                    0x004709f1
                                                    0x004709f7
                                                    0x004709fd
                                                    0x00470a10
                                                    0x004709ff
                                                    0x00470a04
                                                    0x00470a04
                                                    0x004709fd
                                                    0x00470a15
                                                    0x00470a20
                                                    0x00470a34
                                                    0x00470a3b
                                                    0x00470a42
                                                    0x00470a4e
                                                    0x00470a4e
                                                    0x00470a4e
                                                    0x00470a4e
                                                    0x00470a3b
                                                    0x00470a58
                                                    0x00470a5d
                                                    0x00470a64
                                                    0x00470a69
                                                    0x00470a6c
                                                    0x00470a6c
                                                    0x00470a74
                                                    0x00470a76
                                                    0x00470a76
                                                    0x00470a7e
                                                    0x00470aae
                                                    0x00470abc
                                                    0x00470a80
                                                    0x00470a87
                                                    0x00470aa1
                                                    0x00470aa1
                                                    0x00470aa5
                                                    0x00470a89
                                                    0x00470a89
                                                    0x00470a8f
                                                    0x00470a95
                                                    0x00470a95
                                                    0x00470aaa
                                                    0x00470aaa
                                                    0x00470ac0
                                                    0x00470afc
                                                    0x00470ac2
                                                    0x00470acb
                                                    0x00470ad6
                                                    0x00470adc
                                                    0x00470ae9
                                                    0x00470af0
                                                    0x00470af0
                                                    0x00470b05
                                                    0x0047103b
                                                    0x0047103e
                                                    0x00471042
                                                    0x00000000
                                                    0x00471044
                                                    0x00471044
                                                    0x00471048
                                                    0x00000000
                                                    0x0047104a
                                                    0x0047104f
                                                    0x00000000
                                                    0x0047104f
                                                    0x00471048
                                                    0x00470b0b
                                                    0x00470b10
                                                    0x00470b1c
                                                    0x00470b30
                                                    0x00470b36
                                                    0x00470b3b
                                                    0x00470b49
                                                    0x00470b4c
                                                    0x00470b50
                                                    0x00470b8c
                                                    0x00470b52
                                                    0x00470b5b
                                                    0x00470b66
                                                    0x00470b6c
                                                    0x00470b79
                                                    0x00470b80
                                                    0x00470b80
                                                    0x00470b91
                                                    0x00470b94
                                                    0x00470b98
                                                    0x00470e60
                                                    0x00000000
                                                    0x00470b9e
                                                    0x00470b9e
                                                    0x00470ba2
                                                    0x00470ba6
                                                    0x00470bd2
                                                    0x00470bdd
                                                    0x00470be8
                                                    0x00470ba8
                                                    0x00470ba8
                                                    0x00470bab
                                                    0x00470bb2
                                                    0x00470bbb
                                                    0x00470bc4
                                                    0x00470bc4
                                                    0x00470beb
                                                    0x00470bef
                                                    0x00470c51
                                                    0x00470bf1
                                                    0x00470bf5
                                                    0x00470bfb
                                                    0x00470c06
                                                    0x00470c0c
                                                    0x00470c17
                                                    0x00470c1d
                                                    0x00470c28
                                                    0x00470c2e
                                                    0x00470c45
                                                    0x00470c45
                                                    0x00470c5f
                                                    0x00470c6a
                                                    0x00470c70
                                                    0x00470c75
                                                    0x00470c77
                                                    0x00470e4f
                                                    0x00470e54
                                                    0x00470e58
                                                    0x00470e5a
                                                    0x00470e5a
                                                    0x00000000
                                                    0x00470c7d
                                                    0x00470c81
                                                    0x00470c87
                                                    0x00470c92
                                                    0x00470c98
                                                    0x00470ca3
                                                    0x00470ca9
                                                    0x00470cb4
                                                    0x00470cba
                                                    0x00470cc7
                                                    0x00470cd1
                                                    0x00470cd6
                                                    0x00470cda
                                                    0x00470cf4
                                                    0x00470cf4
                                                    0x00470d00
                                                    0x00470d03
                                                    0x00470d52
                                                    0x00470d57
                                                    0x00000000
                                                    0x00470d05
                                                    0x00470d14
                                                    0x00470d24
                                                    0x00470d2f
                                                    0x00470d35
                                                    0x00470d40
                                                    0x00470d44
                                                    0x00470d49
                                                    0x00470d4c
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00470d4c
                                                    0x00470cdc
                                                    0x00470cdf
                                                    0x00470ce2
                                                    0x00000000
                                                    0x00470ce4
                                                    0x00470ce7
                                                    0x00470cea
                                                    0x00470d61
                                                    0x00470d64
                                                    0x00470d67
                                                    0x00470e64
                                                    0x00470e64
                                                    0x00470e68
                                                    0x00470f2e
                                                    0x00470f31
                                                    0x00470f36
                                                    0x00470f3a
                                                    0x00470f4e
                                                    0x00470f52
                                                    0x00000000
                                                    0x00470f54
                                                    0x00470f63
                                                    0x00470f73
                                                    0x00470f7e
                                                    0x00470f84
                                                    0x00470f8f
                                                    0x00470f98
                                                    0x00470f9b
                                                    0x00470fac
                                                    0x00470fac
                                                    0x00470fb7
                                                    0x00470fb9
                                                    0x00470fbc
                                                    0x00000000
                                                    0x00000000
                                                    0x00470fc2
                                                    0x00470fc5
                                                    0x00000000
                                                    0x00470fcb
                                                    0x00470fce
                                                    0x00470fd2
                                                    0x00470ff5
                                                    0x00470ff8
                                                    0x00470ffe
                                                    0x00471005
                                                    0x0047100e
                                                    0x00471013
                                                    0x00471015
                                                    0x00471028
                                                    0x00471017
                                                    0x0047101c
                                                    0x0047101c
                                                    0x00471030
                                                    0x00471034
                                                    0x00000000
                                                    0x00471036
                                                    0x00000000
                                                    0x00471036
                                                    0x00470fd4
                                                    0x00470fd4
                                                    0x00470fdd
                                                    0x00470fe2
                                                    0x00470fe4
                                                    0x00000000
                                                    0x00470fe6
                                                    0x00470feb
                                                    0x00000000
                                                    0x00470feb
                                                    0x00470fe4
                                                    0x00470fd2
                                                    0x00000000
                                                    0x00470fc5
                                                    0x00471059
                                                    0x0047105e
                                                    0x00471069
                                                    0x00471071
                                                    0x00471077
                                                    0x004710dd
                                                    0x00471079
                                                    0x00471079
                                                    0x0047107d
                                                    0x0047107f
                                                    0x0047108e
                                                    0x00471090
                                                    0x00471093
                                                    0x0047109a
                                                    0x0047109c
                                                    0x004710ab
                                                    0x004710ad
                                                    0x004710b9
                                                    0x004710be
                                                    0x004710c0
                                                    0x004710c2
                                                    0x004710ce
                                                    0x004710d0
                                                    0x004710d0
                                                    0x004710c0
                                                    0x0047109a
                                                    0x004710d3
                                                    0x004710d7
                                                    0x004710d7
                                                    0x004710e4
                                                    0x004710ea
                                                    0x004710fc
                                                    0x0047110f
                                                    0x00471114
                                                    0x0047111a
                                                    0x0047111d
                                                    0x00471121
                                                    0x00471123
                                                    0x00471123
                                                    0x00471123
                                                    0x00471126
                                                    0x00471129
                                                    0x0047112d
                                                    0x0047112f
                                                    0x0047112f
                                                    0x0047113f
                                                    0x0047114f
                                                    0x00471169
                                                    0x0047116e
                                                    0x00471173
                                                    0x00471174
                                                    0x00471179
                                                    0x0047117c
                                                    0x0047117f
                                                    0x00471185
                                                    0x00471186
                                                    0x0047118b
                                                    0x0047118e
                                                    0x00471191
                                                    0x00471198
                                                    0x0047119e
                                                    0x004711a3
                                                    0x004711a7
                                                    0x00471201
                                                    0x00471206
                                                    0x0047120b
                                                    0x0047120c
                                                    0x00471211
                                                    0x00471214
                                                    0x0047121a
                                                    0x00471220
                                                    0x00471225
                                                    0x00471229
                                                    0x00471247
                                                    0x0047122b
                                                    0x00471237
                                                    0x00471237
                                                    0x0047124c
                                                    0x0047124e
                                                    0x00471251
                                                    0x00471254
                                                    0x00471261
                                                    0x004711a9
                                                    0x004711b6
                                                    0x004711be
                                                    0x004711c4
                                                    0x004711d1
                                                    0x004711e6
                                                    0x0047126b
                                                    0x0047126e
                                                    0x0047129d
                                                    0x004712a2
                                                    0x004712a5
                                                    0x004712a9
                                                    0x004712ab
                                                    0x004712b7
                                                    0x004712ca
                                                    0x004712d0
                                                    0x004712e4
                                                    0x004712e9
                                                    0x004712f0
                                                    0x004712f2
                                                    0x004712f9
                                                    0x00471302
                                                    0x00471307
                                                    0x004712f9
                                                    0x004712f0
                                                    0x00471308
                                                    0x0047130a
                                                    0x0047130d
                                                    0x00471310
                                                    0x0047131d
                                                    0x0047131d
                                                    0x00470f9d
                                                    0x00470fa2
                                                    0x00000000
                                                    0x00470fa2
                                                    0x00470f9b
                                                    0x00470f3c
                                                    0x00470f41
                                                    0x00000000
                                                    0x00470f41
                                                    0x00470e6e
                                                    0x00470e6e
                                                    0x00470e71
                                                    0x00470e75
                                                    0x00000000
                                                    0x00470e7b
                                                    0x00470e7b
                                                    0x00470e7d
                                                    0x00470e85
                                                    0x00470e8a
                                                    0x00000000
                                                    0x00470e7f
                                                    0x00470e7f
                                                    0x00470e83
                                                    0x00470e9c
                                                    0x00470ea1
                                                    0x00470ea3
                                                    0x00470ebc
                                                    0x00470ec1
                                                    0x00470ec3
                                                    0x00000000
                                                    0x00470ec5
                                                    0x00470ec5
                                                    0x00470ed1
                                                    0x00470ed4
                                                    0x00470f1f
                                                    0x00470f24
                                                    0x00000000
                                                    0x00470ed6
                                                    0x00470ee5
                                                    0x00470ef5
                                                    0x00470f00
                                                    0x00470f06
                                                    0x00470f11
                                                    0x00470f15
                                                    0x00470f1a
                                                    0x00470f1d
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00470f1d
                                                    0x00470ed4
                                                    0x00470ea5
                                                    0x00470eaa
                                                    0x00000000
                                                    0x00470eaa
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00470e83
                                                    0x00470e7d
                                                    0x00470e75
                                                    0x00470d6d
                                                    0x00470d70
                                                    0x00470d73
                                                    0x00000000
                                                    0x00470d79
                                                    0x00470d79
                                                    0x00470d7c
                                                    0x00470d80
                                                    0x00000000
                                                    0x00470d86
                                                    0x00470d86
                                                    0x00470d89
                                                    0x00470d8d
                                                    0x00470e2c
                                                    0x00470e2f
                                                    0x00470e33
                                                    0x00470e44
                                                    0x00000000
                                                    0x00470e35
                                                    0x00470e3a
                                                    0x00000000
                                                    0x00470e3a
                                                    0x00470d93
                                                    0x00470d93
                                                    0x00470d9f
                                                    0x00470da4
                                                    0x00470da6
                                                    0x00470e25
                                                    0x00000000
                                                    0x00470da8
                                                    0x00470da8
                                                    0x00470dac
                                                    0x00470dc6
                                                    0x00470dcc
                                                    0x00470dd1
                                                    0x00470ddd
                                                    0x00470de5
                                                    0x00470deb
                                                    0x00470dae
                                                    0x00470db1
                                                    0x00470dbf
                                                    0x00470dbf
                                                    0x00470dbf
                                                    0x00470dbf
                                                    0x00470dbf
                                                    0x00470dfc
                                                    0x00470e01
                                                    0x00470e03
                                                    0x00470e19
                                                    0x00000000
                                                    0x00470e05
                                                    0x00470e0a
                                                    0x00000000
                                                    0x00470e0a
                                                    0x00470e03
                                                    0x00470da6
                                                    0x00470d8d
                                                    0x00470d80
                                                    0x00470d73
                                                    0x00470cec
                                                    0x00470cef
                                                    0x00470cf2
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00470cf2
                                                    0x00470cea
                                                    0x00470ce2
                                                    0x00470cda
                                                    0x00470c77
                                                    0x00470b1e
                                                    0x00470b23
                                                    0x00471631
                                                    0x00471638
                                                    0x00471643
                                                    0x00471650
                                                    0x00471655
                                                    0x0047165a
                                                    0x0047165d
                                                    0x00471661
                                                    0x00471674
                                                    0x00471663
                                                    0x00471668
                                                    0x00471668
                                                    0x00471688
                                                    0x0047168f
                                                    0x00471697
                                                    0x004716a4
                                                    0x004716b1
                                                    0x004716bc
                                                    0x004716bc
                                                    0x0047163a
                                                    0x0047163a
                                                    0x0047163d
                                                    0x00471641
                                                    0x00000000
                                                    0x00000000
                                                    0x00471641
                                                    0x004716c8
                                                    0x004716d1
                                                    0x004716d6
                                                    0x004716da
                                                    0x004716fa
                                                    0x00471707
                                                    0x004716dc
                                                    0x004716e1
                                                    0x004716ee
                                                    0x004716ee
                                                    0x00471713
                                                    0x00471786
                                                    0x0047178a
                                                    0x004717b7
                                                    0x004717cd
                                                    0x0047178c
                                                    0x00471793
                                                    0x004717a9
                                                    0x004717a9
                                                    0x00471715
                                                    0x00471715
                                                    0x0047171d
                                                    0x0047171f
                                                    0x0047171f
                                                    0x0047172d
                                                    0x0047172f
                                                    0x0047172f
                                                    0x0047173f
                                                    0x00471748
                                                    0x00471754
                                                    0x0047175d
                                                    0x00471769
                                                    0x0047177f
                                                    0x0047177f
                                                    0x00471713
                                                    0x004717d5
                                                    0x004717de
                                                    0x004717f7
                                                    0x00471801
                                                    0x004717e0
                                                    0x004717e3
                                                    0x004717ed
                                                    0x004717ed
                                                    0x0047180d
                                                    0x00471812
                                                    0x00471820
                                                    0x00471829
                                                    0x00471844
                                                    0x0047184b
                                                    0x0047184e
                                                    0x00471856
                                                    0x0047182b
                                                    0x00471835
                                                    0x0047183d
                                                    0x0047183d
                                                    0x00471829
                                                    0x00471862
                                                    0x004718ca
                                                    0x004718cd
                                                    0x004718fc
                                                    0x00471906
                                                    0x0047190b
                                                    0x0047190f
                                                    0x00000000
                                                    0x00471917
                                                    0x0047191c
                                                    0x00471864
                                                    0x00471869
                                                    0x0047187c
                                                    0x00471881
                                                    0x00471882
                                                    0x00471887
                                                    0x0047188a
                                                    0x0047188d
                                                    0x00471891
                                                    0x004718a6
                                                    0x00471893
                                                    0x00471899
                                                    0x00471899
                                                    0x004718ad
                                                    0x004718b0
                                                    0x004718b3
                                                    0x004718c0
                                                    0x004718c0
                                                    0x00471862
                                                    0x00470b1c
                                                    0x00000000

                                                    Strings
                                                    • Non-default bitness: 32-bit, xrefs: 00470A0B
                                                    • Dest filename: %s, xrefs: 004709E4
                                                    • Existing file's SHA-1 hash matches our file. Skipping., xrefs: 00470E05
                                                    • Time stamp of existing file: (failed to read), xrefs: 00470B87
                                                    • Failed to strip read-only attribute., xrefs: 00471023
                                                    • Existing file has a later time stamp. Skipping., xrefs: 00470F1F
                                                    • Existing file's SHA-1 hash is different from our file. Proceeding., xrefs: 00470E14
                                                    • Same time stamp. Skipping., xrefs: 00470EA5
                                                    • Uninstaller requires administrator: %s, xrefs: 004712DF
                                                    • Installing into GAC, xrefs: 00471864
                                                    • Failed to read existing file's SHA-1 hash. Proceeding., xrefs: 00470E20
                                                    • InUn, xrefs: 004712AF
                                                    • , xrefs: 00470D1F, 00470EF0, 00470F6E
                                                    • Version of our file: (none), xrefs: 00470C4C
                                                    • Incrementing shared file count (32-bit)., xrefs: 004716F5
                                                    • Dest file is protected by Windows File Protection., xrefs: 00470A3D
                                                    • Couldn't read time stamp. Skipping., xrefs: 00470E85
                                                    • Existing file is protected by Windows File Protection. Skipping., xrefs: 00470F3C
                                                    • @, xrefs: 00470900
                                                    • -- File entry --, xrefs: 0047084B
                                                    • Stripped read-only attribute., xrefs: 00471017
                                                    • Version of existing file: (none), xrefs: 00470E4A
                                                    • User opted not to overwrite the existing file. Skipping., xrefs: 00470F9D
                                                    • .tmp, xrefs: 00471107
                                                    • Time stamp of our file: (failed to read), xrefs: 00470AF7
                                                    • User opted not to strip the existing file's read-only attribute. Skipping., xrefs: 00470FE6
                                                    • Version of our file: %u.%u.%u.%u, xrefs: 00470C40
                                                    • Skipping due to "onlyifdoesntexist" flag., xrefs: 00470B1E
                                                    • Time stamp of existing file: %s, xrefs: 00470B7B
                                                    • Time stamp of our file: %s, xrefs: 00470AEB
                                                    • Installing the file., xrefs: 00471059
                                                    • Skipping due to "onlyifdestfileexists" flag., xrefs: 0047104A
                                                    • Version of existing file: %u.%u.%u.%u, xrefs: 00470CCC
                                                    • Will register the file (a type library) later., xrefs: 00471663
                                                    • Incrementing shared file count (64-bit)., xrefs: 004716DC
                                                    • Dest file exists., xrefs: 00470B0B
                                                    • Will register the file (a DLL/OCX) later., xrefs: 0047166F
                                                    • Same version. Skipping., xrefs: 00470E35
                                                    • Non-default bitness: 64-bit, xrefs: 004709FF
                                                    • Existing file is a newer version. Skipping., xrefs: 00470D52
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: $-- File entry --$.tmp$@$Couldn't read time stamp. Skipping.$Dest file exists.$Dest file is protected by Windows File Protection.$Dest filename: %s$Existing file has a later time stamp. Skipping.$Existing file is a newer version. Skipping.$Existing file is protected by Windows File Protection. Skipping.$Existing file's SHA-1 hash is different from our file. Proceeding.$Existing file's SHA-1 hash matches our file. Skipping.$Failed to read existing file's SHA-1 hash. Proceeding.$Failed to strip read-only attribute.$InUn$Incrementing shared file count (32-bit).$Incrementing shared file count (64-bit).$Installing into GAC$Installing the file.$Non-default bitness: 32-bit$Non-default bitness: 64-bit$Same time stamp. Skipping.$Same version. Skipping.$Skipping due to "onlyifdestfileexists" flag.$Skipping due to "onlyifdoesntexist" flag.$Stripped read-only attribute.$Time stamp of existing file: %s$Time stamp of existing file: (failed to read)$Time stamp of our file: %s$Time stamp of our file: (failed to read)$Uninstaller requires administrator: %s$User opted not to overwrite the existing file. Skipping.$User opted not to strip the existing file's read-only attribute. Skipping.$Version of existing file: %u.%u.%u.%u$Version of existing file: (none)$Version of our file: %u.%u.%u.%u$Version of our file: (none)$Will register the file (a DLL/OCX) later.$Will register the file (a type library) later.
                                                    • API String ID: 0-4021121268
                                                    • Opcode ID: 09da39d01a5bcfa2aea48fd341c333b01dc5fddf008c0fe2544f021cdd8b0d25
                                                    • Instruction ID: 896a15ddbf27d1a249387bd85057796ee418df23ad279cb6fbf18f0d63f9c71b
                                                    • Opcode Fuzzy Hash: 09da39d01a5bcfa2aea48fd341c333b01dc5fddf008c0fe2544f021cdd8b0d25
                                                    • Instruction Fuzzy Hash: 69927474A04288DFDB11DFA9C445BDDBBB5AF05304F1480ABE848BB392D7789E49CB19
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0042E09C, Relevance: 31.7, APIs: 16, Strings: 2, Instructions: 178memorylibraryloaderCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 2292 42e09c-42e0ad 2293 42e0b8-42e0dd AllocateAndInitializeSid 2292->2293 2294 42e0af-42e0b3 2292->2294 2295 42e287-42e28f 2293->2295 2296 42e0e3-42e100 GetVersion 2293->2296 2294->2295 2297 42e102-42e117 GetModuleHandleA GetProcAddress 2296->2297 2298 42e119-42e11b 2296->2298 2297->2298 2299 42e142-42e15c GetCurrentThread OpenThreadToken 2298->2299 2300 42e11d-42e12b CheckTokenMembership 2298->2300 2303 42e193-42e1bb GetTokenInformation 2299->2303 2304 42e15e-42e168 GetLastError 2299->2304 2301 42e131-42e13d 2300->2301 2302 42e269-42e27f FreeSid 2300->2302 2301->2302 2305 42e1d6-42e1fa call 402648 GetTokenInformation 2303->2305 2306 42e1bd-42e1c5 GetLastError 2303->2306 2307 42e174-42e187 GetCurrentProcess OpenProcessToken 2304->2307 2308 42e16a-42e16f call 4031bc 2304->2308 2319 42e208-42e210 2305->2319 2320 42e1fc-42e206 call 4031bc * 2 2305->2320 2306->2305 2309 42e1c7-42e1d1 call 4031bc * 2 2306->2309 2307->2303 2312 42e189-42e18e call 4031bc 2307->2312 2308->2295 2309->2295 2312->2295 2321 42e212-42e213 2319->2321 2322 42e243-42e261 call 402660 CloseHandle 2319->2322 2320->2295 2325 42e215-42e228 EqualSid 2321->2325 2329 42e22a-42e237 2325->2329 2330 42e23f-42e241 2325->2330 2329->2330 2333 42e239-42e23d 2329->2333 2330->2322 2330->2325 2333->2322
                                                    C-Code - Quality: 43%
                                                    			E0042E09C(long __eax, void* __edi) {
				char _v5;
				void* _v12;
				signed int _v16;
				void* _v20;
				long _v24;
				void* _v28;
				void* _t84;
				intOrPtr* _t96;
				signed int _t97;
				intOrPtr _t102;
				intOrPtr _t103;
				void* _t108;
				void* _t109;
				void* _t111;
				void* _t113;
				intOrPtr _t114;

				_t111 = _t113;
				_t114 = _t113 + 0xffffffe8;
				if( *0x49a0dc == 2) {
					_v5 = 0;
					if(AllocateAndInitializeSid(0x49a788, 2, 0x20, __eax, 0, 0, 0, 0, 0, 0,  &_v12) == 0) {
						goto L26;
					} else {
						_push(_t111);
						_push(0x42e280);
						_push( *[fs:eax]);
						 *[fs:eax] = _t114;
						_t96 = 0;
						if((GetVersion() & 0x000000ff) >= 5) {
							_t96 = GetProcAddress(GetModuleHandleA("advapi32.dll"), "CheckTokenMembership");
						}
						if(_t96 == 0) {
							_v28 = 0;
							if(OpenThreadToken(GetCurrentThread(), 8, 1,  &_v20) != 0) {
								L13:
								_push(_t111);
								_push(0x42e262);
								_push( *[fs:eax]);
								 *[fs:eax] = _t114;
								_v24 = 0;
								if(GetTokenInformation(_v20, 2, 0, 0,  &_v24) != 0 || GetLastError() == 0x7a) {
									_v28 = E00402648(_v24);
									if(GetTokenInformation(_v20, 2, _v28, _v24,  &_v24) != 0) {
										_t108 =  *_v28 - 1;
										if(_t108 >= 0) {
											_t109 = _t108 + 1;
											_t97 = 0;
											while(EqualSid(_v12,  *(_v28 + 4 + _t97 * 8)) == 0 || ( *(_v28 + 8 + _t97 * 8) & 0x00000014) != 4) {
												_t97 = _t97 + 1;
												_t109 = _t109 - 1;
												if(_t109 != 0) {
													continue;
												}
												goto L24;
											}
											_v5 = 1;
										}
										L24:
										_pop(_t102);
										 *[fs:eax] = _t102;
										_push(E0042E269);
										E00402660(_v28);
										return CloseHandle(_v20);
									} else {
										E004031BC();
										E004031BC();
										goto L26;
									}
								} else {
									E004031BC();
									E004031BC();
									goto L26;
								}
							} else {
								if(GetLastError() == 0x3f0) {
									if(OpenProcessToken(GetCurrentProcess(), 8,  &_v20) != 0) {
										goto L13;
									} else {
										E004031BC();
										goto L26;
									}
								} else {
									E004031BC();
									goto L26;
								}
							}
						} else {
							_t84 =  *_t96(0, _v12,  &_v16); // executed
							if(_t84 != 0) {
								asm("sbb eax, eax");
								_v5 =  ~( ~_v16);
							}
							_pop(_t103);
							 *[fs:eax] = _t103;
							_push(E0042E287);
							return FreeSid(_v12);
						}
					}
				} else {
					_v5 = 1;
					L26:
					return _v5;
				}
			}



















                                                    0x0042e09d
                                                    0x0042e09f
                                                    0x0042e0ad
                                                    0x0042e0b8
                                                    0x0042e0dd
                                                    0x00000000
                                                    0x0042e0e3
                                                    0x0042e0e5
                                                    0x0042e0e6
                                                    0x0042e0eb
                                                    0x0042e0ee
                                                    0x0042e0f1
                                                    0x0042e100
                                                    0x0042e117
                                                    0x0042e117
                                                    0x0042e11b
                                                    0x0042e144
                                                    0x0042e15c
                                                    0x0042e193
                                                    0x0042e195
                                                    0x0042e196
                                                    0x0042e19b
                                                    0x0042e19e
                                                    0x0042e1a3
                                                    0x0042e1bb
                                                    0x0042e1de
                                                    0x0042e1fa
                                                    0x0042e20d
                                                    0x0042e210
                                                    0x0042e212
                                                    0x0042e213
                                                    0x0042e215
                                                    0x0042e23f
                                                    0x0042e240
                                                    0x0042e241
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x0042e241
                                                    0x0042e239
                                                    0x0042e239
                                                    0x0042e243
                                                    0x0042e245
                                                    0x0042e248
                                                    0x0042e24b
                                                    0x0042e253
                                                    0x0042e261
                                                    0x0042e1fc
                                                    0x0042e1fc
                                                    0x0042e201
                                                    0x00000000
                                                    0x0042e201
                                                    0x0042e1c7
                                                    0x0042e1c7
                                                    0x0042e1cc
                                                    0x00000000
                                                    0x0042e1cc
                                                    0x0042e15e
                                                    0x0042e168
                                                    0x0042e187
                                                    0x00000000
                                                    0x0042e189
                                                    0x0042e189
                                                    0x00000000
                                                    0x0042e189
                                                    0x0042e16a
                                                    0x0042e16a
                                                    0x00000000
                                                    0x0042e16a
                                                    0x0042e168
                                                    0x0042e11d
                                                    0x0042e127
                                                    0x0042e12b
                                                    0x0042e136
                                                    0x0042e13a
                                                    0x0042e13a
                                                    0x0042e26b
                                                    0x0042e26e
                                                    0x0042e271
                                                    0x0042e27f
                                                    0x0042e27f
                                                    0x0042e11b
                                                    0x0042e0af
                                                    0x0042e0af
                                                    0x0042e287
                                                    0x0042e28f
                                                    0x0042e28f

                                                    APIs
                                                    • AllocateAndInitializeSid.ADVAPI32(0049A788,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0042E0D6
                                                    • GetVersion.KERNEL32(00000000,0042E280,?,0049A788,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0042E0F3
                                                    • GetModuleHandleA.KERNEL32(advapi32.dll,CheckTokenMembership,00000000,0042E280,?,0049A788,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0042E10C
                                                    • GetProcAddress.KERNEL32(00000000,advapi32.dll), ref: 0042E112
                                                    • CheckTokenMembership.KERNELBASE(00000000,00000000,?,00000000,0042E280,?,0049A788,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0042E127
                                                    • FreeSid.ADVAPI32(00000000,0042E287,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0042E27A
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: AddressAllocateCheckFreeHandleInitializeMembershipModuleProcTokenVersion
                                                    • String ID: CheckTokenMembership$advapi32.dll
                                                    • API String ID: 2252812187-1888249752
                                                    • Opcode ID: 5c42cad4db9fcf560242ee1d3aac7abe20a5a02ada4557c04a2e6c427a8242cf
                                                    • Instruction ID: 64a79065b1545f75a7207ff20d2b94ee55f2d53c9019bd1fb0cbf6b1d5428672
                                                    • Opcode Fuzzy Hash: 5c42cad4db9fcf560242ee1d3aac7abe20a5a02ada4557c04a2e6c427a8242cf
                                                    • Instruction Fuzzy Hash: 71519171B44215EEDB10EAE69842BBF77ACEB09704F9404BBB901F7281D57C99018A7A
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004502C0, Relevance: 26.3, APIs: 8, Strings: 7, Instructions: 45libraryloaderCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 2464 4502c0-4502cd 2465 4502d3-4502e0 GetVersion 2464->2465 2466 45037c-450386 2464->2466 2465->2466 2467 4502e6-4502fc LoadLibraryA 2465->2467 2467->2466 2468 4502fe-450377 GetProcAddress * 6 2467->2468 2468->2466
                                                    C-Code - Quality: 100%
                                                    			E004502C0() {
				signed int _t3;
				struct HINSTANCE__* _t6;
				struct HINSTANCE__* _t8;
				struct HINSTANCE__* _t10;
				struct HINSTANCE__* _t12;
				struct HINSTANCE__* _t14;
				struct HINSTANCE__* _t16;

				 *0x49c848 =  *0x49c848 + 1;
				if( *0x49c844 == 0) {
					_t3 = GetVersion() & 0x000000ff;
					if(_t3 >= 6) {
						_t3 = LoadLibraryA("Rstrtmgr.dll"); // executed
						 *0x49c844 = _t3;
						if( *0x49c844 != 0) {
							_t6 =  *0x49c844; // 0x0
							 *0x49c82c = GetProcAddress(_t6, "RmStartSession");
							_t8 =  *0x49c844; // 0x0
							 *0x49c830 = GetProcAddress(_t8, "RmRegisterResources");
							_t10 =  *0x49c844; // 0x0
							 *0x49c834 = GetProcAddress(_t10, "RmGetList");
							_t12 =  *0x49c844; // 0x0
							 *0x49c838 = GetProcAddress(_t12, "RmShutdown");
							_t14 =  *0x49c844; // 0x0
							 *0x49c83c = GetProcAddress(_t14, "RmRestart");
							_t16 =  *0x49c844; // 0x0
							_t3 = GetProcAddress(_t16, "RmEndSession");
							 *0x49c840 = _t3;
						}
					}
				}
				return _t3 & 0xffffff00 |  *0x49c844 != 0x00000000;
			}










                                                    0x004502c0
                                                    0x004502cd
                                                    0x004502d8
                                                    0x004502e0
                                                    0x004502eb
                                                    0x004502f0
                                                    0x004502fc
                                                    0x00450303
                                                    0x0045030e
                                                    0x00450318
                                                    0x00450323
                                                    0x0045032d
                                                    0x00450338
                                                    0x00450342
                                                    0x0045034d
                                                    0x00450357
                                                    0x00450362
                                                    0x0045036c
                                                    0x00450372
                                                    0x00450377
                                                    0x00450377
                                                    0x004502fc
                                                    0x004502e0
                                                    0x00450386

                                                    APIs
                                                    • GetVersion.KERNEL32(00480F2E), ref: 004502D3
                                                    • LoadLibraryA.KERNEL32(Rstrtmgr.dll,00480F2E), ref: 004502EB
                                                    • GetProcAddress.KERNEL32(00000000,RmStartSession), ref: 00450309
                                                    • GetProcAddress.KERNEL32(00000000,RmRegisterResources), ref: 0045031E
                                                    • GetProcAddress.KERNEL32(00000000,RmGetList), ref: 00450333
                                                    • GetProcAddress.KERNEL32(00000000,RmShutdown), ref: 00450348
                                                    • GetProcAddress.KERNEL32(00000000,RmRestart), ref: 0045035D
                                                    • GetProcAddress.KERNEL32(00000000,RmEndSession), ref: 00450372
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: AddressProc$LibraryLoadVersion
                                                    • String ID: RmEndSession$RmGetList$RmRegisterResources$RmRestart$RmShutdown$RmStartSession$Rstrtmgr.dll
                                                    • API String ID: 1968650500-3419246398
                                                    • Opcode ID: 413c4f206b8045e2f4d33f3b3dfad1f18beba421f79b3f8cceefebc0ffa4a89b
                                                    • Instruction ID: e280ef568135b6a824961c3f6584c22665c71b08aeefec24c29af858ffc0af06
                                                    • Opcode Fuzzy Hash: 413c4f206b8045e2f4d33f3b3dfad1f18beba421f79b3f8cceefebc0ffa4a89b
                                                    • Instruction Fuzzy Hash: 02111BB4510301DBD710FB69EDC5A2E36E4E764317B04163BBC04961A2C37C4844CF6C
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00423C0C, Relevance: 21.4, APIs: 14, Instructions: 395COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 2754 423c0c-423c40 2755 423c42-423c43 2754->2755 2756 423c74-423c8b call 423b68 2754->2756 2757 423c45-423c61 call 40b24c 2755->2757 2762 423cec-423cf1 2756->2762 2763 423c8d 2756->2763 2785 423c63-423c6b 2757->2785 2786 423c70-423c72 2757->2786 2764 423cf3 2762->2764 2765 423d27-423d2c 2762->2765 2766 423c93-423c96 2763->2766 2767 423d50-423d60 2763->2767 2773 423fb1-423fb9 2764->2773 2774 423cf9-423d01 2764->2774 2768 423d32-423d35 2765->2768 2769 42409a-4240a8 IsIconic 2765->2769 2775 423cc5-423cc8 2766->2775 2776 423c98 2766->2776 2771 423d62-423d67 2767->2771 2772 423d6b-423d73 call 424194 2767->2772 2779 4240d6-4240eb call 424850 2768->2779 2780 423d3b-423d3c 2768->2780 2781 424152-42415a 2769->2781 2790 4240ae-4240b9 GetFocus 2769->2790 2787 423d78-423d80 call 4241dc 2771->2787 2788 423d69-423d8c call 423b84 2771->2788 2772->2781 2773->2781 2782 423fbf-423fca call 4181e0 2773->2782 2791 423f13-423f3a SendMessageA 2774->2791 2792 423d07-423d0c 2774->2792 2783 423da9-423db0 2775->2783 2784 423cce-423ccf 2775->2784 2777 423df6-423e06 call 423b84 2776->2777 2778 423c9e-423ca1 2776->2778 2777->2781 2801 423ca7-423caa 2778->2801 2802 423e1e-423e34 PostMessageA call 423b84 2778->2802 2779->2781 2795 423d42-423d45 2780->2795 2796 4240ed-4240f4 2780->2796 2794 424171-424177 2781->2794 2782->2781 2844 423fd0-423fdf call 4181e0 IsWindowEnabled 2782->2844 2783->2781 2805 423db6-423dbd 2783->2805 2806 423cd5-423cd8 2784->2806 2807 423f3f-423f46 2784->2807 2785->2794 2786->2756 2786->2757 2787->2781 2788->2781 2790->2781 2800 4240bf-4240c8 call 41eff4 2790->2800 2791->2781 2808 423d12-423d13 2792->2808 2809 42404a-424055 2792->2809 2811 424120-424127 2795->2811 2812 423d4b 2795->2812 2822 4240f6-424109 call 4244d4 2796->2822 2823 42410b-42411e call 42452c 2796->2823 2800->2781 2856 4240ce-4240d4 SetFocus 2800->2856 2819 423cb0-423cb3 2801->2819 2820 423ea5-423eac 2801->2820 2834 423e39-423e3a 2802->2834 2805->2781 2825 423dc3-423dc9 2805->2825 2826 423cde-423ce1 2806->2826 2827 423e3f-423e5f call 423b84 2806->2827 2807->2781 2815 423f4c-423f51 call 404e54 2807->2815 2828 424072-42407d 2808->2828 2829 423d19-423d1c 2808->2829 2809->2781 2813 42405b-42406d 2809->2813 2848 42413a-424149 2811->2848 2849 424129-424138 2811->2849 2832 42414b-42414c call 423b84 2812->2832 2813->2781 2815->2781 2839 423cb9-423cba 2819->2839 2840 423dce-423ddc IsIconic 2819->2840 2841 423eae-423ec1 call 423b14 2820->2841 2842 423edf-423ef0 call 423b84 2820->2842 2822->2781 2823->2781 2825->2781 2845 423ce7 2826->2845 2846 423e0b-423e19 call 424178 2826->2846 2873 423e83-423ea0 call 423a84 PostMessageA 2827->2873 2874 423e61-423e7e call 423b14 PostMessageA 2827->2874 2828->2781 2833 424083-424095 2828->2833 2830 423d22 2829->2830 2831 423f56-423f5e 2829->2831 2830->2832 2831->2781 2854 423f64-423f6b 2831->2854 2869 424151 2832->2869 2833->2781 2834->2781 2857 423cc0 2839->2857 2858 423d91-423d99 2839->2858 2864 423dea-423df1 call 423b84 2840->2864 2865 423dde-423de5 call 423bc0 2840->2865 2886 423ed3-423eda call 423b84 2841->2886 2887 423ec3-423ecd call 41ef58 2841->2887 2880 423ef2-423ef8 call 41eea4 2842->2880 2881 423f06-423f0e call 423a84 2842->2881 2844->2781 2888 423fe5-423ff4 call 4181e0 IsWindowVisible 2844->2888 2845->2832 2846->2781 2848->2781 2849->2781 2854->2781 2872 423f71-423f80 call 4181e0 IsWindowEnabled 2854->2872 2856->2781 2857->2832 2858->2781 2875 423d9f-423da4 call 422c4c 2858->2875 2864->2781 2865->2781 2869->2781 2872->2781 2901 423f86-423f9c call 412310 2872->2901 2873->2781 2874->2781 2875->2781 2899 423efd-423f00 2880->2899 2881->2781 2886->2781 2887->2886 2888->2781 2906 423ffa-424045 GetFocus call 4181e0 SetFocus call 415240 SetFocus 2888->2906 2899->2881 2901->2781 2910 423fa2-423fac 2901->2910 2906->2781 2910->2781
                                                    C-Code - Quality: 89%
                                                    			E00423C0C(intOrPtr __eax, intOrPtr* __edx) {
				intOrPtr _v8;
				intOrPtr* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t129;
				struct HWND__* _t130;
				struct HWND__* _t133;
				void* _t134;
				struct HWND__* _t135;
				struct HWND__* _t137;
				struct HWND__* _t139;
				struct HWND__* _t142;
				intOrPtr _t143;
				intOrPtr _t153;
				struct HWND__* _t160;
				struct HWND__* _t162;
				int _t165;
				int _t168;
				struct HWND__* _t169;
				struct HWND__* _t180;
				struct HWND__* _t186;
				intOrPtr _t187;
				struct HWND__* _t190;
				intOrPtr _t191;
				int _t198;
				struct HWND__* _t202;
				struct HWND__* _t207;
				struct HWND__* _t214;
				struct HWND__* _t216;
				intOrPtr _t217;
				struct HWND__* _t219;
				intOrPtr _t225;
				struct HWND__* _t241;
				struct HWND__* _t246;
				intOrPtr _t247;
				intOrPtr _t249;
				intOrPtr _t254;
				intOrPtr _t257;
				struct HWND__* _t262;
				int _t265;
				intOrPtr _t269;
				intOrPtr* _t274;
				void* _t279;
				intOrPtr _t281;
				struct HWND__* _t285;
				struct HWND__* _t286;
				void* _t300;
				void* _t303;
				intOrPtr _t313;
				intOrPtr _t314;
				intOrPtr _t330;
				void* _t331;
				void* _t333;
				void* _t338;
				void* _t339;
				intOrPtr _t340;

				_push(_t333);
				_push(_t331);
				_v12 = __edx;
				_v8 = __eax;
				_push(_t339);
				_push(0x42415c);
				_push( *[fs:edx]);
				 *[fs:edx] = _t340;
				 *(_v12 + 0xc) = 0;
				_t279 =  *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x80)) + 8)) - 1;
				if(_t279 < 0) {
					L5:
					E00423B68(_v8, _v12);
					_t281 =  *_v12;
					_t129 = _t281;
					__eflags = _t129 - 0x112;
					if(__eflags > 0) {
						__eflags = _t129 - 0xb017;
						if(__eflags > 0) {
							_t130 = _t129 - 0xb01a;
							__eflags = _t130;
							if(_t130 == 0) {
								_t133 = IsIconic( *(_v8 + 0x20));
								__eflags = _t133;
								if(_t133 == 0) {
									_t135 = GetFocus();
									_t314 = _v8;
									__eflags = _t135 -  *((intOrPtr*)(_t314 + 0x20));
									if(_t135 ==  *((intOrPtr*)(_t314 + 0x20))) {
										_t137 = E0041EFF4(0);
										__eflags = _t137;
										if(_t137 != 0) {
											SetFocus(_t137);
										}
									}
								}
								L87:
								_t134 = 0;
								_pop(_t313);
								 *[fs:eax] = _t313;
								goto L88;
							}
							_t139 = _t130 - 5;
							__eflags = _t139;
							if(_t139 == 0) {
								E00424850(_v8,  *(_v12 + 8),  *(_v12 + 4));
								goto L87;
							}
							_t142 = _t139 - 1;
							__eflags = _t142;
							if(_t142 == 0) {
								_t143 = _v12;
								__eflags =  *(_t143 + 4);
								if( *(_t143 + 4) != 0) {
									E0042452C(_v8,  *( *(_v12 + 8)),  *((intOrPtr*)( *(_v12 + 8) + 4)));
								} else {
									E004244D4(_v8, _t331, _t333,  *( *(_v12 + 8)),  *((intOrPtr*)( *(_v12 + 8) + 4)));
								}
								goto L87;
							}
							__eflags = _t142 == 0x11;
							if(_t142 == 0x11) {
								_t153 = _v12;
								__eflags =  *((intOrPtr*)(_t153 + 4)) - 1;
								if( *((intOrPtr*)(_t153 + 4)) != 1) {
									 *(_v8 + 0x88) =  *(_v12 + 8);
								} else {
									 *(_v12 + 0xc) =  *(_v8 + 0x88);
								}
							} else {
								L86:
								E00423B84(_t339); // executed
							}
							goto L87;
						}
						if(__eflags == 0) {
							_t160 =  *(_v8 + 0x28);
							__eflags = _t160;
							if(_t160 != 0) {
								_t335 = _t160;
								_t162 = E004181E0(_t160);
								__eflags = _t162;
								if(_t162 != 0) {
									_t165 = IsWindowEnabled(E004181E0(_t335));
									__eflags = _t165;
									if(_t165 != 0) {
										_t168 = IsWindowVisible(E004181E0(_t335));
										__eflags = _t168;
										if(_t168 != 0) {
											 *0x49a578 = 0;
											_t169 = GetFocus();
											SetFocus(E004181E0(_t335));
											E00415240(_t335,  *(_v12 + 4), 0x112,  *(_v12 + 8));
											SetFocus(_t169);
											 *0x49a578 = 1;
											 *(_v12 + 0xc) = 1;
										}
									}
								}
							}
							goto L87;
						}
						_t180 = _t129 + 0xfffffece - 7;
						__eflags = _t180;
						if(_t180 < 0) {
							 *(_v12 + 0xc) = SendMessageA( *(_v12 + 8), _t281 + 0xbc00,  *(_v12 + 4),  *(_v12 + 8));
							goto L87;
						}
						_t186 = _t180 - 0xaec7;
						__eflags = _t186;
						if(_t186 == 0) {
							_t187 = _v8;
							__eflags =  *((short*)(_t187 + 0xbe));
							if( *((short*)(_t187 + 0xbe)) != 0) {
								 *((intOrPtr*)(_v8 + 0xbc))();
							}
							goto L87;
						}
						_t190 = _t186 - 1;
						__eflags = _t190;
						if(_t190 == 0) {
							_t191 = _v8;
							__eflags =  *((short*)(_t191 + 0xb6));
							if( *((short*)(_t191 + 0xb6)) != 0) {
								 *((intOrPtr*)(_v8 + 0xb4))();
							}
							goto L87;
						}
						__eflags = _t190 == 0x15;
						if(_t190 == 0x15) {
							_t285 =  *(_v8 + 0x28);
							__eflags = _t285;
							if(_t285 != 0) {
								__eflags =  *(_t285 + 0x124);
								if( *(_t285 + 0x124) != 0) {
									_t198 = IsWindowEnabled(E004181E0(_t285));
									__eflags = _t198;
									if(_t198 != 0) {
										_t202 = E00412310( *((intOrPtr*)( *(_v8 + 0x28) + 0x124)), _v12);
										__eflags = _t202;
										if(_t202 != 0) {
											 *(_v12 + 0xc) = 1;
										}
									}
								}
							}
							goto L87;
						} else {
							goto L86;
						}
					}
					if(__eflags == 0) {
						_t207 = ( *(_v12 + 4) & 0x0000fff0) - 0xf020;
						__eflags = _t207;
						if(_t207 == 0) {
							E00424194(_v8, _t287);
						} else {
							__eflags = _t207 == 0x100;
							if(_t207 == 0x100) {
								E004241DC(_v8);
							} else {
								E00423B84(_t339);
							}
						}
						goto L87;
					}
					__eflags = _t129 - 0x14;
					if(__eflags > 0) {
						_t214 = _t129 - 0x15;
						__eflags = _t214;
						if(_t214 == 0) {
							__eflags =  *0x49a590 - 0x20;
							if( *0x49a590 >= 0x20) {
								__eflags =  *0x49c648;
								if( *0x49c648 != 0) {
									 *0x49c648();
								}
							}
							goto L87;
						}
						_t216 = _t214 - 1;
						__eflags = _t216;
						if(_t216 == 0) {
							_t217 = _v12;
							__eflags =  *(_t217 + 4);
							if( *(_t217 + 4) != 0) {
								E00404E54();
							}
							goto L87;
						}
						_t219 = _t216 - 6;
						__eflags = _t219;
						if(_t219 == 0) {
							E00423B84(_t339);
							_pop(_t300);
							asm("sbb eax, eax");
							 *((char*)(_v8 + 0x7d)) =  ~( ~( *(_v12 + 4)));
							_t225 = _v12;
							__eflags =  *(_t225 + 4);
							if( *(_t225 + 4) == 0) {
								E00423A84(_v8, _t300);
								PostMessageA( *(_v8 + 0x20), 0xb001, 0, 0); // executed
							} else {
								E00423B14(_v8);
								PostMessageA( *(_v8 + 0x20), 0xb000, 0, 0); // executed
							}
							goto L87;
						}
						__eflags = _t219 == 0x1b;
						if(_t219 == 0x1b) {
							 *(_v12 + 0xc) = E00424178(_v8);
							goto L87;
						} else {
							goto L86;
						}
					}
					if(__eflags == 0) {
						 *_v12 = 0x27;
						E00423B84(_t339);
						goto L87;
					}
					_t241 = _t129 - 7;
					__eflags = _t241;
					if(_t241 == 0) {
						PostMessageA( *(_v8 + 0x20), 0xb01a, 0, 0); // executed
						E00423B84(_t339);
						goto L87;
					}
					_t246 = _t241 - 3;
					__eflags = _t246;
					if(_t246 == 0) {
						_t247 = _v12;
						__eflags =  *(_t247 + 4);
						if( *(_t247 + 4) == 0) {
							E00423B84(_t339);
							_pop(_t303);
							_t249 = _v8;
							__eflags =  *(_t249 + 0x84);
							if( *(_t249 + 0x84) == 0) {
								_t254 = E0041EEA4( *(_v8 + 0x20), _t281, _t331, _t333); // executed
								 *((intOrPtr*)(_v8 + 0x84)) = _t254;
							}
							E00423A84(_v8, _t303);
						} else {
							E00423B14(_v8);
							_t257 = _v8;
							_t258 =  *(_t257 + 0x84);
							__eflags =  *(_t257 + 0x84);
							if( *(_t257 + 0x84) != 0) {
								E0041EF58(_t258);
								__eflags = 0;
								 *((intOrPtr*)(_v8 + 0x84)) = 0;
							}
							E00423B84(_t339);
						}
						goto L87;
					}
					_t262 = _t246 - 5;
					__eflags = _t262;
					if(_t262 == 0) {
						_t265 = IsIconic( *(_v8 + 0x20));
						__eflags = _t265;
						if(_t265 == 0) {
							E00423B84(_t339);
						} else {
							E00423BC0(_t339);
						}
						goto L87;
					}
					__eflags = _t262 == 1;
					if(_t262 == 1) {
						_t269 = _v8;
						_t270 =  *(_t269 + 0x28);
						__eflags =  *(_t269 + 0x28);
						if( *(_t269 + 0x28) != 0) {
							E00422C4C(_t270, _t287);
						}
						goto L87;
					} else {
						goto L86;
					}
				} else {
					_t286 = _t279 + 1;
					_t338 = 0;
					while(1) {
						_t274 = E0040B24C( *((intOrPtr*)(_v8 + 0x80)), _t338);
						_t287 = _t274;
						if( *_t274() != 0) {
							_t134 = 0;
							_pop(_t330);
							 *[fs:eax] = _t330;
							break;
						}
						_t338 = _t338 + 1;
						_t286 = _t286 - 1;
						__eflags = _t286;
						if(_t286 != 0) {
							continue;
						}
						goto L5;
					}
					L88:
					return _t134;
				}
			}





























































                                                    0x00423c13
                                                    0x00423c14
                                                    0x00423c15
                                                    0x00423c18
                                                    0x00423c1d
                                                    0x00423c1e
                                                    0x00423c23
                                                    0x00423c26
                                                    0x00423c2e
                                                    0x00423c3d
                                                    0x00423c40
                                                    0x00423c74
                                                    0x00423c7a
                                                    0x00423c82
                                                    0x00423c84
                                                    0x00423c86
                                                    0x00423c8b
                                                    0x00423cec
                                                    0x00423cf1
                                                    0x00423d27
                                                    0x00423d27
                                                    0x00423d2c
                                                    0x004240a1
                                                    0x004240a6
                                                    0x004240a8
                                                    0x004240ae
                                                    0x004240b3
                                                    0x004240b6
                                                    0x004240b9
                                                    0x004240c1
                                                    0x004240c6
                                                    0x004240c8
                                                    0x004240cf
                                                    0x004240cf
                                                    0x004240c8
                                                    0x004240b9
                                                    0x00424152
                                                    0x00424152
                                                    0x00424154
                                                    0x00424157
                                                    0x00000000
                                                    0x00424157
                                                    0x00423d32
                                                    0x00423d32
                                                    0x00423d35
                                                    0x004240e6
                                                    0x00000000
                                                    0x004240e6
                                                    0x00423d3b
                                                    0x00423d3b
                                                    0x00423d3c
                                                    0x004240ed
                                                    0x004240f0
                                                    0x004240f4
                                                    0x00424119
                                                    0x004240f6
                                                    0x00424104
                                                    0x00424104
                                                    0x00000000
                                                    0x004240f4
                                                    0x00423d42
                                                    0x00423d45
                                                    0x00424120
                                                    0x00424123
                                                    0x00424127
                                                    0x00424143
                                                    0x00424129
                                                    0x00424135
                                                    0x00424135
                                                    0x00423d4b
                                                    0x0042414b
                                                    0x0042414c
                                                    0x00424151
                                                    0x00000000
                                                    0x00423d45
                                                    0x00423cf3
                                                    0x00423fb4
                                                    0x00423fb7
                                                    0x00423fb9
                                                    0x00423fbf
                                                    0x00423fc3
                                                    0x00423fc8
                                                    0x00423fca
                                                    0x00423fd8
                                                    0x00423fdd
                                                    0x00423fdf
                                                    0x00423fed
                                                    0x00423ff2
                                                    0x00423ff4
                                                    0x00423ffa
                                                    0x00424001
                                                    0x00424010
                                                    0x00424029
                                                    0x0042402f
                                                    0x00424034
                                                    0x0042403e
                                                    0x0042403e
                                                    0x00423ff4
                                                    0x00423fdf
                                                    0x00423fca
                                                    0x00000000
                                                    0x00423fb9
                                                    0x00423cfe
                                                    0x00423cfe
                                                    0x00423d01
                                                    0x00423f37
                                                    0x00000000
                                                    0x00423f37
                                                    0x00423d07
                                                    0x00423d07
                                                    0x00423d0c
                                                    0x0042404a
                                                    0x0042404d
                                                    0x00424055
                                                    0x00424067
                                                    0x00424067
                                                    0x00000000
                                                    0x00424055
                                                    0x00423d12
                                                    0x00423d12
                                                    0x00423d13
                                                    0x00424072
                                                    0x00424075
                                                    0x0042407d
                                                    0x0042408f
                                                    0x0042408f
                                                    0x00000000
                                                    0x0042407d
                                                    0x00423d19
                                                    0x00423d1c
                                                    0x00423f59
                                                    0x00423f5c
                                                    0x00423f5e
                                                    0x00423f64
                                                    0x00423f6b
                                                    0x00423f79
                                                    0x00423f7e
                                                    0x00423f80
                                                    0x00423f95
                                                    0x00423f9a
                                                    0x00423f9c
                                                    0x00423fa5
                                                    0x00423fa5
                                                    0x00423f9c
                                                    0x00423f80
                                                    0x00423f6b
                                                    0x00000000
                                                    0x00423d22
                                                    0x00000000
                                                    0x00423d22
                                                    0x00423d1c
                                                    0x00423c8d
                                                    0x00423d5b
                                                    0x00423d5b
                                                    0x00423d60
                                                    0x00423d6e
                                                    0x00423d62
                                                    0x00423d62
                                                    0x00423d67
                                                    0x00423d7b
                                                    0x00423d69
                                                    0x00423d86
                                                    0x00423d8b
                                                    0x00423d67
                                                    0x00000000
                                                    0x00423d60
                                                    0x00423c93
                                                    0x00423c96
                                                    0x00423cc5
                                                    0x00423cc5
                                                    0x00423cc8
                                                    0x00423da9
                                                    0x00423db0
                                                    0x00423db6
                                                    0x00423dbd
                                                    0x00423dc3
                                                    0x00423dc3
                                                    0x00423dbd
                                                    0x00000000
                                                    0x00423db0
                                                    0x00423cce
                                                    0x00423cce
                                                    0x00423ccf
                                                    0x00423f3f
                                                    0x00423f42
                                                    0x00423f46
                                                    0x00423f4c
                                                    0x00423f4c
                                                    0x00000000
                                                    0x00423f46
                                                    0x00423cd5
                                                    0x00423cd5
                                                    0x00423cd8
                                                    0x00423e40
                                                    0x00423e45
                                                    0x00423e4e
                                                    0x00423e55
                                                    0x00423e58
                                                    0x00423e5b
                                                    0x00423e5f
                                                    0x00423e86
                                                    0x00423e9b
                                                    0x00423e61
                                                    0x00423e64
                                                    0x00423e79
                                                    0x00423e79
                                                    0x00000000
                                                    0x00423e5f
                                                    0x00423cde
                                                    0x00423ce1
                                                    0x00423e16
                                                    0x00000000
                                                    0x00423ce7
                                                    0x00000000
                                                    0x00423ce7
                                                    0x00423ce1
                                                    0x00423c98
                                                    0x00423df9
                                                    0x00423e00
                                                    0x00000000
                                                    0x00423e05
                                                    0x00423c9e
                                                    0x00423c9e
                                                    0x00423ca1
                                                    0x00423e2e
                                                    0x00423e34
                                                    0x00000000
                                                    0x00423e39
                                                    0x00423ca7
                                                    0x00423ca7
                                                    0x00423caa
                                                    0x00423ea5
                                                    0x00423ea8
                                                    0x00423eac
                                                    0x00423ee0
                                                    0x00423ee5
                                                    0x00423ee6
                                                    0x00423ee9
                                                    0x00423ef0
                                                    0x00423ef8
                                                    0x00423f00
                                                    0x00423f00
                                                    0x00423f09
                                                    0x00423eae
                                                    0x00423eb1
                                                    0x00423eb6
                                                    0x00423eb9
                                                    0x00423ebf
                                                    0x00423ec1
                                                    0x00423ec3
                                                    0x00423ecb
                                                    0x00423ecd
                                                    0x00423ecd
                                                    0x00423ed4
                                                    0x00423ed9
                                                    0x00000000
                                                    0x00423eac
                                                    0x00423cb0
                                                    0x00423cb0
                                                    0x00423cb3
                                                    0x00423dd5
                                                    0x00423dda
                                                    0x00423ddc
                                                    0x00423deb
                                                    0x00423dde
                                                    0x00423ddf
                                                    0x00423de4
                                                    0x00000000
                                                    0x00423ddc
                                                    0x00423cb9
                                                    0x00423cba
                                                    0x00423d91
                                                    0x00423d94
                                                    0x00423d97
                                                    0x00423d99
                                                    0x00423d9f
                                                    0x00423d9f
                                                    0x00000000
                                                    0x00423cc0
                                                    0x00000000
                                                    0x00423cc0
                                                    0x00423c42
                                                    0x00423c42
                                                    0x00423c43
                                                    0x00423c45
                                                    0x00423c50
                                                    0x00423c55
                                                    0x00423c61
                                                    0x00423c63
                                                    0x00423c65
                                                    0x00423c68
                                                    0x00423c6b
                                                    0x00423c6b
                                                    0x00423c70
                                                    0x00423c71
                                                    0x00423c71
                                                    0x00423c72
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00423c72
                                                    0x00424171
                                                    0x00424177
                                                    0x00424177

                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6433e9af95a1f47c88161e9adcfa26adac8d4aa109bbcb93f034ada1e570c7bd
                                                    • Instruction ID: aa0b3c7f48ab3ae8421f14e957015bd540d4f26150a0c72f33bcf3059b7e5473
                                                    • Opcode Fuzzy Hash: 6433e9af95a1f47c88161e9adcfa26adac8d4aa109bbcb93f034ada1e570c7bd
                                                    • Instruction Fuzzy Hash: B1E1BD31700124EFDB04DF69E989AADB7B5FB44300FA440AAE554AB352C73CEE91DB09
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0042285C, Relevance: 18.3, APIs: 12, Instructions: 255windowCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 2941 42285c-42286d 2942 422891-4228b0 2941->2942 2943 42286f-422879 2941->2943 2945 422ba6-422bbd 2942->2945 2946 4228b6-4228c0 2942->2946 2943->2942 2944 42287b-42288c call 408cbc call 40311c 2943->2944 2944->2942 2948 422aa1-422ae7 call 402c00 2946->2948 2949 4228c6-42290b call 402c00 2946->2949 2960 422af3-422afd 2948->2960 2961 422ae9-422aee call 421e2c 2948->2961 2958 422911-42291b 2949->2958 2959 4229af-4229c3 2949->2959 2965 422957-42296b call 4231a8 2958->2965 2966 42291d-422934 call 4146bc 2958->2966 2967 4229c9-4229d3 2959->2967 2968 422a7c-422a9c call 4181e0 ShowWindow 2959->2968 2963 422aff-422b07 call 4166b0 2960->2963 2964 422b0c-422b16 2960->2964 2961->2960 2963->2945 2971 422b37-422b4a call 4181e0 GetActiveWindow 2964->2971 2972 422b18-422b35 call 4181e0 SetWindowPos 2964->2972 2991 422970-422984 call 4231a0 2965->2991 2992 42296d 2965->2992 2986 422936 2966->2986 2987 422939-422950 call 414700 2966->2987 2974 4229d5-422a09 call 4181e0 SendMessageA call 4181e0 ShowWindow 2967->2974 2975 422a0b-422a55 call 4181e0 ShowWindow call 4181e0 CallWindowProcA call 414cc4 2967->2975 2968->2945 2996 422b4c-422b5c call 4181e0 IsIconic 2971->2996 2997 422b6d-422b6f 2971->2997 2972->2945 3006 422a5a-422a77 SendMessageA 2974->3006 2975->3006 2986->2987 3008 422989-42298b 2987->3008 3012 422952-422955 2987->3012 3007 422986 2991->3007 2991->3008 2992->2991 2996->2997 3018 422b5e-422b6b call 4181e0 call 41eff4 2996->3018 3002 422b71-422b94 call 4181e0 SetWindowPos SetActiveWindow 2997->3002 3003 422b96-422ba1 call 4181e0 ShowWindow 2997->3003 3002->2945 3003->2945 3006->2945 3007->3008 3014 42298f-422991 3008->3014 3015 42298d 3008->3015 3012->3008 3020 422993 3014->3020 3021 422995-4229aa 3014->3021 3015->3014 3018->2997 3020->3021 3021->2959
                                                    C-Code - Quality: 80%
                                                    			E0042285C(intOrPtr* __eax, void* __ebx, void* __edi, void* __esi) {
				intOrPtr* _v8;
				void* __ecx;
				intOrPtr _t94;
				intOrPtr _t95;
				intOrPtr _t100;
				intOrPtr _t102;
				intOrPtr _t103;
				void* _t105;
				struct HWND__* _t106;
				long _t116;
				long _t150;
				intOrPtr _t156;
				int _t161;
				intOrPtr _t162;
				intOrPtr _t182;
				intOrPtr _t186;
				struct HWND__* _t195;
				signed int _t198;
				signed int _t199;
				signed int _t202;
				void* _t207;
				intOrPtr _t211;
				intOrPtr _t212;
				intOrPtr _t214;
				signed int _t222;
				signed int _t223;
				signed int _t225;
				intOrPtr _t227;
				intOrPtr _t228;

				_t227 = _t228;
				_push(0xf031);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v8 = __eax;
				if(( *(_v8 + 0x1c) & 0x00000010) == 0 && ( *(_v8 + 0x119) & 0x00000004) != 0) {
					E00408CBC(__ebx, 0xf031, 1, __edi, __esi);
					E0040311C();
				}
				 *(_v8 + 0x119) =  *(_v8 + 0x119) | 0x00000004;
				_push(_t227);
				_push(0x422bbe);
				_push( *[fs:eax]);
				 *[fs:eax] = _t228;
				if(( *(_v8 + 0x1c) & 0x00000010) == 0) {
					_t95 = _v8;
					_t232 =  *((char*)(_t95 + 0xc7));
					if( *((char*)(_t95 + 0xc7)) == 0) {
						 *[fs:eax] = _t228;
						E00402C00(_v8, 0xffdd, 0xf031, __eflags,  *[fs:eax], 0x422ac5, _t227);
						_pop(_t212);
						_pop(_t207);
						 *[fs:eax] = _t212;
						_t100 =  *0x49c62c; // 0x21a0660
						__eflags =  *((intOrPtr*)(_t100 + 0x40)) - _v8;
						if( *((intOrPtr*)(_t100 + 0x40)) == _v8) {
							__eflags = 0;
							E00421E2C(_v8, _t207, 0);
						}
						_t102 = _v8;
						__eflags =  *((char*)(_t102 + 0x116)) - 1;
						if( *((char*)(_t102 + 0x116)) != 1) {
							_t103 = _v8;
							__eflags =  *(_t103 + 0x119) & 0x00000008;
							if(( *(_t103 + 0x119) & 0x00000008) == 0) {
								_t195 = 0;
								_t105 = E004181E0(_v8);
								_t106 = GetActiveWindow();
								__eflags = _t105 - _t106;
								if(_t105 == _t106) {
									_t116 = IsIconic(E004181E0(_v8));
									__eflags = _t116;
									if(_t116 == 0) {
										_t195 = E0041EFF4(E004181E0(_v8));
									}
								}
								__eflags = _t195;
								if(_t195 == 0) {
									ShowWindow(E004181E0(_v8), 0); // executed
								} else {
									SetWindowPos(E004181E0(_v8), 0, 0, 0, 0, 0, 0x97);
									SetActiveWindow(_t195);
								}
							} else {
								SetWindowPos(E004181E0(_v8), 0, 0, 0, 0, 0, 0x97);
							}
						} else {
							E004166B0(_v8);
						}
					} else {
						 *[fs:eax] = _t228;
						E00402C00(_v8, 0xffdc, 0xf031, _t232,  *[fs:eax], 0x4228ea, _t227);
						_pop(_t214);
						 *[fs:eax] = _t214;
						if( *((char*)(_v8 + 0x117)) == 4) {
							if( *((char*)(_v8 + 0x116)) != 1) {
								_t198 = E004231A8() -  *(_v8 + 0x2c);
								__eflags = _t198;
								_t199 = _t198 >> 1;
								if(_t198 < 0) {
									asm("adc ebx, 0x0");
								}
								_t222 = E004231A0() -  *(_v8 + 0x30);
								__eflags = _t222;
								_t223 = _t222 >> 1;
								if(_t222 < 0) {
									asm("adc esi, 0x0");
								}
							} else {
								_t182 =  *0x49c628; // 0x21a2410
								_t202 = E004146BC( *((intOrPtr*)(_t182 + 0x28))) -  *(_v8 + 0x2c);
								_t199 = _t202 >> 1;
								if(_t202 < 0) {
									asm("adc ebx, 0x0");
								}
								_t186 =  *0x49c628; // 0x21a2410
								_t225 = E00414700( *((intOrPtr*)(_t186 + 0x28))) -  *(_v8 + 0x30);
								_t223 = _t225 >> 1;
								if(_t225 < 0) {
									asm("adc esi, 0x0");
								}
							}
							if(_t199 < 0) {
								_t199 = 0;
							}
							if(_t223 < 0) {
								_t223 = 0;
							}
							 *((intOrPtr*)( *_v8 + 0x4c))( *(_v8 + 0x30),  *(_v8 + 0x2c));
						}
						 *((char*)(_v8 + 0x117)) = 0;
						if( *((char*)(_v8 + 0x116)) != 1) {
							ShowWindow(E004181E0(_v8),  *(0x49a5d8 + ( *(_v8 + 0x112) & 0x000000ff) * 4)); // executed
						} else {
							if( *(_v8 + 0x112) != 2) {
								ShowWindow(E004181E0(_v8),  *(0x49a5d8 + ( *(_v8 + 0x112) & 0x000000ff) * 4));
								_t150 =  *(_v8 + 0x30) << 0x00000010 |  *(_v8 + 0x2c);
								__eflags = _t150;
								CallWindowProcA(0x405dfc, E004181E0(_v8), 5, 0, _t150);
								E00414CC4(_v8);
							} else {
								_t161 = E004181E0(_v8);
								_t162 =  *0x49c628; // 0x21a2410
								SendMessageA( *( *((intOrPtr*)(_t162 + 0x28)) + 0x130), 0x223, _t161, 0);
								ShowWindow(E004181E0(_v8), 3);
							}
							_t156 =  *0x49c628; // 0x21a2410
							SendMessageA( *( *((intOrPtr*)(_t156 + 0x28)) + 0x130), 0x234, 0, 0);
						}
					}
				}
				_pop(_t211);
				 *[fs:eax] = _t211;
				_push(0x422bc5);
				_t94 = _v8;
				 *(_t94 + 0x119) =  *(_t94 + 0x119) & 0x000000fb;
				return _t94;
			}
































                                                    0x0042285d
                                                    0x0042285f
                                                    0x00422860
                                                    0x00422861
                                                    0x00422862
                                                    0x00422863
                                                    0x0042286d
                                                    0x00422887
                                                    0x0042288c
                                                    0x0042288c
                                                    0x00422894
                                                    0x0042289d
                                                    0x0042289e
                                                    0x004228a3
                                                    0x004228a6
                                                    0x004228b0
                                                    0x004228b6
                                                    0x004228b9
                                                    0x004228c0
                                                    0x00422aac
                                                    0x00422ab6
                                                    0x00422abd
                                                    0x00422abf
                                                    0x00422ac0
                                                    0x00422adc
                                                    0x00422ae4
                                                    0x00422ae7
                                                    0x00422ae9
                                                    0x00422aee
                                                    0x00422aee
                                                    0x00422af3
                                                    0x00422af6
                                                    0x00422afd
                                                    0x00422b0c
                                                    0x00422b0f
                                                    0x00422b16
                                                    0x00422b37
                                                    0x00422b3c
                                                    0x00422b43
                                                    0x00422b48
                                                    0x00422b4a
                                                    0x00422b55
                                                    0x00422b5a
                                                    0x00422b5c
                                                    0x00422b6b
                                                    0x00422b6b
                                                    0x00422b5c
                                                    0x00422b6d
                                                    0x00422b6f
                                                    0x00422ba1
                                                    0x00422b71
                                                    0x00422b89
                                                    0x00422b8f
                                                    0x00422b8f
                                                    0x00422b18
                                                    0x00422b30
                                                    0x00422b30
                                                    0x00422aff
                                                    0x00422b02
                                                    0x00422b02
                                                    0x004228c6
                                                    0x004228d1
                                                    0x004228db
                                                    0x004228e2
                                                    0x004228e5
                                                    0x0042290b
                                                    0x0042291b
                                                    0x00422966
                                                    0x00422966
                                                    0x00422969
                                                    0x0042296b
                                                    0x0042296d
                                                    0x0042296d
                                                    0x0042297f
                                                    0x0042297f
                                                    0x00422982
                                                    0x00422984
                                                    0x00422986
                                                    0x00422986
                                                    0x0042291d
                                                    0x0042291d
                                                    0x0042292f
                                                    0x00422932
                                                    0x00422934
                                                    0x00422936
                                                    0x00422936
                                                    0x00422939
                                                    0x0042294b
                                                    0x0042294e
                                                    0x00422950
                                                    0x00422952
                                                    0x00422952
                                                    0x00422950
                                                    0x0042298b
                                                    0x0042298d
                                                    0x0042298d
                                                    0x00422991
                                                    0x00422993
                                                    0x00422993
                                                    0x004229ac
                                                    0x004229ac
                                                    0x004229b2
                                                    0x004229c3
                                                    0x00422a97
                                                    0x004229c9
                                                    0x004229d3
                                                    0x00422a26
                                                    0x00422a37
                                                    0x00422a37
                                                    0x00422a4d
                                                    0x00422a55
                                                    0x004229d5
                                                    0x004229da
                                                    0x004229e5
                                                    0x004229f4
                                                    0x00422a04
                                                    0x00422a04
                                                    0x00422a63
                                                    0x00422a72
                                                    0x00422a72
                                                    0x004229c3
                                                    0x004228c0
                                                    0x00422ba8
                                                    0x00422bab
                                                    0x00422bae
                                                    0x00422bb3
                                                    0x00422bb6
                                                    0x00422bbd

                                                    APIs
                                                    • SendMessageA.USER32 ref: 004229F4
                                                    • ShowWindow.USER32(00000000,00000003,00000000,00000223,00000000,00000000,00000000,00422BBE), ref: 00422A04
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: MessageSendShowWindow
                                                    • String ID:
                                                    • API String ID: 1631623395-0
                                                    • Opcode ID: 8d89aa3ec4d628327afe209e421e02915b60c01b398b4a12bd99d0adeb45753c
                                                    • Instruction ID: 25a83acf69f399dfd67c515eae6b064ff4aeb934fe47cdbd8e77557c98a4a8ba
                                                    • Opcode Fuzzy Hash: 8d89aa3ec4d628327afe209e421e02915b60c01b398b4a12bd99d0adeb45753c
                                                    • Instruction Fuzzy Hash: A7915171B04214BFDB11EFA9DA86F9D77F4AB08304F5500B6F504AB392CA78AF419B58
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004673A4, Relevance: 13.9, APIs: 4, Strings: 3, Instructions: 1656windowCOMMONCrypto
                                                    Download Yara Rule
                                                    C-Code - Quality: 96%
                                                    			E004673A4(void* __ebx, intOrPtr __ecx, char __edx, void* __edi, void* __esi, void* __fp0) {
				char _v8;
				char _v9;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				struct HMENU__* _v28;
				char _v29;
				intOrPtr* _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v57;
				char _v58;
				char _v59;
				char _v60;
				char _v64;
				char _v68;
				char _t564;
				signed int _t580;
				signed int _t582;
				void* _t618;
				struct HINSTANCE__* _t658;
				intOrPtr _t701;
				intOrPtr _t702;
				intOrPtr _t725;
				intOrPtr _t726;
				intOrPtr _t750;
				intOrPtr _t751;
				intOrPtr _t766;
				intOrPtr _t767;
				intOrPtr _t800;
				void* _t813;
				void* _t838;
				void* _t857;
				void* _t863;
				intOrPtr _t893;
				intOrPtr _t926;
				void* _t939;
				void* _t965;
				intOrPtr _t987;
				intOrPtr _t1010;
				intOrPtr _t1038;
				intOrPtr _t1047;
				intOrPtr _t1056;
				intOrPtr _t1065;
				intOrPtr _t1066;
				void* _t1093;
				intOrPtr _t1123;
				char _t1128;
				char _t1129;
				intOrPtr _t1133;
				intOrPtr _t1140;
				void* _t1142;
				intOrPtr _t1143;
				intOrPtr _t1156;
				intOrPtr _t1161;
				intOrPtr _t1190;
				void* _t1200;
				intOrPtr _t1201;
				intOrPtr _t1210;
				intOrPtr _t1215;
				intOrPtr _t1217;
				intOrPtr _t1221;
				intOrPtr _t1232;
				void* _t1234;
				intOrPtr _t1236;
				intOrPtr _t1238;
				intOrPtr _t1248;
				intOrPtr _t1273;
				void* _t1275;
				intOrPtr _t1283;
				void* _t1285;
				intOrPtr _t1287;
				intOrPtr _t1294;
				intOrPtr _t1307;
				intOrPtr _t1325;
				intOrPtr _t1340;
				intOrPtr _t1345;
				intOrPtr _t1350;
				intOrPtr _t1395;
				intOrPtr _t1461;
				intOrPtr* _t1472;
				intOrPtr _t1473;
				intOrPtr _t1487;
				intOrPtr _t1489;
				char _t1521;
				intOrPtr _t1541;
				intOrPtr _t1542;
				intOrPtr _t1543;
				intOrPtr _t1544;
				intOrPtr _t1554;
				intOrPtr _t1558;
				signed int _t1562;
				intOrPtr _t1575;
				intOrPtr _t1582;
				intOrPtr _t1583;
				intOrPtr _t1585;
				intOrPtr _t1586;
				intOrPtr _t1594;
				intOrPtr _t1598;
				intOrPtr _t1604;
				void* _t1632;
				intOrPtr _t1640;
				void* _t1692;
				intOrPtr _t1698;
				intOrPtr _t1708;
				intOrPtr _t1727;
				intOrPtr _t1731;
				intOrPtr _t1732;
				intOrPtr _t1739;
				intOrPtr _t1740;
				intOrPtr _t1757;
				intOrPtr _t1780;
				intOrPtr _t1791;
				intOrPtr _t1818;
				signed int _t1822;
				signed int _t1823;
				signed int _t1828;
				signed int _t1829;
				intOrPtr _t1833;
				intOrPtr _t1842;
				intOrPtr _t1843;
				intOrPtr _t1846;
				intOrPtr _t1850;
				signed int _t1868;
				signed int _t1870;
				void* _t1871;
				void* _t1876;
				void* _t1877;
				intOrPtr* _t1879;
				void* _t1886;
				intOrPtr* _t1887;
				struct HMENU__* _t1895;
				void* _t1896;
				struct HMENU__* _t1897;
				signed int _t1898;
				void* _t1900;
				void* _t1901;
				intOrPtr _t1902;
				void* _t1908;
				void* _t1909;
				signed char _t1913;
				void* _t1920;
				void* _t1923;
				void* _t1926;
				void* _t1981;

				_t1981 = __fp0;
				_t1852 = __edi;
				_t1521 = __edx;
				_t1473 = __ecx;
				_t1900 = _t1901;
				_t1902 = _t1901 + 0xffffffc0;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v52 = 0;
				_v68 = 0;
				_v24 = 0;
				if(__edx != 0) {
					_t1902 = _t1902 + 0xfffffff0;
					_t564 = E00402D30(_t564, _t1900);
				}
				_v16 = _t1473;
				_v9 = _t1521;
				_v8 = _t564;
				_t1472 =  &_v8;
				 *[fs:eax] = _t1902;
				E00495CBC(0); // executed
				 *((intOrPtr*)( *_t1472 + 0x2fc)) = E00402B30(1);
				 *((intOrPtr*)( *_t1472 + 0x338)) = E00402B30(1);
				 *((intOrPtr*)( *_t1472 + 0x324)) = E00402B30(1);
				 *((intOrPtr*)( *_t1472 + 0x328)) = E00402B30(1);
				 *((intOrPtr*)( *_t1472 + 0x32c)) = E00402B30(1);
				 *((intOrPtr*)( *_t1472 + 0x330)) = E00402B30(1);
				_t580 =  *0x49d3a4; // 0x0
				_t1868 =  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x250)) + 0x30)) -  *((intOrPtr*)( *_t580 + 0x1c))( *[fs:eax], 0x468ad9, _t1900);
				if(_t1868 > 0) {
					_t1461 =  *((intOrPtr*)( *_t1472 + 0x250));
					E0041463C( *((intOrPtr*)( *_t1472 + 0x250)),  *((intOrPtr*)(_t1461 + 0x30)) - _t1868);
					_t1850 =  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x250)) + 0x28));
					_t1898 = _t1868 >> 1;
					if( *((intOrPtr*)(_t1461 + 0x30)) - _t1868 < 0) {
						asm("adc esi, 0x0");
					}
					E004145FC( *((intOrPtr*)( *_t1472 + 0x250)), _t1850 + _t1898);
				}
				_t582 =  *0x49d3a4; // 0x0
				_t1870 =  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x250)) + 0x2c)) -  *((intOrPtr*)( *_t582 + 0x20))();
				if(_t1870 > 0) {
					_t1908 =  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x250)) + 0x2c)) - _t1870;
					E0041461C( *((intOrPtr*)( *_t1472 + 0x250)),  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x250)) + 0x2c)) - _t1870);
					_t1846 =  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x250)) + 0x24));
					_t1870 = _t1870 >> 1;
					if(_t1908 < 0) {
						asm("adc esi, 0x0");
					}
					_t1909 = _t1846 + _t1870;
					E004145DC( *((intOrPtr*)( *_t1472 + 0x250)));
				}
				E00495FC4( *_t1472, _t1909);
				_t1910 =  *0x49d316 & 0x00000020;
				if(( *0x49d316 & 0x00000020) == 0) {
					E00495F30( *_t1472);
				} else {
					_t1843 =  *0x49d0f0; // 0x21ed9dc
					E00495E0C( *_t1472, 1, _t1843);
				}
				_t1475 =  *0x49d354; // 0xc
				_t1541 =  *0x49d32c; // 0x21b9374
				E00495920( *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x234)) + 0x44)), _t1472, _t1475, _t1541, _t1852, _t1870, 0xc, 0);
				_t1542 =  *0x468afc; // 0x1
				E0041A3D0( *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x234)) + 0x44)), _t1542, _t1910);
				_t1543 =  *0x468afc; // 0x1
				E0041A3D0( *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x248)) + 0x44)), _t1543, _t1910);
				if(( *0x49d316 & 0x00000020) == 0) {
					_t1475 =  &_v52;
					_t1544 =  *0x49d46c; // 0x21b8c4c
					E00451458(0xa2,  &_v52, _t1544);
					E00414B18( *_t1472, _t1472, _v52, _t1852, _t1870);
				} else {
					_t1842 =  *0x49cec4; // 0x0
					E00414B18( *_t1472, _t1472, _t1842, _t1852, _t1870);
				}
				if(( *0x49d316 & 0x00000020) == 0) {
					_v40 = E004146BC( *_t1472);
					_v44 = E00414700( *_t1472);
					_t1913 =  *( *_t1472 + 0x110) |  *0x468b00;
					E00420F98( *_t1472, _t1475,  *( *_t1472 + 0x110) |  *0x468b00);
					E00420FC4( *_t1472, 1);
					E00420B68( *_t1472, _v40);
					E00420B94( *_t1472, _v44);
				}
				_v60 = 0xc;
				_v59 = 0xe;
				_v58 = 0xf;
				_v57 = 0x10;
				_v56 = 0x12;
				_t1871 = E00495D5C( *_t1472, _t1472, 4,  &_v60, _t1852, _t1870, _t1913);
				_v20 = E00496080( *_t1472, 0xa);
				E0041461C( *((intOrPtr*)( *_t1472 + 0x1c0)), _t1871);
				E0041461C( *((intOrPtr*)( *_t1472 + 0x1bc)), _t1871);
				E0041461C( *((intOrPtr*)( *_t1472 + 0x1b8)), _t1871);
				_t618 = E004146BC( *_t1472);
				E004145DC( *((intOrPtr*)( *_t1472 + 0x1b8)));
				E004145DC( *((intOrPtr*)( *_t1472 + 0x1bc)));
				_t1858 = _t618 - _v20 - _t1871 - _v20 - _t1871 - _t1871;
				E004145DC( *((intOrPtr*)( *_t1472 + 0x1c0)));
				_t1554 =  *0x49d2d8; // 0x400000
				E00460BFC( *((intOrPtr*)( *_t1472 + 0x230)), _t1554);
				E00460C14( *((intOrPtr*)( *_t1472 + 0x230)));
				E00460C20( *((intOrPtr*)( *_t1472 + 0x230)), 1);
				E00460C68( *((intOrPtr*)( *_t1472 + 0x230)), 0 | ( *0x49d31a & 0x00000004) != 0x00000000);
				_t1558 =  *0x49d2d8; // 0x400000
				E00460BFC( *((intOrPtr*)( *_t1472 + 0x264)), _t1558);
				E00460C14( *((intOrPtr*)( *_t1472 + 0x264)));
				E00460C20( *((intOrPtr*)( *_t1472 + 0x264)), 1);
				E00460C68( *((intOrPtr*)( *_t1472 + 0x264)), 0 | ( *0x49d31a & 0x00000004) != 0x00000000);
				_t1562 =  *0x49d3a4; // 0x0
				E00460C14( *((intOrPtr*)( *_t1472 + 0x250)));
				E00460C68( *((intOrPtr*)( *_t1472 + 0x250)), _t1562 & 0xffffff00 | ( *0x49d31a & 0x00000004) != 0x00000000);
				_t658 =  *0x49c014; // 0x400000
				E0041D6B0( *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2bc)) + 0xb4)), LoadBitmapA(_t658, "STOPIMAGE"));
				E00460C38( *((intOrPtr*)( *_t1472 + 0x2bc)), 0xc0c0c0);
				E00460C50( *((intOrPtr*)( *_t1472 + 0x2bc)),  *((intOrPtr*)( *_t1472 + 0x48)));
				E00467180(_t1472, 4, _t618 - _v20 - _t1871 - _v20 - _t1871 - _t1871, _t1871,  *0x49d31a & 0x00000004, _t1900); // executed
				E00468CB0( *_t1472, 1,  *0x49d31a & 0x00000004, 0, 0, 0);
				E00466800(0xc9,  &_v52);
				E0040357C( &_v52, 0x468b18);
				E00414B18( *((intOrPtr*)( *_t1472 + 0x234)), _t1472, _v52, _t618 - _v20 - _t1871 - _v20 - _t1871 - _t1871, _t1871);
				E00466B38( *((intOrPtr*)( *_t1472 + 0x234)));
				E00466B40( *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x234)) + 0x28)) +  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x234)) + 0x30)) -  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x268)) + 0x28)),  *((intOrPtr*)( *_t1472 + 0x268)));
				E00466800(0xca,  &_v52);
				E0040357C( &_v52, 0x468b24);
				_t1575 =  *0x49ccc8; // 0x0
				E0040357C( &_v52, _t1575);
				E00414B18( *((intOrPtr*)( *_t1472 + 0x268)), _t1472, _v52, _t618 - _v20 - _t1871 - _v20 - _t1871 - _t1871, _t1871);
				_t701 =  *0x49cf98; // 0x0
				_t702 =  *0x49ce00; // 0x0
				E00468CB0( *_t1472, 2,  *0x49d31a & 0x00000004, _t702, _t701,  *((intOrPtr*)( *_t1472 + 0x1d8)));
				E00466800(0x6d,  &_v52);
				E00414B18( *((intOrPtr*)( *_t1472 + 0x26c)), _t1472, _v52, _t618 - _v20 - _t1871 - _v20 - _t1871 - _t1871, _t1871);
				E00466B40(E00466B38( *((intOrPtr*)( *_t1472 + 0x26c))),  *((intOrPtr*)( *_t1472 + 0x270)));
				_t1582 =  *0x49cdfc; // 0x0
				E00414B18( *((intOrPtr*)( *_t1472 + 0x2a4)), _t1472, _t1582, _t618 - _v20 - _t1871 - _v20 - _t1871 - _t1871, _t713);
				_t1583 =  *0x49ce08; // 0x0
				E00414B18( *((intOrPtr*)( *_t1472 + 0x2a8)), _t1472, _t1583, _t618 - _v20 - _t1871 - _v20 - _t1871 - _t1871, _t713);
				_t725 =  *0x49cf9c; // 0x0
				_t726 =  *0x49ce3c; // 0x0
				E00468CB0( *_t1472, 3,  *0x49d31a & 0x00000004, _t726, _t725,  *((intOrPtr*)( *_t1472 + 0x1dc)));
				_t1585 =  *0x49ce40; // 0x0
				E00414B18( *((intOrPtr*)( *_t1472 + 0x218)), _t1472, _t1585, _t618 - _v20 - _t1871 - _v20 - _t1871 - _t1871, _t713);
				_t1586 =  *0x49ce38; // 0x0
				E00414B18( *((intOrPtr*)( *_t1472 + 0x220)), _t1472, _t1586, _t618 - _v20 - _t1871 - _v20 - _t1871 - _t1871, _t713);
				E004145FC( *((intOrPtr*)( *_t1472 + 0x220)),  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x220)) + 0x28)) + E00466B38( *((intOrPtr*)( *_t1472 + 0x218))));
				E004145FC( *((intOrPtr*)( *_t1472 + 0x21c)),  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x21c)) + 0x28)) + _t738 + E00466B38( *((intOrPtr*)( *_t1472 + 0x220))));
				_t750 =  *0x49cf90; // 0x0
				_t751 =  *0x49cdd0; // 0x0
				E00468CB0( *_t1472, 4,  *0x49d31a & 0x00000004, _t751, _t750,  *((intOrPtr*)( *_t1472 + 0x1e0)));
				_t1594 =  *0x49cdcc; // 0x0
				E00414B18( *((intOrPtr*)( *_t1472 + 0x23c)), _t1472, _t1594, _t1858, _t738 + E00466B38( *((intOrPtr*)( *_t1472 + 0x220))));
				E00466B40(E00466B38( *((intOrPtr*)( *_t1472 + 0x23c))),  *((intOrPtr*)( *_t1472 + 0x238)));
				_t766 =  *0x49cfbc; // 0x0
				_t767 =  *0x49cf60; // 0x0
				_t1487 =  *((intOrPtr*)( *_t1472 + 0x1d0));
				E00468CB0( *_t1472, 5,  *0x49d31a & 0x00000004, _t767, _t766,  *((intOrPtr*)( *_t1472 + 0x1e4)));
				_t1598 =  *0x49cf64; // 0x0
				E00414B18( *((intOrPtr*)( *_t1472 + 0x2ac)), _t1472, _t1598, _t1858, _t760);
				_t1876 = E00466B38( *((intOrPtr*)( *_t1472 + 0x2ac)));
				E004145FC( *((intOrPtr*)( *_t1472 + 0x2b0)),  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2b0)) + 0x28)) + _t1876);
				E004145FC( *((intOrPtr*)( *_t1472 + 0x2b4)),  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2b4)) + 0x28)) + _t1876);
				_t1604 =  *0x49cf6c; // 0x0
				E00414B18( *((intOrPtr*)( *_t1472 + 0x2b4)), _t1472, _t1604, _t1858, _t1876);
				_t1877 = _t1876 + E00466B38( *((intOrPtr*)( *_t1472 + 0x2b4)));
				E004145FC( *((intOrPtr*)( *_t1472 + 0x2b8)),  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2b8)) + 0x28)) + _t1877);
				_t1917 =  *0x49d443;
				if( *0x49d443 == 0) {
					E00414A44( *((intOrPtr*)( *_t1472 + 0x2c8)), _t1487, 0, _t1858);
					__eflags = 0;
					E00414A44( *((intOrPtr*)( *_t1472 + 0x2cc)), _t1487, 0, _t1858);
				} else {
					E004145FC( *((intOrPtr*)( *_t1472 + 0x2c8)),  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2c8)) + 0x28)) + _t1877);
					_t1833 =  *0x49cf70; // 0x0
					E00414B18( *((intOrPtr*)( *_t1472 + 0x2c8)), _t1472, _t1833, _t1858, _t1877);
					E004145FC( *((intOrPtr*)( *_t1472 + 0x2cc)),  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2cc)) + 0x28)) + _t1877);
				}
				_t800 =  *0x49cfa8; // 0x0
				E00466800(0x8f,  &_v52);
				E00468CB0( *_t1472, 6, _t1917, _v52, _t800,  *((intOrPtr*)( *_t1472 + 0x1e8)));
				E00466800(0x91,  &_v52);
				E00414B18( *((intOrPtr*)( *_t1472 + 0x294)), _t1472, _v52, _t1858, _t1877);
				_t813 = E00496080( *_t1472, 0xc);
				_t1878 =  *((intOrPtr*)( *_t1472 + 0x2e0));
				_t1860 = _t813 +  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2e0)) + 0x24)) +  *((intOrPtr*)(_t1878 + 0x2c));
				_t1879 =  *((intOrPtr*)( *_t1472 + 0x294));
				_t1489 =  *((intOrPtr*)(_t1879 + 0x28));
				_t1880 =  *_t1879;
				 *((intOrPtr*)( *_t1879 + 0x4c))( *((intOrPtr*)(_t1879 + 0x30)),  *((intOrPtr*)(_t1879 + 0x2c)) - _t813 +  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2e0)) + 0x24)) +  *((intOrPtr*)(_t1878 + 0x2c)) -  *((intOrPtr*)(_t1879 + 0x24)));
				E00466B38( *((intOrPtr*)( *_t1472 + 0x294)));
				if( *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2e0)) + 0x30)) >  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x294)) + 0x30))) {
					_t1828 =  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2e0)) + 0x30)) -  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x294)) + 0x30)) - 1;
					_t1829 = _t1828 >> 1;
					if(_t1828 < 0) {
						asm("adc edx, 0x0");
					}
					_t1920 = _t1829 +  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x294)) + 0x28));
					E004145FC( *((intOrPtr*)( *_t1472 + 0x294)), _t1829 +  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x294)) + 0x28)));
				}
				E00466800(0x8e,  &_v52);
				E00414B18( *((intOrPtr*)( *_t1472 + 0x2e8)), _t1472, _v52, _t1860, _t1880);
				_push(E00496090( *_t1472, 0xd) +  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x294)) + 0x28)) +  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x294)) + 0x30)) - 1);
				_t838 = E00496090( *_t1472, 0xc);
				_pop(_t1632);
				E004145FC( *((intOrPtr*)( *_t1472 + 0x2e8)),  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2e8)) + 0x28)) + E0042E8C0(_t838 +  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2e0)) + 0x28)) +  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2e0)) + 0x30)), _t1632) -  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2e8)) + 0x28)));
				E004145FC( *((intOrPtr*)( *_t1472 + 0x20c)),  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x20c)) + 0x28)) + E0042E8C0(_t838 +  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2e0)) + 0x28)) +  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2e0)) + 0x30)), _t1632) -  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2e8)) + 0x28)) + E00466B38( *((intOrPtr*)( *_t1472 + 0x2e8))));
				_t857 = E004181E0( *((intOrPtr*)( *_t1472 + 0x20c))); // executed
				E0042ED38(_t857, _t1472, _t1489,  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x20c)) + 0x28)) + E0042E8C0(_t838 +  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2e0)) + 0x28)) +  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2e0)) + 0x30)), _t1632) -  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2e8)) + 0x28)) + E00466B38( *((intOrPtr*)( *_t1472 + 0x2e8))),  *((intOrPtr*)( *_t1472 + 0x294)), E0042E8C0(_t838 +  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2e0)) + 0x28)) +  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2e0)) + 0x30)), _t1632) -  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2e8)) + 0x28)) + E00466B38( *((intOrPtr*)( *_t1472 + 0x2e8)))); // executed
				_t1640 =  *0x49cca8; // 0x0
				E00414B18( *((intOrPtr*)( *_t1472 + 0x2d8)), _t1472, _t1640,  *((intOrPtr*)( *_t1472 + 0x294)), E0042E8C0(_t838 +  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2e0)) + 0x28)) +  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2e0)) + 0x30)), _t1632) -  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2e8)) + 0x28)) + E00466B38( *((intOrPtr*)( *_t1472 + 0x2e8))));
				_v64 = 0x16;
				_t863 = E00495D5C( *_t1472, _t1472, 0,  &_v64,  *((intOrPtr*)( *_t1472 + 0x294)), E0042E8C0(_t838 +  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2e0)) + 0x28)) +  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2e0)) + 0x30)), _t1632) -  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2e8)) + 0x28)) + E00466B38( *((intOrPtr*)( *_t1472 + 0x2e8))), _t1920);
				_t1862 = _t863;
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2d8)))) + 0x4c))( *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2d8)) + 0x30)), _t863);
				E0041461C( *((intOrPtr*)( *_t1472 + 0x20c)),  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2d8)) + 0x24)) - E00496080( *_t1472, 0xa) -  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x20c)) + 0x24)));
				E00466800(0x2e,  &_v52);
				E00414B18( *((intOrPtr*)( *_t1472 + 0x208)), _t1472, _v52, _t863,  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2d8)))));
				E004145FC( *((intOrPtr*)( *_t1472 + 0x208)),  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x208)) + 0x28)) - E00466B38( *((intOrPtr*)( *_t1472 + 0x208))));
				_t893 =  *0x49cfac; // 0x0
				E00466800(0x8c,  &_v52);
				E00468CB0( *_t1472, 7, _t1920, _v52, _t893,  *((intOrPtr*)( *_t1472 + 0x1ec)));
				E00466800(0x8d,  &_v52);
				E00414B18( *((intOrPtr*)( *_t1472 + 0x29c)), _t1472, _v52, _t863,  *((intOrPtr*)( *_t1472 + 0x208)));
				_t1886 = E00466B38( *((intOrPtr*)( *_t1472 + 0x29c)));
				E004145FC( *((intOrPtr*)( *_t1472 + 0x228)),  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x228)) + 0x28)) + _t1886);
				_t1494 = _t1886;
				E00466B40(_t1886,  *((intOrPtr*)( *_t1472 + 0x27c)));
				E00466800(0x23,  &_v52);
				E00414B18( *((intOrPtr*)( *_t1472 + 0x280)), _t1472, _v52, _t863, _t1886);
				E00466B38( *((intOrPtr*)( *_t1472 + 0x280)));
				if( *0x49d44b != 0) {
					_t1395 =  *0x49d36c; // 0x0
					if( *((intOrPtr*)(_t1395 + 8)) == 1) {
						E00414A44( *((intOrPtr*)( *_t1472 + 0x228)), _t1494, 0, _t1862);
						_t1923 =  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x228)) + 0x28)) -  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x27c)) + 0x28));
						E00466B40( *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x228)) + 0x28)) -  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x27c)) + 0x28)),  *((intOrPtr*)( *_t1472 + 0x27c)));
					}
				}
				_t926 =  *0x49cfb0; // 0x0
				E00466800(0x96,  &_v52);
				E00468CB0( *_t1472, 8, _t1923, _v52, _t926,  *((intOrPtr*)( *_t1472 + 0x1f0)));
				E00466800(0x97,  &_v52);
				E00414B18( *((intOrPtr*)( *_t1472 + 0x298)), _t1472, _v52, _t1862, _t1886);
				_t939 = E00496080( *_t1472, 0xc);
				_t1864 = _t939 +  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2e4)) + 0x24)) +  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2e4)) + 0x2c));
				_t1887 =  *((intOrPtr*)( *_t1472 + 0x298));
				_t1888 =  *_t1887;
				 *((intOrPtr*)( *_t1887 + 0x4c))( *((intOrPtr*)(_t1887 + 0x30)),  *((intOrPtr*)(_t1887 + 0x2c)) - _t939 +  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2e4)) + 0x24)) +  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2e4)) + 0x2c)) -  *((intOrPtr*)(_t1887 + 0x24)));
				E00466B38( *((intOrPtr*)( *_t1472 + 0x298)));
				if( *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2e4)) + 0x30)) >  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x298)) + 0x30))) {
					_t1822 =  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2e4)) + 0x30)) -  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x298)) + 0x30)) - 1;
					_t1823 = _t1822 >> 1;
					if(_t1822 < 0) {
						asm("adc edx, 0x0");
					}
					_t1926 = _t1823 +  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x298)) + 0x28));
					E004145FC( *((intOrPtr*)( *_t1472 + 0x298)), _t1823 +  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x298)) + 0x28)));
				}
				E00466800(0x95,  &_v52);
				E00414B18( *((intOrPtr*)( *_t1472 + 0x2ec)), _t1472, _v52, _t1864, _t1888);
				_push(E00496090( *_t1472, 0xd) +  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x298)) + 0x28)) +  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x298)) + 0x30)) - 1);
				_t965 = E00496090( *_t1472, 0xc);
				_pop(_t1692);
				E004145FC( *((intOrPtr*)( *_t1472 + 0x2ec)),  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2ec)) + 0x28)) + E0042E8C0(_t965 +  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2e4)) + 0x28)) +  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2e4)) + 0x30)), _t1692) -  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2ec)) + 0x28)));
				E004145FC( *((intOrPtr*)( *_t1472 + 0x210)),  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x210)) + 0x28)) + E0042E8C0(_t965 +  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2e4)) + 0x28)) +  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2e4)) + 0x30)), _t1692) -  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2ec)) + 0x28)) + E00466B38( *((intOrPtr*)( *_t1472 + 0x2ec))));
				_t1698 =  *0x49cca8; // 0x0
				E00414B18( *((intOrPtr*)( *_t1472 + 0x2dc)), _t1472, _t1698, _t1864, E0042E8C0(_t965 +  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2e4)) + 0x28)) +  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2e4)) + 0x30)), _t1692) -  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2ec)) + 0x28)) + E00466B38( *((intOrPtr*)( *_t1472 + 0x2ec))));
				_v64 = 0x16;
				_t987 = E00495D5C( *_t1472, _t1472, 0,  &_v64, _t1864, E0042E8C0(_t965 +  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2e4)) + 0x28)) +  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2e4)) + 0x30)), _t1692) -  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2ec)) + 0x28)) + E00466B38( *((intOrPtr*)( *_t1472 + 0x2ec))), _t1926);
				_t1865 = _t987;
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2dc)))) + 0x4c))( *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2dc)) + 0x30)), _t987);
				E0041461C( *((intOrPtr*)( *_t1472 + 0x210)),  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2dc)) + 0x24)) - E00496080( *_t1472, 0xa) -  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x210)) + 0x24)));
				_t1708 =  *0x49ce18; // 0x0
				E00414B18( *((intOrPtr*)( *_t1472 + 0x214)), _t1472, _t1708, _t987,  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2dc)))));
				_t1010 =  *0x49cfb4; // 0x0
				E00466800(0x98,  &_v52);
				E00468CB0( *_t1472, 9, _t1926, _v52, _t1010,  *((intOrPtr*)( *_t1472 + 0x1f4)));
				E00466800(0x99,  &_v52);
				E00414B18( *((intOrPtr*)( *_t1472 + 0x2a0)), _t1472, _v52, _t987,  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2dc)))));
				E00466B40(E00466B38( *((intOrPtr*)( *_t1472 + 0x2a0))),  *( *_t1472 + 0x2d0));
				E0042BBD0( *( *_t1472 + 0x2d0), 0);
				 *((intOrPtr*)( *( *_t1472 + 0x2d0) + 0x154)) = E00496090( *_t1472, 0x16);
				E0044E8B0( *( *_t1472 + 0x2d0),  *( *_t1472 + 0x2d0) & 0xffffff00 | ( *0x49d31a & 0x00000001) != 0x00000000);
				_t1038 =  *0x49cfa4; // 0x0
				E00466800(0x81,  &_v52);
				E00468CB0( *_t1472, 0xa,  *0x49d31a & 0x00000001, _v52, _t1038,  *((intOrPtr*)( *_t1472 + 0x1f8)));
				_t1047 =  *0x49cfa0; // 0x0
				E00466800(0x7f,  &_v52);
				E00468CB0( *_t1472, 0xb,  *0x49d31a & 0x00000001, _v52, _t1047,  *((intOrPtr*)( *_t1472 + 0x1fc)));
				_t1056 =  *0x49cf94; // 0x0
				E00466800(0x62,  &_v52);
				E00468CB0( *_t1472, 0xc,  *0x49d31a & 0x00000001, _v52, _t1056,  *((intOrPtr*)( *_t1472 + 0x200)));
				_t1065 =  *0x49cf8c; // 0x0
				_t1066 =  *0x49cdc8; // 0x0
				E00468CB0( *_t1472, 0xd,  *0x49d31a & 0x00000001, _t1066, _t1065,  *((intOrPtr*)( *_t1472 + 0x204)));
				_t1727 =  *0x49cdc4; // 0x0
				E00414B18( *((intOrPtr*)( *_t1472 + 0x278)), _t1472, _t1727, _t987, _t1024);
				_t1894 = E00466B38( *((intOrPtr*)( *_t1472 + 0x278)));
				E00466B40(_t1075,  *((intOrPtr*)( *_t1472 + 0x274)));
				E00468CB0( *_t1472, 0xe,  *0x49d31a & 0x00000001, 0, 0, 0);
				_t1512 =  *0x49d354; // 0xc
				_t1731 =  *0x49d32c; // 0x21b9374
				E00495920( *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2c4)) + 0x44)), _t1472, _t1512, _t1731, _t987, _t1075, 0xc, 0);
				_t1732 =  *0x468afc; // 0x1
				E0041A3D0( *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2c4)) + 0x44)), _t1732,  *0x49d31a & 0x00000001);
				E00466800(0x55,  &_v52);
				_push( &_v52);
				_pop(_t1093);
				E0040357C(_t1093, 0x468b18);
				E00414B18( *((intOrPtr*)( *_t1472 + 0x2c4)), _t1472, _v52, _t987, _t1075);
				E00466B38( *((intOrPtr*)( *_t1472 + 0x2c4)));
				E004145FC( *((intOrPtr*)( *_t1472 + 0x258)),  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2c4)) + 0x28)) +  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2c4)) + 0x30)));
				_t1739 =  *0x49cfc0; // 0x0
				E00414B18( *((intOrPtr*)( *_t1472 + 0x25c)), _t1472, _t1739, _t987, _t1075);
				_t1740 =  *0x49ce1c; // 0x0
				E00414B18( *((intOrPtr*)( *_t1472 + 0x260)), _t1472, _t1740, _t987, _t1075);
				 *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x2d4)) + 0x154)) = E00496090( *_t1472, 0x16);
				if( *0x49cc74 == 0) {
					__eflags = 0;
					E00414B18( *((intOrPtr*)( *_t1472 + 0x284)), _t1472, 0, _t1865, _t1894);
				} else {
					E00403494( &_v52, 0x468b34);
					_t1818 =  *0x49cc74; // 0x0
					E0040357C( &_v52, _t1818);
					E0040357C( &_v52, 0x468b34);
					E00414B18( *((intOrPtr*)( *_t1472 + 0x284)), _t1472, _v52, _t1865, _t1894);
				}
				if( *0x49d3ac != 0) {
					E0044FFDC( *((intOrPtr*)( *_t1472 + 0x270)), 1);
					E00450138();
				}
				if( *0x49d3b0 != 0) {
					E0044FFDC( *((intOrPtr*)( *_t1472 + 0x238)), 1);
					E00450138();
				}
				_t1931 =  *0x49d3b4;
				if( *0x49d3b4 != 0) {
					E0044FFDC( *((intOrPtr*)( *_t1472 + 0x274)), 1);
					E00450138();
				}
				_t1895 = GetSystemMenu(E004181E0( *_t1472), 0);
				AppendMenuA(_t1895, 0x800, 0, 0);
				_t1123 =  *0x49cc50; // 0x0
				AppendMenuA(_t1895, 0, 0x270f, E00403738(_t1123));
				E00468DA4( *_t1472, _t1472, _t1512, _t1865, _t1895, _t1931); // executed
				if( *0x49d30c == 2 ||  *0x49d30c == 0 &&  *((intOrPtr*)( *_t1472 + 0x34c)) != 0) {
					_t1128 = 1;
				} else {
					_t1128 = 0;
				}
				 *((char*)( *_t1472 + 0x334)) = _t1128;
				if( *0x49d30d == 2 ||  *0x49d30d == 0 &&  *((intOrPtr*)( *_t1472 + 0x30c)) != 0) {
					_t1129 = 1;
				} else {
					_t1129 = 0;
				}
				 *((char*)( *_t1472 + 0x335)) = _t1129;
				_v28 = 0xffffffff;
				_v29 = 0;
				if(( *0x49d319 & 0x00000010) != 0) {
					if( *((intOrPtr*)( *_t1472 + 0x314)) != 0) {
						E00414B18( *((intOrPtr*)( *_t1472 + 0x2b0)), _t1472,  *((intOrPtr*)( *_t1472 + 0x314)), _t1865, _t1895);
						E00414B18( *((intOrPtr*)( *_t1472 + 0x2b8)), _t1472,  *((intOrPtr*)( *_t1472 + 0x318)), _t1865, _t1895);
						E00414B18( *((intOrPtr*)( *_t1472 + 0x2cc)), _t1472,  *((intOrPtr*)( *_t1472 + 0x31c)), _t1865, _t1895);
					} else {
						_t1340 =  *0x49d224; // 0x21b8d28
						E0047C648(_t1340, _t1512,  &_v52);
						E00414B18( *((intOrPtr*)( *_t1472 + 0x2b0)), _t1472, _v52, _t1865, _t1895);
						_t1345 =  *0x49d228; // 0x21b8d48
						E0047C648(_t1345, _t1512,  &_v52);
						E00414B18( *((intOrPtr*)( *_t1472 + 0x2b8)), _t1472, _v52, _t1865, _t1895);
						_t1350 =  *0x49d22c; // 0x0
						E0047C648(_t1350, _t1512,  &_v52);
						E00414B18( *((intOrPtr*)( *_t1472 + 0x2cc)), _t1472, _v52, _t1865, _t1895);
					}
				}
				if(( *0x49d316 & 0x00000002) == 0) {
					_t1747 =  *0x49d190; // 0x21c0d34
					E00414B18( *((intOrPtr*)( *_t1472 + 0x20c)), _t1472, _t1747, _t1865, _t1895);
				} else {
					_t1307 =  *0x49d208; // 0x21b8cdc
					E0047C648(_t1307, _t1512,  &_v52);
					E00403450( *_t1472 + 0x304, _t1472, _v52, _t1865, _t1895);
					_t1941 =  *0x49d110;
					if( *0x49d110 == 0) {
						E00403494( &_v24,  *((intOrPtr*)( *_t1472 + 0x34c)));
						__eflags = _v24;
						if(_v24 == 0) {
							E00403494( &_v24,  *((intOrPtr*)( *_t1472 + 0x304)));
						}
					} else {
						_t1325 =  *0x49d110; // 0x0
						E0047C81C(_t1325, _t1472, _t1512,  &_v24, _t1865, _t1895);
					}
					E0042C804(_v24,  &_v68);
					E0042CBC0(_v68, _t1512,  &_v52, _t1941);
					E00403494( &_v24, _v52);
					_t1747 = _v24;
					E00414B18( *((intOrPtr*)( *_t1472 + 0x20c)), _t1472, _v24, _t1865, _t1895);
				}
				_t1133 =  *0x49d36c; // 0x0
				if( *((intOrPtr*)(_t1133 + 8)) <= 0) {
					L81:
					E0042B96C( *((intOrPtr*)( *_t1472 + 0x27c)));
					E0044E83C( *((intOrPtr*)( *_t1472 + 0x27c)), _t1747 & 0xffffff00 | ( *0x49d318 & 0x00000020) != 0x00000000);
					_t1140 =  *0x49d370; // 0x0
					_t1142 =  *((intOrPtr*)(_t1140 + 8)) - 1;
					if(_t1142 < 0) {
						L90:
						if(_v29 != 0 ||  *0x49d138 == 0 ||  *0x49d44b == 0) {
							__eflags = _v28 - 0xffffffff;
							if(_v28 == 0xffffffff) {
								_t1143 =  *0x49d36c; // 0x0
								__eflags =  *(_t1143 + 8);
								if( *(_t1143 + 8) > 0) {
									_t1210 =  *0x49d36c; // 0x0
									_v36 = E0040B24C(_t1210, 0);
									_t1512 = 0;
									__eflags = 0;
									E00469A18( *_t1472, 0,  *_v36, _t1900);
								}
							} else {
								_t1215 =  *0x49d36c; // 0x0
								_v36 = E0040B24C(_t1215, _v28);
								_t1217 = _v36;
								__eflags =  *(_t1217 + 0x24) & 0x00000001;
								if(( *(_t1217 + 0x24) & 0x00000001) == 0) {
									_t1512 = 0;
									E00469A18( *_t1472, 0,  *_v36, _t1900);
								} else {
									_t1221 =  *0x49d36c; // 0x0
									E00469A18( *_t1472, 0,  *((intOrPtr*)(E0040B24C(_t1221, 0))), _t1900);
									E00469A18( *_t1472, 1,  *_v36, _t1900);
									_t1512 =  *((intOrPtr*)( *_t1472 + 0x328));
									E004698B8( *_t1472, _t1472,  *((intOrPtr*)( *_t1472 + 0x328)),  *((intOrPtr*)( *_t1472 + 0x324)), _t1865, _t1895);
								}
							}
						} else {
							_t1232 =  *0x49d36c; // 0x0
							_t1234 =  *((intOrPtr*)(_t1232 + 8)) - 1;
							if(_t1234 < 0) {
								L105:
								E00466EE0( *_t1472);
								E00466C5C( *_t1472, _t1472, _t1865, _t1895, _t1969, _t1981);
								if( *0x49d44b == 0) {
									__eflags = 0;
									E00414A44( *((intOrPtr*)( *_t1472 + 0x27c)), _t1512, 0, _t1865);
								} else {
									_t1200 = E0042A040( *((intOrPtr*)( *_t1472 + 0x228)));
									_t1201 =  *0x49d36c; // 0x0
									_v36 = E0040B24C(_t1201, _t1200);
									if(( *(_v36 + 0x24) & 0x00000001) != 0 || ( *0x49d318 & 0x00000010) != 0) {
										E00414A44( *((intOrPtr*)( *_t1472 + 0x27c)), _t1512, 1, _t1865);
									} else {
										E00414A44( *((intOrPtr*)( *_t1472 + 0x27c)), _t1512, 0, _t1865);
									}
								}
								E00414A44( *((intOrPtr*)( *_t1472 + 0x280)), _t1512,  *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x27c)) + 0x37)), _t1865);
								if( *0x49d44b != 0) {
									 *((intOrPtr*)( *_t1472 + 0x33c)) = E0042A040( *((intOrPtr*)( *_t1472 + 0x228)));
									_push(0);
									_t1512 = 0;
									E00469B78( *_t1472, _t1472, 0,  *((intOrPtr*)( *_t1472 + 0x338)), _t1865, _t1895);
								}
								_t1156 =  *0x49d20c; // 0x21b8d00
								E0047C648(_t1156, _t1512,  &_v52);
								E00403450( *_t1472 + 0x308, _t1472, _v52, _t1865, _t1895);
								if( *0x49d114 == 0 ||  *((char*)( *_t1472 + 0x335)) != 0) {
									_t1161 =  *_t1472;
									__eflags =  *(_t1161 + 0x30c);
									if( *(_t1161 + 0x30c) == 0) {
										L118:
										E00403494( &_v24,  *((intOrPtr*)( *_t1472 + 0x308)));
										goto L120;
									}
									E00403684( *((intOrPtr*)( *_t1472 + 0x30c)), "(Default)");
									if(__eflags != 0) {
										E00403494( &_v24,  *((intOrPtr*)( *_t1472 + 0x30c)));
										goto L120;
									}
									goto L118;
								} else {
									_t1190 =  *0x49d114; // 0x0
									E0047C81C(_t1190, _t1472, _t1512,  &_v24, _t1865, _t1895);
									L120:
									E00414B18( *((intOrPtr*)( *_t1472 + 0x210)), _t1472, _v24, _t1865, _t1895);
									if(( *0x49d316 & 0x00000004) == 0) {
										__eflags = 0;
										E00414A44( *((intOrPtr*)( *_t1472 + 0x214)), _t1512, 0, _t1865);
									} else {
										if( *0x49d120 != 0 ||  *((char*)( *_t1472 + 0x320)) != 0) {
											E0042B0E4(1);
										}
										E00414A44( *((intOrPtr*)( *_t1472 + 0x214)), _t1512, 1, _t1865);
									}
									_pop(_t1757);
									 *[fs:eax] = _t1757;
									_push(E00468AE0);
									E00403400( &_v68);
									E00403400( &_v52);
									return E00403400( &_v24);
								}
							}
							_v48 = _t1234 + 1;
							_t1895 = 0;
							while(1) {
								_t1236 =  *0x49d36c; // 0x0
								_v36 = E0040B24C(_t1236, _t1895);
								_t1238 = _v36;
								_t1969 =  *(_t1238 + 0x24) & 0x00000001;
								if(( *(_t1238 + 0x24) & 0x00000001) != 0) {
									break;
								}
								_t1895 =  &(_t1895->i);
								_t510 =  &_v48;
								 *_t510 = _v48 - 1;
								__eflags =  *_t510;
								if( *_t510 != 0) {
									continue;
								}
								goto L105;
							}
							E0042A05C( *((intOrPtr*)( *_t1472 + 0x228)), _t1895);
							E00469A18( *_t1472, 1,  *_v36, _t1900);
							_t1512 = 0;
							_t1780 =  *0x49d130; // 0x0
							E004698B8( *_t1472, _t1472, 0, _t1780, _t1865, _t1895);
						}
						goto L105;
					}
					_v48 = _t1142 + 1;
					_t1896 = 0;
					do {
						_t1248 =  *0x49d370; // 0x0
						_t1865 = E0040B24C(_t1248, _t1896);
						if(( *(_t1865 + 0x35) & 0x00000008) == 0) {
							 *(_t1865 + 0x35) & 0x00000001 =  *(_t1865 + 0x35) & 0x00000010;
							E0047C648( *((intOrPtr*)(_t1865 + 4)), _t1512,  &_v52);
							_t1512 = 0;
							__eflags = 0;
							E0044CB0C( *((intOrPtr*)( *_t1472 + 0x27c)), _v52, _t1865, ( *(_t1865 + 0x20) & 0xffffff00 | 0 != 0x00000000) ^ 0x00000001,  *(_t1865 + 0x20), ( *(_t1865 + 0x1c) & 0xffffff00 | 0 != 0x00000000) ^ 0x00000001, 0,  *(_t1865 + 0x1c));
						} else {
							E0047C648( *((intOrPtr*)(_t1865 + 4)), _t1512,  &_v52);
							_t1512 = 0;
							E0044CBDC(0, _v52, _t1865, ( *(_t1865 + 0x1c) & 0xffffff00 | ( *(_t1865 + 0x35) & 0x00000001) != 0x00000000) ^ 0x00000001, 0,  *(_t1865 + 0x1c));
						}
						if( *((intOrPtr*)(_t1865 + 0x3a)) != 0 ||  *((intOrPtr*)(_t1865 + 0x36)) >= 0x100000) {
							 *((char*)( *_t1472 + 0x340)) = 1;
						}
						_t1896 = _t1896 + 1;
						_t498 =  &_v48;
						 *_t498 = _v48 - 1;
					} while ( *_t498 != 0);
					goto L90;
				} else {
					E00429FD8( *((intOrPtr*)( *_t1472 + 0x228)));
					_t1273 =  *0x49d36c; // 0x0
					_t1275 =  *((intOrPtr*)(_t1273 + 8)) - 1;
					if(_t1275 < 0) {
						L71:
						if(_v28 != 0xffffffff ||  *((intOrPtr*)( *_t1472 + 0x310)) == 0) {
							L78:
							if(_v28 == 0xffffffff) {
								_t1747 = 0;
								__eflags = 0;
								E0042A05C( *((intOrPtr*)( *_t1472 + 0x228)), 0);
							} else {
								_t1747 = _v28;
								E0042A05C( *((intOrPtr*)( *_t1472 + 0x228)), _v28);
							}
							goto L81;
						} else {
							_t1283 =  *0x49d36c; // 0x0
							_t1285 =  *((intOrPtr*)(_t1283 + 8)) - 1;
							if(_t1285 < 0) {
								goto L78;
							}
							_v48 = _t1285 + 1;
							_t1895 = 0;
							while(1) {
								_t1287 =  *0x49d36c; // 0x0
								_v36 = E0040B24C(_t1287, _t1895);
								if(E00406AC4( *_v36,  *((intOrPtr*)( *_t1472 + 0x310))) == 0) {
									break;
								}
								_t1895 =  &(_t1895->i);
								_t452 =  &_v48;
								 *_t452 = _v48 - 1;
								__eflags =  *_t452;
								if( *_t452 != 0) {
									continue;
								}
								goto L78;
							}
							_v28 = _t1895;
							goto L78;
						}
					}
					_v48 = _t1275 + 1;
					_t1897 = 0;
					do {
						_t1294 =  *0x49d36c; // 0x0
						_v36 = E0040B24C(_t1294, _t1897);
						E0047C648( *((intOrPtr*)(_v36 + 4)), _t1512,  &_v52);
						_t1512 = _v36;
						_t1865 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x228)) + 0xfc))));
						 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t1472 + 0x228)) + 0xfc)))) + 0x30))();
						if(_v28 == 0xffffffff &&  *0x49d12c != 0) {
							_t1791 =  *0x49d12c; // 0x0
							if(E00406AC4( *_v36, _t1791) == 0) {
								_v28 = _t1897;
								if(( *(_v36 + 0x24) & 0x00000001) == 0) {
									_v29 = 1;
								}
							}
						}
						_t1897 =  &(_t1897->i);
						_t442 =  &_v48;
						 *_t442 = _v48 - 1;
					} while ( *_t442 != 0);
					goto L71;
				}
			}























































































































































                                                    0x004673a4
                                                    0x004673a4
                                                    0x004673a4
                                                    0x004673a4
                                                    0x004673a5
                                                    0x004673a7
                                                    0x004673aa
                                                    0x004673ab
                                                    0x004673ac
                                                    0x004673af
                                                    0x004673b2
                                                    0x004673b5
                                                    0x004673ba
                                                    0x004673bc
                                                    0x004673bf
                                                    0x004673bf
                                                    0x004673c4
                                                    0x004673c7
                                                    0x004673ca
                                                    0x004673cd
                                                    0x004673db
                                                    0x004673e5
                                                    0x004673f8
                                                    0x0046740c
                                                    0x00467420
                                                    0x00467434
                                                    0x00467448
                                                    0x0046745c
                                                    0x00467462
                                                    0x00467477
                                                    0x0046747b
                                                    0x0046747f
                                                    0x00467492
                                                    0x0046749f
                                                    0x004674a2
                                                    0x004674a4
                                                    0x004674a6
                                                    0x004674a6
                                                    0x004674b3
                                                    0x004674b3
                                                    0x004674b8
                                                    0x004674cd
                                                    0x004674d1
                                                    0x004674de
                                                    0x004674e8
                                                    0x004674f5
                                                    0x004674f8
                                                    0x004674fa
                                                    0x004674fc
                                                    0x004674fc
                                                    0x004674ff
                                                    0x00467509
                                                    0x00467509
                                                    0x00467510
                                                    0x00467515
                                                    0x0046751c
                                                    0x00467531
                                                    0x0046751e
                                                    0x00467520
                                                    0x00467528
                                                    0x00467528
                                                    0x00467545
                                                    0x0046754b
                                                    0x00467551
                                                    0x00467561
                                                    0x00467567
                                                    0x00467577
                                                    0x0046757d
                                                    0x00467589
                                                    0x0046759a
                                                    0x0046759d
                                                    0x004675a5
                                                    0x004675af
                                                    0x0046758b
                                                    0x0046758b
                                                    0x00467593
                                                    0x00467593
                                                    0x004675bb
                                                    0x004675c4
                                                    0x004675ce
                                                    0x004675d9
                                                    0x004675e1
                                                    0x004675ea
                                                    0x004675f4
                                                    0x004675fe
                                                    0x004675fe
                                                    0x00467603
                                                    0x00467607
                                                    0x0046760b
                                                    0x0046760f
                                                    0x00467613
                                                    0x00467626
                                                    0x00467634
                                                    0x00467641
                                                    0x00467650
                                                    0x0046765f
                                                    0x00467666
                                                    0x0046767c
                                                    0x00467690
                                                    0x00467695
                                                    0x004676a1
                                                    0x004676ae
                                                    0x004676b4
                                                    0x004676c7
                                                    0x004676d6
                                                    0x004676ed
                                                    0x004676fa
                                                    0x00467700
                                                    0x00467713
                                                    0x00467722
                                                    0x00467739
                                                    0x00467746
                                                    0x0046774c
                                                    0x00467763
                                                    0x0046776d
                                                    0x00467788
                                                    0x0046779a
                                                    0x004677ac
                                                    0x004677b2
                                                    0x004677cd
                                                    0x004677d7
                                                    0x004677e4
                                                    0x004677f4
                                                    0x00467803
                                                    0x00467823
                                                    0x0046782d
                                                    0x0046783a
                                                    0x00467842
                                                    0x00467848
                                                    0x00467858
                                                    0x00467866
                                                    0x0046786c
                                                    0x00467881
                                                    0x0046788b
                                                    0x0046789b
                                                    0x004678bd
                                                    0x004678ca
                                                    0x004678d0
                                                    0x004678dd
                                                    0x004678e3
                                                    0x004678f1
                                                    0x004678f7
                                                    0x0046790c
                                                    0x00467919
                                                    0x0046791f
                                                    0x0046792c
                                                    0x00467932
                                                    0x00467955
                                                    0x00467978
                                                    0x00467986
                                                    0x0046798c
                                                    0x004679a1
                                                    0x004679ae
                                                    0x004679b4
                                                    0x004679d6
                                                    0x004679e4
                                                    0x004679ea
                                                    0x004679f2
                                                    0x004679ff
                                                    0x00467a0c
                                                    0x00467a12
                                                    0x00467a26
                                                    0x00467a35
                                                    0x00467a47
                                                    0x00467a54
                                                    0x00467a5a
                                                    0x00467a6e
                                                    0x00467a7d
                                                    0x00467a82
                                                    0x00467a89
                                                    0x00467aef
                                                    0x00467afc
                                                    0x00467afe
                                                    0x00467a8b
                                                    0x00467aa0
                                                    0x00467aad
                                                    0x00467ab3
                                                    0x00467ade
                                                    0x00467ade
                                                    0x00467b0c
                                                    0x00467b17
                                                    0x00467b2f
                                                    0x00467b39
                                                    0x00467b49
                                                    0x00467b55
                                                    0x00467b5e
                                                    0x00467b6a
                                                    0x00467b6e
                                                    0x00467b83
                                                    0x00467b8a
                                                    0x00467b8c
                                                    0x00467b99
                                                    0x00467bb4
                                                    0x00467bcd
                                                    0x00467bcf
                                                    0x00467bd1
                                                    0x00467bd3
                                                    0x00467bd3
                                                    0x00467bde
                                                    0x00467be9
                                                    0x00467be9
                                                    0x00467bf3
                                                    0x00467c03
                                                    0x00467c25
                                                    0x00467c2d
                                                    0x00467c42
                                                    0x00467c6a
                                                    0x00467c95
                                                    0x00467ca2
                                                    0x00467ca7
                                                    0x00467cb4
                                                    0x00467cba
                                                    0x00467cbf
                                                    0x00467cca
                                                    0x00467ccf
                                                    0x00467d02
                                                    0x00467d31
                                                    0x00467d3b
                                                    0x00467d4b
                                                    0x00467d68
                                                    0x00467d76
                                                    0x00467d81
                                                    0x00467d99
                                                    0x00467da3
                                                    0x00467db3
                                                    0x00467dc7
                                                    0x00467dde
                                                    0x00467deb
                                                    0x00467def
                                                    0x00467df9
                                                    0x00467e09
                                                    0x00467e18
                                                    0x00467e24
                                                    0x00467e26
                                                    0x00467e2f
                                                    0x00467e3b
                                                    0x00467e53
                                                    0x00467e60
                                                    0x00467e60
                                                    0x00467e2f
                                                    0x00467e6e
                                                    0x00467e79
                                                    0x00467e91
                                                    0x00467e9b
                                                    0x00467eab
                                                    0x00467eb7
                                                    0x00467ed4
                                                    0x00467ed8
                                                    0x00467ef4
                                                    0x00467ef6
                                                    0x00467f03
                                                    0x00467f1e
                                                    0x00467f37
                                                    0x00467f39
                                                    0x00467f3b
                                                    0x00467f3d
                                                    0x00467f3d
                                                    0x00467f48
                                                    0x00467f53
                                                    0x00467f53
                                                    0x00467f5d
                                                    0x00467f6d
                                                    0x00467f97
                                                    0x00467f9f
                                                    0x00467fbc
                                                    0x00467fe4
                                                    0x0046800f
                                                    0x0046801c
                                                    0x00468022
                                                    0x00468027
                                                    0x00468032
                                                    0x00468037
                                                    0x0046806a
                                                    0x00468099
                                                    0x004680a6
                                                    0x004680ac
                                                    0x004680ba
                                                    0x004680c5
                                                    0x004680dd
                                                    0x004680e7
                                                    0x004680f7
                                                    0x00468119
                                                    0x00468128
                                                    0x00468141
                                                    0x00468159
                                                    0x00468167
                                                    0x00468172
                                                    0x0046818a
                                                    0x00468198
                                                    0x004681a3
                                                    0x004681bb
                                                    0x004681c9
                                                    0x004681d4
                                                    0x004681ec
                                                    0x004681fa
                                                    0x00468200
                                                    0x00468215
                                                    0x00468222
                                                    0x00468228
                                                    0x0046823c
                                                    0x0046824a
                                                    0x00468264
                                                    0x00468278
                                                    0x0046827e
                                                    0x00468284
                                                    0x00468294
                                                    0x0046829a
                                                    0x004682a4
                                                    0x004682ac
                                                    0x004682b2
                                                    0x004682b3
                                                    0x004682c3
                                                    0x004682d2
                                                    0x004682f5
                                                    0x00468302
                                                    0x00468308
                                                    0x00468315
                                                    0x0046831b
                                                    0x00468334
                                                    0x00468341
                                                    0x00468385
                                                    0x00468387
                                                    0x00468343
                                                    0x0046834b
                                                    0x00468353
                                                    0x00468359
                                                    0x00468366
                                                    0x00468376
                                                    0x00468376
                                                    0x00468393
                                                    0x0046839f
                                                    0x004683b2
                                                    0x004683b2
                                                    0x004683be
                                                    0x004683ca
                                                    0x004683dd
                                                    0x004683dd
                                                    0x004683e2
                                                    0x004683e9
                                                    0x004683f5
                                                    0x00468408
                                                    0x00468408
                                                    0x0046841c
                                                    0x00468428
                                                    0x0046842d
                                                    0x00468440
                                                    0x00468447
                                                    0x00468453
                                                    0x0046846d
                                                    0x00468469
                                                    0x00468469
                                                    0x00468469
                                                    0x00468471
                                                    0x0046847e
                                                    0x00468498
                                                    0x00468494
                                                    0x00468494
                                                    0x00468494
                                                    0x0046849c
                                                    0x004684a2
                                                    0x004684a9
                                                    0x004684b4
                                                    0x004684c3
                                                    0x0046852e
                                                    0x00468543
                                                    0x00468558
                                                    0x004684c5
                                                    0x004684c8
                                                    0x004684cd
                                                    0x004684dd
                                                    0x004684e5
                                                    0x004684ea
                                                    0x004684fa
                                                    0x00468502
                                                    0x00468507
                                                    0x00468517
                                                    0x00468517
                                                    0x004684c3
                                                    0x00468564
                                                    0x004685ff
                                                    0x00468605
                                                    0x0046856a
                                                    0x0046856d
                                                    0x00468572
                                                    0x00468581
                                                    0x00468586
                                                    0x0046858d
                                                    0x004685a9
                                                    0x004685ae
                                                    0x004685b2
                                                    0x004685bf
                                                    0x004685bf
                                                    0x0046858f
                                                    0x00468592
                                                    0x00468597
                                                    0x00468597
                                                    0x004685ca
                                                    0x004685d5
                                                    0x004685e0
                                                    0x004685ed
                                                    0x004685f0
                                                    0x004685f0
                                                    0x0046860a
                                                    0x00468613
                                                    0x00468723
                                                    0x0046872b
                                                    0x00468742
                                                    0x00468747
                                                    0x0046874f
                                                    0x00468752
                                                    0x00468800
                                                    0x00468804
                                                    0x00468883
                                                    0x00468887
                                                    0x004688f0
                                                    0x004688f5
                                                    0x004688f9
                                                    0x004688fd
                                                    0x00468907
                                                    0x0046890f
                                                    0x0046890f
                                                    0x00468913
                                                    0x00468913
                                                    0x00468889
                                                    0x0046888c
                                                    0x00468896
                                                    0x00468899
                                                    0x0046889c
                                                    0x004688a0
                                                    0x004688e5
                                                    0x004688e9
                                                    0x004688a2
                                                    0x004688a4
                                                    0x004688b4
                                                    0x004688c2
                                                    0x004688c9
                                                    0x004688d9
                                                    0x004688d9
                                                    0x004688a0
                                                    0x00468818
                                                    0x00468818
                                                    0x00468820
                                                    0x00468823
                                                    0x00468918
                                                    0x0046891a
                                                    0x00468921
                                                    0x0046892d
                                                    0x00468987
                                                    0x00468989
                                                    0x0046892f
                                                    0x00468937
                                                    0x0046893e
                                                    0x00468948
                                                    0x00468952
                                                    0x00468967
                                                    0x0046896e
                                                    0x00468978
                                                    0x00468978
                                                    0x00468952
                                                    0x004689a1
                                                    0x004689ad
                                                    0x004689be
                                                    0x004689c4
                                                    0x004689ce
                                                    0x004689d2
                                                    0x004689d2
                                                    0x004689da
                                                    0x004689df
                                                    0x004689ee
                                                    0x004689fa
                                                    0x00468a16
                                                    0x00468a18
                                                    0x00468a1f
                                                    0x00468a35
                                                    0x00468a40
                                                    0x00000000
                                                    0x00468a40
                                                    0x00468a2e
                                                    0x00468a33
                                                    0x00468a52
                                                    0x00000000
                                                    0x00468a52
                                                    0x00000000
                                                    0x00468a07
                                                    0x00468a0a
                                                    0x00468a0f
                                                    0x00468a57
                                                    0x00468a62
                                                    0x00468a6e
                                                    0x00468aac
                                                    0x00468aae
                                                    0x00468a70
                                                    0x00468a77
                                                    0x00468a8e
                                                    0x00468a8e
                                                    0x00468a9d
                                                    0x00468a9d
                                                    0x00468ab5
                                                    0x00468ab8
                                                    0x00468abb
                                                    0x00468ac3
                                                    0x00468acb
                                                    0x00468ad8
                                                    0x00468ad8
                                                    0x004689fa
                                                    0x0046882a
                                                    0x0046882d
                                                    0x0046882f
                                                    0x00468831
                                                    0x0046883b
                                                    0x0046883e
                                                    0x00468841
                                                    0x00468845
                                                    0x00000000
                                                    0x00000000
                                                    0x00468878
                                                    0x00468879
                                                    0x00468879
                                                    0x00468879
                                                    0x0046887c
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x0046887e
                                                    0x00468851
                                                    0x0046885f
                                                    0x00468864
                                                    0x00468866
                                                    0x0046886e
                                                    0x0046886e
                                                    0x00000000
                                                    0x00468804
                                                    0x00468759
                                                    0x0046875c
                                                    0x0046875e
                                                    0x00468760
                                                    0x0046876a
                                                    0x00468770
                                                    0x004687b6
                                                    0x004687c7
                                                    0x004687d7
                                                    0x004687d7
                                                    0x004687d9
                                                    0x00468772
                                                    0x00468789
                                                    0x00468799
                                                    0x0046879b
                                                    0x0046879b
                                                    0x004687e2
                                                    0x004687ef
                                                    0x004687ef
                                                    0x004687f6
                                                    0x004687f7
                                                    0x004687f7
                                                    0x004687f7
                                                    0x00000000
                                                    0x00468619
                                                    0x00468621
                                                    0x00468626
                                                    0x0046862e
                                                    0x00468631
                                                    0x004686a8
                                                    0x004686ac
                                                    0x004686fc
                                                    0x00468700
                                                    0x0046871c
                                                    0x0046871c
                                                    0x0046871e
                                                    0x00468702
                                                    0x0046870a
                                                    0x0046870d
                                                    0x0046870d
                                                    0x00000000
                                                    0x004686b9
                                                    0x004686b9
                                                    0x004686c1
                                                    0x004686c4
                                                    0x00000000
                                                    0x00000000
                                                    0x004686c7
                                                    0x004686ca
                                                    0x004686cc
                                                    0x004686ce
                                                    0x004686d8
                                                    0x004686ef
                                                    0x00000000
                                                    0x00000000
                                                    0x004686f6
                                                    0x004686f7
                                                    0x004686f7
                                                    0x004686f7
                                                    0x004686fa
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x004686fa
                                                    0x004686f1
                                                    0x00000000
                                                    0x004686f1
                                                    0x004686ac
                                                    0x00468634
                                                    0x00468637
                                                    0x00468639
                                                    0x0046863b
                                                    0x00468645
                                                    0x00468651
                                                    0x00468667
                                                    0x0046866a
                                                    0x0046866c
                                                    0x00468673
                                                    0x00468683
                                                    0x00468690
                                                    0x00468692
                                                    0x0046869c
                                                    0x0046869e
                                                    0x0046869e
                                                    0x0046869c
                                                    0x00468690
                                                    0x004686a2
                                                    0x004686a3
                                                    0x004686a3
                                                    0x004686a3
                                                    0x00000000
                                                    0x00468639

                                                    APIs
                                                      • Part of subcall function 00495E0C: GetWindowRect.USER32 ref: 00495E22
                                                    • LoadBitmapA.USER32 ref: 00467773
                                                      • Part of subcall function 0041D6B0: GetObjectA.GDI32(?,00000018,?), ref: 0041D6DB
                                                      • Part of subcall function 00467180: SHGetFileInfo.SHELL32(c:\directory,00000010,?,00000160,00001010), ref: 00467223
                                                      • Part of subcall function 00467180: ExtractIconA.SHELL32(00400000,00000000,?), ref: 00467249
                                                      • Part of subcall function 00467180: ExtractIconA.SHELL32(00400000,00000000,00000027), ref: 004672A0
                                                      • Part of subcall function 00466B40: KiUserCallbackDispatcher.NTDLL(?,?,00000000,?,00467828,00000000,00000000,00000000,00400000,STOPIMAGE,0000000C,00000000), ref: 00466B58
                                                      • Part of subcall function 00496090: MulDiv.KERNEL32(0000000D,?,0000000D), ref: 0049609A
                                                      • Part of subcall function 0042ED38: GetProcAddress.KERNEL32(00000000,SHAutoComplete), ref: 0042EDA8
                                                      • Part of subcall function 0042ED38: SHAutoComplete.SHLWAPI(00000000,00000001), ref: 0042EDC5
                                                      • Part of subcall function 00495D5C: GetDC.USER32(00000000), ref: 00495D7E
                                                      • Part of subcall function 00495D5C: SelectObject.GDI32(?,00000000), ref: 00495DA4
                                                      • Part of subcall function 00495D5C: ReleaseDC.USER32 ref: 00495DF5
                                                      • Part of subcall function 00496080: MulDiv.KERNEL32(0000004B,?,00000006), ref: 0049608A
                                                    • GetSystemMenu.USER32(00000000,00000000,0000000C,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,?,?,00000000,?), ref: 00468417
                                                    • AppendMenuA.USER32 ref: 00468428
                                                    • AppendMenuA.USER32 ref: 00468440
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Menu$AppendExtractIconObject$AddressAutoBitmapCallbackCompleteDispatcherFileInfoLoadProcRectReleaseSelectSystemUserWindow
                                                    • String ID: $(Default)$STOPIMAGE
                                                    • API String ID: 616467991-770201673
                                                    • Opcode ID: f14e2e2c7945022918075100a6ddf4db8b185c533a82ffdc0eff1f0eaf0d8951
                                                    • Instruction ID: 0896d781d397a42322064d808f6403a8e3e28a51b2584ebc4fd31ed1a85b02c0
                                                    • Opcode Fuzzy Hash: f14e2e2c7945022918075100a6ddf4db8b185c533a82ffdc0eff1f0eaf0d8951
                                                    • Instruction Fuzzy Hash: 17F2C6386015208FCB00EB69D9D9F9973F1BF49304F1542BAE5049B36ADB74EC46CB9A
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00455E0C, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 112libraryloaderCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 63%
                                                    			E00455E0C(char __eax, void* __ebx, union _ULARGE_INTEGER* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags, union _ULARGE_INTEGER* _a4) {
				char _v5;
				char _v6;
				char _v16;
				long _v20;
				long _v24;
				long _v28;
				long _v32;
				char _v36;
				char _v40;
				signed int _t63;
				signed int _t82;
				_Unknown_base(*)()* _t90;
				intOrPtr _t103;
				intOrPtr _t110;
				union _ULARGE_INTEGER* _t113;
				void* _t115;
				void* _t117;
				void* _t118;
				intOrPtr _t119;

				_t117 = _t118;
				_t119 = _t118 + 0xffffffdc;
				_v36 = 0;
				_v40 = 0;
				_t113 = __ecx;
				_t115 = __edx;
				_v5 = __eax;
				_push(_t117);
				_push(0x455f4b);
				_push( *[fs:eax]);
				 *[fs:eax] = _t119;
				_t90 = GetProcAddress(GetModuleHandleA("kernel32.dll"), "GetDiskFreeSpaceExA");
				if(E00452724(_v5,  &_v16) != 0) {
					_push(_t117);
					_push(0x455f29);
					_push( *[fs:eax]);
					 *[fs:eax] = _t119;
					if(_t90 == 0) {
						E0042C804(_t115,  &_v36);
						E0042C8CC(_v36,  &_v40);
						E0042C3FC(_v40,  &_v36);
						_t63 = GetDiskFreeSpaceA(E00403738(_v36),  &_v20,  &_v24,  &_v28,  &_v32);
						asm("sbb eax, eax");
						_v6 =  ~( ~_t63);
						if(_v6 != 0) {
							E00430BDC(_v24 * _v20, _t113, _v28);
							E00430BDC(_v24 * _v20, _a4, _v32);
						}
					} else {
						E0042C804(_t115,  &_v40);
						E0042C3FC(_v40,  &_v36);
						_t82 = GetDiskFreeSpaceExA(E00403738(_v36), _t113, _a4, 0); // executed
						asm("sbb eax, eax");
						_v6 =  ~( ~_t82);
					}
					_pop(_t103);
					 *[fs:eax] = _t103;
					_push(0x455f30);
					return E00452760( &_v16);
				} else {
					_v6 = 0;
					_pop(_t110);
					 *[fs:eax] = _t110;
					_push(0x455f52);
					return E00403420( &_v40, 2);
				}
			}






















                                                    0x00455e0d
                                                    0x00455e0f
                                                    0x00455e17
                                                    0x00455e1a
                                                    0x00455e1d
                                                    0x00455e1f
                                                    0x00455e21
                                                    0x00455e26
                                                    0x00455e27
                                                    0x00455e2c
                                                    0x00455e2f
                                                    0x00455e47
                                                    0x00455e56
                                                    0x00455e63
                                                    0x00455e64
                                                    0x00455e69
                                                    0x00455e6c
                                                    0x00455e71
                                                    0x00455eba
                                                    0x00455ec5
                                                    0x00455ed0
                                                    0x00455ede
                                                    0x00455ee5
                                                    0x00455ee9
                                                    0x00455ef0
                                                    0x00455efd
                                                    0x00455f0e
                                                    0x00455f0e
                                                    0x00455e73
                                                    0x00455e7f
                                                    0x00455e8a
                                                    0x00455e98
                                                    0x00455e9c
                                                    0x00455ea0
                                                    0x00455ea0
                                                    0x00455f15
                                                    0x00455f18
                                                    0x00455f1b
                                                    0x00455f28
                                                    0x00455e58
                                                    0x00455e58
                                                    0x00455f32
                                                    0x00455f35
                                                    0x00455f38
                                                    0x00455f4a
                                                    0x00455f4a

                                                    APIs
                                                    • GetModuleHandleA.KERNEL32(kernel32.dll,GetDiskFreeSpaceExA,00000000,00455F4B), ref: 00455E3C
                                                    • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00455E42
                                                    • GetDiskFreeSpaceExA.KERNELBASE(00000000,?,?,00000000,00000000,00455F29,?,00000000,kernel32.dll,GetDiskFreeSpaceExA,00000000,00455F4B), ref: 00455E98
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: AddressDiskFreeHandleModuleProcSpace
                                                    • String ID: GetDiskFreeSpaceExA$kernel32.dll
                                                    • API String ID: 1197914913-3712701948
                                                    • Opcode ID: 34167ab01d1d0053c586b0ed06703d536e73082a4945a6618724962be388ba05
                                                    • Instruction ID: d81c9a8c7c52065d28d66f53e81ce4f313aa74f068c2efe820cb9bfc493487ae
                                                    • Opcode Fuzzy Hash: 34167ab01d1d0053c586b0ed06703d536e73082a4945a6618724962be388ba05
                                                    • Instruction Fuzzy Hash: B0418671A04649AFCF01EFA5C8929EEB7B8EF48305F504567F804F7292D67C5E098B68
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0047531C, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 99fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • FindFirstFileA.KERNEL32(00000000,?,00000000,00475486,?,?,0049D1E0,00000000), ref: 00475375
                                                    • FindNextFileA.KERNEL32(00000000,?,00000000,?,00000000,00475486,?,?,0049D1E0,00000000), ref: 00475452
                                                    • FindClose.KERNEL32(00000000,00000000,?,00000000,?,00000000,00475486,?,?,0049D1E0,00000000), ref: 00475460
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Find$File$CloseFirstNext
                                                    • String ID: unins$unins???.*
                                                    • API String ID: 3541575487-1009660736
                                                    • Opcode ID: 659893af31979b1e88e643cf90b8411dfede087ca667a6dffa527ec38fb9a22b
                                                    • Instruction ID: 84bc6d84bd649c21d9f9d36311f1897ceca6327dae076c0eb32c0c1eca708dd7
                                                    • Opcode Fuzzy Hash: 659893af31979b1e88e643cf90b8411dfede087ca667a6dffa527ec38fb9a22b
                                                    • Instruction Fuzzy Hash: CE313271600548AFDB10EB65C891BDE77A9DF45309F51C0B6A80CAB3A2DB789F818F58
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00452A60, Relevance: 3.0, APIs: 2, Instructions: 45fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • FindFirstFileA.KERNEL32(00000000,?,00000000,00452AC3,?,?,-00000001,00000000), ref: 00452A9D
                                                    • GetLastError.KERNEL32(00000000,?,00000000,00452AC3,?,?,-00000001,00000000), ref: 00452AA5
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: ErrorFileFindFirstLast
                                                    • String ID:
                                                    • API String ID: 873889042-0
                                                    • Opcode ID: 77a4f9a42a9b182eca9a30cb1eee9c943385d3d0e7805387745d9337962f8593
                                                    • Instruction ID: 3e58272229af866f17ac5928e9872a720c3be2d4903e778e839a846eb7d55d53
                                                    • Opcode Fuzzy Hash: 77a4f9a42a9b182eca9a30cb1eee9c943385d3d0e7805387745d9337962f8593
                                                    • Instruction Fuzzy Hash: 94F0F971A04604AB8B10EF669D4149EF7ACEB8672571046BBFC14E3282DAB84E0485A8
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00408568, Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0049C4C0,00000001,?,00408633,?,00000000,00408712), ref: 00408586
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: InfoLocale
                                                    • String ID:
                                                    • API String ID: 2299586839-0
                                                    • Opcode ID: 64da881718ef9bfb5c3691e8182369eeaf442f2681d4624e7b5adc518b999176
                                                    • Instruction ID: 8daab3ef8e56b0da8b8c23f45c5b5388ad46b50bd825570c2d348c61856efc62
                                                    • Opcode Fuzzy Hash: 64da881718ef9bfb5c3691e8182369eeaf442f2681d4624e7b5adc518b999176
                                                    • Instruction Fuzzy Hash: BFE0223170021466C311AA2A9C86AEAB34C9758310F00427FB904E73C2EDB89E4042A8
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00423B84, Relevance: 1.5, APIs: 1, Instructions: 24nativeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • NtdllDefWindowProc_A.USER32(?,?,?,?,?,00424151,?,00000000,0042415C), ref: 00423BAE
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: NtdllProc_Window
                                                    • String ID:
                                                    • API String ID: 4255912815-0
                                                    • Opcode ID: 03c86555d74cd6010afd77b9e61a524e96c156e733cd5bd8e2feacc4387cef90
                                                    • Instruction ID: a748582893d7571d6ac8bdbe819d0a8fbf5f36db2d3505b6f19a51c7a0bbae16
                                                    • Opcode Fuzzy Hash: 03c86555d74cd6010afd77b9e61a524e96c156e733cd5bd8e2feacc4387cef90
                                                    • Instruction Fuzzy Hash: 47F0B979205608AF8B40DF99C588D4ABBE8AB4C260B058195B988CB321C234ED808F90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0045559C, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: NameUser
                                                    • String ID:
                                                    • API String ID: 2645101109-0
                                                    • Opcode ID: 969018677e36c7ee3cac7a31a88a81c68082f6a067fe28717e4d5eb0c099a74a
                                                    • Instruction ID: 9f318ec9847dd9a6abcb639c8bc611599857aea0b867fcad4bfaeec6bdb042bf
                                                    • Opcode Fuzzy Hash: 969018677e36c7ee3cac7a31a88a81c68082f6a067fe28717e4d5eb0c099a74a
                                                    • Instruction Fuzzy Hash: 8FD0C27230470473CB00AA689C825AA35CD8B84305F00483E3CC5DA2C3FABDDA485756
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0042F520, Relevance: 1.5, APIs: 1, Instructions: 17nativeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • NtdllDefWindowProc_A.USER32(?,?,?,?), ref: 0042F53C
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: NtdllProc_Window
                                                    • String ID:
                                                    • API String ID: 4255912815-0
                                                    • Opcode ID: 9e43cbcd657a147b44e82c26281af1c584f356d37a2e763e4ec43db1fd6d4cd6
                                                    • Instruction ID: 7ca9c19e24a5def9c493c34941f9da96f9ca037215ec7a65a90973bf7a04e639
                                                    • Opcode Fuzzy Hash: 9e43cbcd657a147b44e82c26281af1c584f356d37a2e763e4ec43db1fd6d4cd6
                                                    • Instruction Fuzzy Hash: FCD09E7120011D7B9B00DE99E840D6B33AD9B88710B909925F945D7642D634ED9197A5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0046F1A8, Relevance: 72.2, APIs: 1, Strings: 40, Instructions: 500registryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 1755 46f1a8-46f1da 1756 46f1f7 1755->1756 1757 46f1dc-46f1e3 1755->1757 1760 46f1fe-46f236 call 403634 call 403738 call 42dec0 1756->1760 1758 46f1e5-46f1ec 1757->1758 1759 46f1ee-46f1f5 1757->1759 1758->1756 1758->1759 1759->1760 1767 46f251-46f27a call 403738 call 42dde4 1760->1767 1768 46f238-46f24c call 403738 call 42dec0 1760->1768 1776 46f27c-46f285 call 46ee78 1767->1776 1777 46f28a-46f2b3 call 46ef94 1767->1777 1768->1767 1776->1777 1781 46f2c5-46f2c8 call 403400 1777->1781 1782 46f2b5-46f2c3 call 403494 1777->1782 1785 46f2cd-46f318 call 46ef94 call 42c3fc call 46efdc call 46ef94 1781->1785 1782->1785 1795 46f32e-46f34f call 45559c call 46ef94 1785->1795 1796 46f31a-46f32d call 46f004 1785->1796 1803 46f3a5-46f3ac 1795->1803 1804 46f351-46f3a4 call 46ef94 call 431404 call 46ef94 call 431404 call 46ef94 1795->1804 1796->1795 1806 46f3ae-46f3e6 call 431404 call 46ef94 call 431404 call 46ef94 1803->1806 1807 46f3ec-46f3f3 1803->1807 1804->1803 1838 46f3eb 1806->1838 1810 46f434-46f459 call 40b24c call 46ef94 1807->1810 1811 46f3f5-46f433 call 46ef94 * 3 1807->1811 1829 46f45b-46f466 call 47c648 1810->1829 1830 46f468-46f471 call 403494 1810->1830 1811->1810 1840 46f476-46f481 call 479198 1829->1840 1830->1840 1838->1807 1845 46f483-46f488 1840->1845 1846 46f48a 1840->1846 1847 46f48f-46f659 call 403778 call 46ef94 call 47c648 call 46efdc call 403494 call 40357c * 2 call 46ef94 call 403494 call 40357c * 2 call 46ef94 call 47c648 call 46efdc call 47c648 call 46efdc call 47c648 call 46efdc call 47c648 call 46efdc call 47c648 call 46efdc call 47c648 call 46efdc call 47c648 call 46efdc call 47c648 call 46efdc call 47c648 call 46efdc call 47c648 1845->1847 1846->1847 1910 46f66f-46f67d call 46f004 1847->1910 1911 46f65b-46f66d call 46ef94 1847->1911 1915 46f682 1910->1915 1916 46f683-46f6cc call 46f004 call 46f038 call 46ef94 call 47c648 call 46f09c 1911->1916 1915->1916 1927 46f6f2-46f6ff 1916->1927 1928 46f6ce-46f6f1 call 46f004 * 2 1916->1928 1930 46f705-46f70c 1927->1930 1931 46f7ce-46f7d5 1927->1931 1928->1927 1933 46f70e-46f715 1930->1933 1934 46f779-46f788 1930->1934 1935 46f7d7-46f80d call 49522c 1931->1935 1936 46f82f-46f845 RegCloseKey 1931->1936 1933->1934 1939 46f717-46f73b call 430bcc 1933->1939 1938 46f78b-46f798 1934->1938 1935->1936 1943 46f7af-46f7c8 call 430c08 call 46f004 1938->1943 1944 46f79a-46f7a7 1938->1944 1939->1938 1950 46f73d-46f73e 1939->1950 1953 46f7cd 1943->1953 1944->1943 1946 46f7a9-46f7ad 1944->1946 1946->1931 1946->1943 1952 46f740-46f766 call 40b24c call 4799f4 1950->1952 1958 46f773-46f775 1952->1958 1959 46f768-46f76e call 430bcc 1952->1959 1953->1931 1958->1952 1961 46f777 1958->1961 1959->1958 1961->1938
                                                    C-Code - Quality: 74%
                                                    			E0046F1A8(void* __eax, void* __ebx, intOrPtr* __edx, void* __edi, void* __esi, void* __fp0) {
				intOrPtr _v8;
				char _v12;
				void* _v16;
				char _v20;
				char _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				void* _t157;
				intOrPtr _t158;
				void* _t162;
				intOrPtr _t163;
				void* _t164;
				intOrPtr _t182;
				unsigned int _t265;
				intOrPtr _t272;
				unsigned short _t277;
				unsigned int _t283;
				intOrPtr _t289;
				intOrPtr _t290;
				intOrPtr _t293;
				void* _t294;
				intOrPtr _t311;
				intOrPtr _t315;
				intOrPtr* _t319;
				intOrPtr _t322;
				intOrPtr _t326;
				void* _t337;
				intOrPtr _t338;
				intOrPtr* _t342;
				intOrPtr _t352;
				void* _t357;
				void* _t360;
				void* _t366;
				void* _t368;
				void* _t370;
				void* _t372;
				void* _t374;
				void* _t376;
				void* _t378;
				void* _t380;
				void* _t382;
				void* _t384;
				void* _t390;
				intOrPtr _t406;
				intOrPtr _t408;
				intOrPtr _t410;
				intOrPtr _t436;
				intOrPtr _t438;
				intOrPtr _t445;
				intOrPtr _t449;
				intOrPtr _t476;
				intOrPtr _t478;
				intOrPtr _t502;
				intOrPtr* _t506;
				void* _t508;
				void* _t509;
				void* _t511;
				void* _t512;
				void* _t513;
				void* _t515;
				void* _t516;
				intOrPtr _t517;
				void* _t544;

				_t544 = __fp0;
				_t515 = _t516;
				_t517 = _t516 + 0xffffffd0;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v40 = 0;
				_v12 = 0;
				_v20 = 0;
				_t506 = __edx;
				_t511 = __eax;
				_push(_t515);
				_push(0x46f898);
				_push( *[fs:eax]);
				 *[fs:eax] = _t517;
				if( *0x49d440 == 0 ||  *0x0049D306 == 3 &&  *0x49d43d != 0) {
					_v8 = 0x80000001;
				} else {
					_v8 = 0x80000002;
				}
				_push("Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\");
				_push(_t511);
				_push("_is1");
				E00403634();
				_t157 = E00403738(_v12);
				_t158 =  *0x49ac7c; // 0x2, executed
				E0042DEC0(_t158, 0x49d1e0, _t157, 0x80000001, _t506, _t511); // executed
				if( *0x49d440 != 0) {
					_t337 = E00403738(_v12);
					_t338 =  *0x49ac7c; // 0x2, executed
					E0042DEC0(_t338, 0x49d1e0, _t337, 0x80000002, _t506, _t511); // executed
				}
				_t162 = E00403738(_v12);
				_t163 =  *0x49ac7c; // 0x2, executed
				_t164 = E0042DDE4(_t163, _t162, _v8, 0,  &_v16, 0, 2, 0, 0, 0); // executed
				_t522 = _t164;
				if(_t164 != 0) {
					E0046EE78(1, 0x49d1e0, _v12, _v8, _t506, _t511, _t522, _t164);
				}
				_push(_t515);
				_push(0x46f846);
				_push( *[fs:eax]);
				 *[fs:eax] = _t517;
				E0046EF94(_v16, "5.5.5 (a)", "Inno Setup: Setup Version", _t515); // executed
				if(( *0x0049D316 & 0x00000002) == 0) {
					E00403400( &_v20);
				} else {
					_t502 =  *0x49d3c4; // 0x21f6aac
					E00403494( &_v20, _t502);
				}
				E0046EF94(_v16, _v20, "Inno Setup: App Path", _t515); // executed
				E0042C3FC(_v20,  &_v40);
				E0046EFDC(_v16, _v40, "InstallLocation", _t515); // executed
				_t352 =  *0x49d3c8; // 0x21f6cb4
				E0046EF94(_v16, _t352, "Inno Setup: Icon Group", _t515); // executed
				if( *0x49d3cc != 0) {
					E0046F004(_v16, "Inno Setup: No Icons", _t515);
				}
				E0045559C( &_v40);
				E0046EF94(_v16, _v40, "Inno Setup: User", _t515); // executed
				if( *0x49d3d0 != 0) {
					_t319 =  *0x49d3d0; // 0x0
					E0046EF94(_v16,  *_t319, "Inno Setup: Setup Type", _t515);
					_t322 =  *0x49d3d4; // 0x0
					E00431404(_t322, 0x49d1e0,  &_v40, _t506, _t511);
					E0046EF94(_v16, _v40, "Inno Setup: Selected Components", _t515);
					_t326 =  *0x49d3d8; // 0x0
					E00431404(_t326, 0x49d1e0,  &_v40, _t506, _t511);
					E0046EF94(_v16, _v40, "Inno Setup: Deselected Components", _t515);
				}
				if( *0x49d44d != 0) {
					_t311 =  *0x49d3dc; // 0x0
					E00431404(_t311, 0x49d1e0,  &_v40, _t506, _t511);
					E0046EF94(_v16, _v40, "Inno Setup: Selected Tasks", _t515); // executed
					_t315 =  *0x49d3e0; // 0x0
					E00431404(_t315, 0x49d1e0,  &_v40, _t506, _t511);
					E0046EF94(_v16, _v40, "Inno Setup: Deselected Tasks", _t515); // executed
				}
				if(( *0x0049D319 & 0x00000010) != 0) {
					_t406 =  *0x49d3b8; // 0x0
					E0046EF94(_v16, _t406, "Inno Setup: User Info: Name", _t515);
					_t408 =  *0x49d3bc; // 0x0
					E0046EF94(_v16, _t408, "Inno Setup: User Info: Organization", _t515);
					_t410 =  *0x49d3c0; // 0x0
					E0046EF94(_v16, _t410, "Inno Setup: User Info: Serial", _t515);
				}
				_t436 =  *0x49ac78; // 0x0
				_t182 =  *0x49d360; // 0x0
				E0046EF94(_v16,  *((intOrPtr*)(E0040B24C(_t182, _t436))), "Inno Setup: Language", _t515); // executed
				_pop(_t357);
				if( *0x0049D218 == 0) {
					_t438 =  *0x49d470; // 0x21b8c60
					E00403494( &_v20, _t438);
				} else {
					E0047C648( *((intOrPtr*)(0x49d218)), _t357,  &_v20);
				}
				E00479198(5, 0);
				if(5 == 0) {
					_t512 = 0x3f;
				} else {
					_t512 = 0x103;
				}
				E00403778(_v20, _t512, 1,  &_v40);
				E0046EF94(_v16, _v40, "DisplayName", _t515); // executed
				_pop(_t360);
				E0047C648( *0x0049D21C, _t360,  &_v40);
				E0046EFDC(_v16, _v40, "DisplayIcon", _t515);
				E00403494( &_v40, 0x46fac4);
				_t445 =  *0x49d1c4; // 0x21f6f44
				E0040357C( &_v40, _t445);
				E0040357C( &_v40, 0x46fac4);
				E0046EF94(_v16, _v40, "UninstallString", _t515); // executed
				E00403494( &_v40, 0x46fac4);
				_t449 =  *0x49d1c4; // 0x21f6f44
				E0040357C( &_v40, _t449);
				E0040357C( &_v40, "\" /SILENT");
				E0046EF94(_v16, _v40, "QuietUninstallString", _t515); // executed
				_pop(_t366);
				E0047C648( *0x0049D204, _t366,  &_v40);
				E0046EFDC(_v16, _v40, "DisplayVersion", _t515);
				_pop(_t368);
				E0047C648( *0x0049D1F0, _t368,  &_v40);
				E0046EFDC(_v16, _v40, "Publisher", _t515); // executed
				_pop(_t370);
				E0047C648( *0x0049D1F4, _t370,  &_v40);
				E0046EFDC(_v16, _v40, "URLInfoAbout", _t515);
				_pop(_t372);
				E0047C648( *0x0049D1F8, _t372,  &_v40);
				E0046EFDC(_v16, _v40, "HelpTelephone", _t515);
				_pop(_t374);
				E0047C648( *0x0049D1FC, _t374,  &_v40);
				E0046EFDC(_v16, _v40, "HelpLink", _t515);
				_pop(_t376);
				E0047C648( *0x0049D200, _t376,  &_v40);
				E0046EFDC(_v16, _v40, "URLUpdateInfo", _t515);
				_pop(_t378);
				E0047C648( *0x0049D230, _t378,  &_v40);
				E0046EFDC(_v16, _v40, "Readme", _t515);
				_pop(_t380);
				E0047C648( *0x0049D234, _t380,  &_v40);
				E0046EFDC(_v16, _v40, "Contact", _t515);
				_pop(_t382);
				E0047C648( *0x0049D238, _t382,  &_v40);
				E0046EFDC(_v16, _v40, "Comments", _t515);
				_pop(_t384);
				E0047C648( *0x0049D23C, _t384,  &_v20);
				if(_v20 == 0) {
					E0046F004(_v16, "NoModify", _t515); // executed
				} else {
					E0046EF94(_v16, _v20, "ModifyPath", _t515);
				}
				E0046F004(_v16, "NoRepair", _t515); // executed
				E0046F038( &_v40);
				E0046EF94(_v16, _v40, "InstallDate", _t515); // executed
				_pop(_t390);
				E0047C648( *((intOrPtr*)(0x49d204)), _t390,  &_v40);
				if(E0046F09C(_v40, 0x49d1e0,  &_v28,  &_v24, _t506, _t512) != 0) {
					E0046F004(_v16, "MajorVersion", _t515);
					E0046F004(_v16, "MinorVersion", _t515);
				}
				_t265 =  *0x49d450; // 0x6032580
				if(_t265 >> 0x10 >= 0x601) {
					if( *0x0049D312 != 0) {
						L40:
						_v36 =  *0x0049D30E;
						_v32 =  *((intOrPtr*)(0x49d312));
					} else {
						_t534 =  *((intOrPtr*)(0x49d30e));
						if( *((intOrPtr*)(0x49d30e)) != 0) {
							goto L40;
						} else {
							_v36 =  *_t506;
							_t132 = _t506 + 4; // 0x5fc0ebff
							_v32 =  *_t132;
							E00430BCC( &_v36, 0x49d2f8, _t534);
							_t289 =  *0x49d370; // 0x0
							_t508 =  *((intOrPtr*)(_t289 + 8)) - 1;
							if(_t508 >= 0) {
								_t509 = _t508 + 1;
								_t513 = 0;
								do {
									_t290 =  *0x49d370; // 0x0
									_t342 = E0040B24C(_t290, _t513);
									_t293 =  *0x49d3d4; // 0x0
									_t294 = E004799F4(_t293,  *_t342, 0, 0,  *((intOrPtr*)(_t342 + 0xc)), 0);
									_t537 = _t294;
									if(_t294 != 0) {
										_t138 = _t342 + 0x14; // 0x14
										E00430BCC( &_v36, _t138, _t537);
									}
									_t513 = _t513 + 1;
									_t509 = _t509 - 1;
								} while (_t509 != 0);
							}
						}
					}
					_t277 =  *0x49d454; // 0x0
					if(_t277 >> 8 > 0) {
						L44:
						E00430C08( &_v36, 0x400);
						E0046F004(_v16, "EstimatedSize", _t515); // executed
					} else {
						_t283 =  *0x49d450; // 0x6032580
						if(_t283 >> 0x10 > 0x601 || _v32 == 0) {
							goto L44;
						}
					}
				}
				_t542 =  *0x49d488;
				if( *0x49d488 != 0) {
					_push(_t515);
					_push(0x46f80f);
					_push( *[fs:eax]);
					 *[fs:eax] = _t517;
					_v48 = _v16;
					_v44 = 0;
					_t272 =  *0x49d488; // 0x0
					E0049522C(_t272,  &_v48, "RegisterPreviousData", _t542, _t544, 0, 0);
					_pop(_t478);
					 *[fs:eax] = _t478;
				}
				_pop(_t476);
				 *[fs:eax] = _t476;
				_push(0x46f84d);
				return RegCloseKey(_v16);
			}






































































                                                    0x0046f1a8
                                                    0x0046f1a9
                                                    0x0046f1ab
                                                    0x0046f1ae
                                                    0x0046f1af
                                                    0x0046f1b0
                                                    0x0046f1b3
                                                    0x0046f1b6
                                                    0x0046f1b9
                                                    0x0046f1bc
                                                    0x0046f1be
                                                    0x0046f1c7
                                                    0x0046f1c8
                                                    0x0046f1cd
                                                    0x0046f1d0
                                                    0x0046f1da
                                                    0x0046f1f7
                                                    0x0046f1ee
                                                    0x0046f1ee
                                                    0x0046f1ee
                                                    0x0046f1fe
                                                    0x0046f203
                                                    0x0046f204
                                                    0x0046f211
                                                    0x0046f219
                                                    0x0046f225
                                                    0x0046f22a
                                                    0x0046f236
                                                    0x0046f23b
                                                    0x0046f247
                                                    0x0046f24c
                                                    0x0046f24c
                                                    0x0046f264
                                                    0x0046f26e
                                                    0x0046f273
                                                    0x0046f278
                                                    0x0046f27a
                                                    0x0046f285
                                                    0x0046f285
                                                    0x0046f28c
                                                    0x0046f28d
                                                    0x0046f292
                                                    0x0046f295
                                                    0x0046f2a6
                                                    0x0046f2b3
                                                    0x0046f2c8
                                                    0x0046f2b5
                                                    0x0046f2b8
                                                    0x0046f2be
                                                    0x0046f2be
                                                    0x0046f2d9
                                                    0x0046f2e6
                                                    0x0046f2f6
                                                    0x0046f302
                                                    0x0046f30b
                                                    0x0046f318
                                                    0x0046f328
                                                    0x0046f32d
                                                    0x0046f332
                                                    0x0046f342
                                                    0x0046f34f
                                                    0x0046f352
                                                    0x0046f361
                                                    0x0046f36b
                                                    0x0046f370
                                                    0x0046f380
                                                    0x0046f38a
                                                    0x0046f38f
                                                    0x0046f39f
                                                    0x0046f3a4
                                                    0x0046f3ac
                                                    0x0046f3b2
                                                    0x0046f3b7
                                                    0x0046f3c7
                                                    0x0046f3d1
                                                    0x0046f3d6
                                                    0x0046f3e6
                                                    0x0046f3eb
                                                    0x0046f3f3
                                                    0x0046f3fb
                                                    0x0046f404
                                                    0x0046f410
                                                    0x0046f419
                                                    0x0046f425
                                                    0x0046f42e
                                                    0x0046f433
                                                    0x0046f435
                                                    0x0046f43b
                                                    0x0046f44f
                                                    0x0046f454
                                                    0x0046f459
                                                    0x0046f46b
                                                    0x0046f471
                                                    0x0046f45b
                                                    0x0046f461
                                                    0x0046f461
                                                    0x0046f47a
                                                    0x0046f481
                                                    0x0046f48a
                                                    0x0046f483
                                                    0x0046f483
                                                    0x0046f483
                                                    0x0046f49e
                                                    0x0046f4ae
                                                    0x0046f4b3
                                                    0x0046f4bb
                                                    0x0046f4cb
                                                    0x0046f4da
                                                    0x0046f4e2
                                                    0x0046f4e8
                                                    0x0046f4f5
                                                    0x0046f505
                                                    0x0046f514
                                                    0x0046f51c
                                                    0x0046f522
                                                    0x0046f52f
                                                    0x0046f53f
                                                    0x0046f544
                                                    0x0046f54c
                                                    0x0046f55c
                                                    0x0046f561
                                                    0x0046f569
                                                    0x0046f579
                                                    0x0046f57e
                                                    0x0046f586
                                                    0x0046f596
                                                    0x0046f59b
                                                    0x0046f5a3
                                                    0x0046f5b3
                                                    0x0046f5b8
                                                    0x0046f5c0
                                                    0x0046f5d0
                                                    0x0046f5d5
                                                    0x0046f5dd
                                                    0x0046f5ed
                                                    0x0046f5f2
                                                    0x0046f5fa
                                                    0x0046f60a
                                                    0x0046f60f
                                                    0x0046f617
                                                    0x0046f627
                                                    0x0046f62c
                                                    0x0046f634
                                                    0x0046f644
                                                    0x0046f649
                                                    0x0046f650
                                                    0x0046f659
                                                    0x0046f67d
                                                    0x0046f65b
                                                    0x0046f667
                                                    0x0046f66c
                                                    0x0046f691
                                                    0x0046f69b
                                                    0x0046f6ab
                                                    0x0046f6b0
                                                    0x0046f6b7
                                                    0x0046f6cc
                                                    0x0046f6da
                                                    0x0046f6ec
                                                    0x0046f6f1
                                                    0x0046f6f2
                                                    0x0046f6ff
                                                    0x0046f70c
                                                    0x0046f779
                                                    0x0046f77f
                                                    0x0046f788
                                                    0x0046f70e
                                                    0x0046f70e
                                                    0x0046f715
                                                    0x00000000
                                                    0x0046f717
                                                    0x0046f719
                                                    0x0046f71c
                                                    0x0046f71f
                                                    0x0046f72b
                                                    0x0046f730
                                                    0x0046f738
                                                    0x0046f73b
                                                    0x0046f73d
                                                    0x0046f73e
                                                    0x0046f740
                                                    0x0046f742
                                                    0x0046f74c
                                                    0x0046f75a
                                                    0x0046f75f
                                                    0x0046f764
                                                    0x0046f766
                                                    0x0046f768
                                                    0x0046f76e
                                                    0x0046f76e
                                                    0x0046f773
                                                    0x0046f774
                                                    0x0046f774
                                                    0x0046f777
                                                    0x0046f73b
                                                    0x0046f715
                                                    0x0046f78b
                                                    0x0046f798
                                                    0x0046f7af
                                                    0x0046f7b7
                                                    0x0046f7c8
                                                    0x0046f79a
                                                    0x0046f79a
                                                    0x0046f7a7
                                                    0x00000000
                                                    0x00000000
                                                    0x0046f7a7
                                                    0x0046f798
                                                    0x0046f7ce
                                                    0x0046f7d5
                                                    0x0046f7d9
                                                    0x0046f7da
                                                    0x0046f7df
                                                    0x0046f7e2
                                                    0x0046f7ec
                                                    0x0046f7ef
                                                    0x0046f7fb
                                                    0x0046f800
                                                    0x0046f807
                                                    0x0046f80a
                                                    0x0046f80a
                                                    0x0046f831
                                                    0x0046f834
                                                    0x0046f837
                                                    0x0046f845

                                                    APIs
                                                      • Part of subcall function 0046EF94: RegSetValueExA.ADVAPI32(?,Inno Setup: Setup Version,00000000,00000001,00000000,00000001,004765A2,?,0049D1E0,?,0046F2AB,?,00000000,0046F846,?,_is1), ref: 0046EFB7
                                                      • Part of subcall function 0046F004: RegSetValueExA.ADVAPI32(?,NoModify,00000000,00000004,00000000,00000004,00000001,?,0046F682,?,?,00000000,0046F846,?,_is1,?), ref: 0046F017
                                                    • RegCloseKey.ADVAPI32(?,0046F84D,?,_is1,?,Software\Microsoft\Windows\CurrentVersion\Uninstall\,00000000,0046F898,?,?,0049D1E0,00000000), ref: 0046F840
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Value$Close
                                                    • String ID: " /SILENT$5.5.5 (a)$Comments$Contact$DisplayIcon$DisplayName$DisplayVersion$EstimatedSize$HelpLink$HelpTelephone$Inno Setup: App Path$Inno Setup: Deselected Components$Inno Setup: Deselected Tasks$Inno Setup: Icon Group$Inno Setup: Language$Inno Setup: No Icons$Inno Setup: Selected Components$Inno Setup: Selected Tasks$Inno Setup: Setup Type$Inno Setup: Setup Version$Inno Setup: User$Inno Setup: User Info: Name$Inno Setup: User Info: Organization$Inno Setup: User Info: Serial$InstallDate$InstallLocation$MajorVersion$MinorVersion$ModifyPath$NoModify$NoRepair$Publisher$QuietUninstallString$Readme$RegisterPreviousData$Software\Microsoft\Windows\CurrentVersion\Uninstall\$URLInfoAbout$URLUpdateInfo$UninstallString$_is1
                                                    • API String ID: 3391052094-1086636208
                                                    • Opcode ID: 82d054b7b6979facc8e61dcbc1446aea54743b1f9e37ea30f7354a2346fa36e2
                                                    • Instruction ID: 919d238161e7e37985259c8afe8e7ed5cdfe626de619bb7a801eef3e398df61e
                                                    • Opcode Fuzzy Hash: 82d054b7b6979facc8e61dcbc1446aea54743b1f9e37ea30f7354a2346fa36e2
                                                    • Instruction Fuzzy Hash: 90125634A00108AFCB04DB55E891ADE77F5EB48304F60817BE854AB395EB78BE45CB5E
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00456638, Relevance: 26.6, APIs: 4, Strings: 11, Instructions: 310COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 2335 456638-45666a call 403728 2338 456685 2335->2338 2339 45666c-456683 753BB690 2335->2339 2340 45668a-45668c 2338->2340 2339->2340 2341 45668e-4566ab 753BB690 2340->2341 2342 4566b9-4566fd call 403738 * 2 2340->2342 2341->2342 2343 4566ad-4566b4 call 4534b0 2341->2343 2351 4566ff-456705 call 45645c 2342->2351 2352 45670a-45670e 2342->2352 2343->2342 2351->2352 2354 456710-456717 2352->2354 2355 45674e-45675d 2352->2355 2356 456719-456733 call 47c648 call 42db10 2354->2356 2357 456738-456749 call 403738 2354->2357 2361 456770-456775 2355->2361 2362 45675f-45676b call 403738 2355->2362 2356->2357 2357->2355 2366 456785-45678c call 45643c 2361->2366 2367 456777-456780 2361->2367 2362->2361 2372 456792-45679a 2366->2372 2373 4568ed-456900 2366->2373 2367->2366 2374 4567a6-4567b9 2372->2374 2375 45679c-4567a0 2372->2375 2378 456902-456909 call 4534b0 2373->2378 2379 45690e-456912 2373->2379 2382 4567c7-4567cb 2374->2382 2383 4567bb-4567c2 call 4534b0 2374->2383 2375->2373 2375->2374 2378->2379 2380 456914-45691b call 45641c 2379->2380 2381 456937-45693f call 403ca4 2379->2381 2380->2381 2394 45691d-456935 call 42c4f8 call 403ca4 2380->2394 2398 456942-456946 2381->2398 2387 4567cd-4567ed 2382->2387 2388 4567fb-4567fd 2382->2388 2383->2382 2387->2388 2401 4567ef-4567f6 call 4534b0 2387->2401 2392 4567ff-456813 call 403ca4 2388->2392 2393 456868-45686c 2388->2393 2410 456815 call 408c00 2392->2410 2411 45681a-45683c 2392->2411 2396 4568d4-4568df 2393->2396 2397 45686e-45688e 2393->2397 2394->2398 2396->2373 2415 4568e1-4568e8 call 4534b0 2396->2415 2416 456890-456897 call 4534b0 2397->2416 2417 45689c-4568a3 call 45644c 2397->2417 2402 45694d-456957 2398->2402 2403 456948 call 408c00 2398->2403 2401->2388 2412 45695c-45695e 2402->2412 2403->2402 2410->2411 2427 45683e-456845 call 4534b0 2411->2427 2428 45684a-456860 SysFreeString 2411->2428 2418 456960-456967 call 4534b0 2412->2418 2419 45696c-45698b call 456550 2412->2419 2415->2373 2416->2417 2417->2396 2430 4568a5-4568c6 2417->2430 2418->2419 2433 456996-45699a 2419->2433 2434 45698d-456991 SysFreeString 2419->2434 2427->2428 2430->2396 2438 4568c8-4568cf call 4534b0 2430->2438 2436 4569a5-4569a9 2433->2436 2437 45699c-4569a0 2433->2437 2434->2433 2439 4569b4-4569bd 2436->2439 2440 4569ab-4569af 2436->2440 2437->2436 2438->2396 2440->2439
                                                    C-Code - Quality: 77%
                                                    			E00456638(intOrPtr __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, intOrPtr _a4, char _a8, signed int _a12, intOrPtr _a16, char _a20, short _a24, intOrPtr _a28, intOrPtr _a32, char _a36, intOrPtr _a40, intOrPtr _a44) {
				intOrPtr _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				signed int _v24;
				short _v32;
				char _v40;
				char _v44;
				char* _t98;
				intOrPtr* _t104;
				intOrPtr* _t109;
				intOrPtr* _t113;
				void* _t115;
				signed int _t116;
				intOrPtr* _t118;
				intOrPtr* _t124;
				intOrPtr* _t130;
				intOrPtr* _t133;
				intOrPtr* _t136;
				intOrPtr* _t152;
				void* _t154;
				intOrPtr* _t155;
				intOrPtr* _t161;
				signed int _t164;
				intOrPtr* _t166;
				intOrPtr* _t175;
				void* _t177;
				intOrPtr _t179;
				intOrPtr* _t184;
				void* _t186;
				intOrPtr* _t192;
				intOrPtr* _t196;
				intOrPtr* _t201;
				char* _t210;
				intOrPtr _t215;
				intOrPtr _t227;
				intOrPtr _t235;
				void* _t244;
				void* _t246;
				intOrPtr _t247;
				void* _t249;
				void* _t250;
				intOrPtr _t251;

				_t216 = __ecx;
				_t249 = _t250;
				_t251 = _t250 + 0xffffffd8;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v44 = 0;
				_t244 = __ecx;
				_t246 = __edx;
				_v8 = __eax;
				_t215 = _a16;
				E00403728(_a36);
				_push(_t249);
				_push(0x4569e3);
				_push( *[fs:eax]);
				 *[fs:eax] = _t251;
				if(_a20 == 0) {
					_t98 = 0x80004005;
				} else {
					_t98 =  &_v12;
					_push(_t98);
					_push(0x49a774);
					_push(1);
					_push(0);
					_push(0x49aa74);
					L0042CC44();
				}
				if(_t98 != 0) {
					_a20 = 0;
					_t210 =  &_v12;
					_push(_t210);
					_push(0x49a774);
					_push(1);
					_push(0);
					_push(0x49a764); // executed
					L0042CC44(); // executed
					_t254 = _t210;
					if(_t210 != 0) {
						E004534B0("CoCreateInstance", _t215, _t210, _t244, _t246, _t254);
					}
				}
				_v20 = 0;
				_v16 = 0;
				_v24 = 0;
				 *[fs:edx] = _t251;
				_t104 = _v12;
				 *((intOrPtr*)( *_t104 + 0x50))(_t104, E00403738(_t244),  *[fs:edx], 0x4569be, _t249);
				_t109 = _v12;
				 *((intOrPtr*)( *_t109 + 0x2c))(_t109, E00403738(_a44));
				if(_a20 == 0) {
					E0045645C(_v12, _t215, _a40, _t244, _t246);
				}
				if(_a36 != 0) {
					if( *0x49d43e != 0) {
						E0047C648("{pf32}\\", _t216,  &_v44);
						E0042DB10( &_a36, "%ProgramFiles(x86)%\\", _v44, 1);
					}
					_t201 = _v12;
					 *((intOrPtr*)( *_t201 + 0x44))(_t201, E00403738(_a36), _a32);
				}
				_t113 = _v12;
				_t115 =  *((intOrPtr*)( *_t113 + 0x3c))(_t113, _a28);
				if(_t246 != 0) {
					_t196 = _v12;
					_t115 =  *((intOrPtr*)( *_t196 + 0x1c))(_t196, E00403738(_t246));
				}
				if(_a24 != 0) {
					_t192 = _v12;
					_t115 =  *((intOrPtr*)( *_t192 + 0x34))(_t192, _a24);
				}
				_t116 = E0045643C(_t115);
				if(_t116 == 0 || (_t116 & 0xffffff00 | _t215 != 0x00000000 | _a12) == 0 && _a8 == 0) {
					L38:
					_t118 = _v12;
					__eflags =  *((intOrPtr*)( *_t118))(_t118, 0x49a744,  &_v20);
					if(__eflags != 0) {
						_t120 = E004534B0("IShellLink::QueryInterface(IID_IPersistFile)", _t215, _t120, _t244, _t246, __eflags);
					}
					__eflags = _a20;
					if(_a20 == 0) {
						L43:
						_v24 = E00403CA4(_v8);
					} else {
						__eflags = E0045641C(_t120);
						if(__eflags == 0) {
							goto L43;
						} else {
							E0042C4F8(_v8, _t215,  &_v44, 0, _t244, _t246, __eflags);
							_v24 = E00403CA4(_v44);
						}
					}
					__eflags = _v24;
					if(_v24 == 0) {
						E00408C00();
					}
					_t124 = _v20;
					__eflags =  *((intOrPtr*)( *_t124 + 0x18))(_t124, _v24, 1);
					if(__eflags != 0) {
						E004534B0("IPersistFile::Save", _t215, _t126, _t244, _t246, __eflags);
					}
					E00456550(_v20, _t215, _a4, _v8, _t244, _t246, __eflags);
					_pop(_t227);
					 *[fs:eax] = _t227;
					_push(0x4569c5);
					__eflags = _v24;
					if(_v24 != 0) {
						_push(_v24);
						L0042CC5C();
					}
					__eflags = _v16;
					if(_v16 != 0) {
						_t136 = _v16;
						 *((intOrPtr*)( *_t136 + 8))(_t136);
					}
					__eflags = _v20;
					if(_v20 != 0) {
						_t133 = _v20;
						 *((intOrPtr*)( *_t133 + 8))(_t133);
					}
					_t130 = _v12;
					return  *((intOrPtr*)( *_t130 + 8))(_t130);
				} else {
					_t152 = _v12;
					_t154 =  *((intOrPtr*)( *_t152))(_t152, 0x49aa64,  &_v16);
					_t264 = _t154;
					if(_t154 != 0) {
						E004534B0("IShellLink::QueryInterface(IID_IPropertyStore)", _t215, _t154, _t244, _t246, _t264);
					}
					if(_a8 != 0) {
						_v40 = 0xb;
						_v32 = 0xffff;
						_t184 = _v16;
						_t186 =  *((intOrPtr*)( *_t184 + 0x18))(_t184, 0x49aaac,  &_v40);
						_t266 = _t186;
						if(_t186 != 0) {
							E004534B0("IPropertyStore::SetValue(PKEY_AppUserModel_PreventPinning)", _t215, _t186, _t244, _t246, _t266);
						}
					}
					if(_t215 == 0) {
						__eflags = _a12;
						if(_a12 != 0) {
							_v40 = 0xb;
							_v32 = 0xffff;
							_t161 = _v16;
							__eflags =  *((intOrPtr*)( *_t161 + 0x18))(_t161, 0x49aa98,  &_v40);
							if(__eflags != 0) {
								_t163 = E004534B0("IPropertyStore::SetValue(PKEY_AppUserModel_ExcludeFromShowInNewInstall)", _t215, _t163, _t244, _t246, __eflags);
							}
							_t164 = E0045644C(_t163);
							__eflags = _t164;
							if(_t164 != 0) {
								_v40 = 0x13;
								_v32 = 1;
								_t166 = _v16;
								__eflags =  *((intOrPtr*)( *_t166 + 0x18))(_t166, 0x49aac0,  &_v40);
								if(__eflags != 0) {
									E004534B0("IPropertyStore::SetValue(PKEY_AppUserModel_StartPinOption)", _t215, _t168, _t244, _t246, __eflags);
								}
							}
						}
						_t155 = _v16;
						__eflags =  *((intOrPtr*)( *_t155 + 0x1c))(_t155);
						if(__eflags != 0) {
							E004534B0("IPropertyStore::Commit", _t215, _t157, _t244, _t246, __eflags);
						}
						goto L38;
					} else {
						_v40 = 8;
						_t247 = E00403CA4(_t215);
						_v32 = _t247;
						if(_t247 == 0) {
							E00408C00();
						}
						 *[fs:edx] = _t251;
						_t175 = _v16;
						_t177 =  *((intOrPtr*)( *_t175 + 0x18))(_t175, 0x49aa84,  &_v40,  *[fs:edx], 0x456861, _t249);
						_t269 = _t177;
						if(_t177 != 0) {
							E004534B0("IPropertyStore::SetValue(PKEY_AppUserModel_ID)", _t215, _t177, _t244, _t247, _t269);
						}
						_pop(_t235);
						 *[fs:eax] = _t235;
						_push(0x456868);
						_t179 = _v32;
						_push(_t179);
						L0042CC5C();
						return _t179;
					}
				}
			}














































                                                    0x00456638
                                                    0x00456639
                                                    0x0045663b
                                                    0x0045663e
                                                    0x0045663f
                                                    0x00456640
                                                    0x00456643
                                                    0x00456646
                                                    0x00456648
                                                    0x0045664a
                                                    0x0045664d
                                                    0x00456653
                                                    0x0045665a
                                                    0x0045665b
                                                    0x00456660
                                                    0x00456663
                                                    0x0045666a
                                                    0x00456685
                                                    0x0045666c
                                                    0x0045666c
                                                    0x0045666f
                                                    0x00456670
                                                    0x00456675
                                                    0x00456677
                                                    0x00456679
                                                    0x0045667e
                                                    0x0045667e
                                                    0x0045668c
                                                    0x0045668e
                                                    0x00456692
                                                    0x00456695
                                                    0x00456696
                                                    0x0045669b
                                                    0x0045669d
                                                    0x0045669f
                                                    0x004566a4
                                                    0x004566a9
                                                    0x004566ab
                                                    0x004566b4
                                                    0x004566b4
                                                    0x004566ab
                                                    0x004566bb
                                                    0x004566c0
                                                    0x004566c5
                                                    0x004566d3
                                                    0x004566de
                                                    0x004566e4
                                                    0x004566f0
                                                    0x004566f6
                                                    0x004566fd
                                                    0x00456705
                                                    0x00456705
                                                    0x0045670e
                                                    0x00456717
                                                    0x00456723
                                                    0x00456733
                                                    0x00456733
                                                    0x00456745
                                                    0x0045674b
                                                    0x0045674b
                                                    0x00456752
                                                    0x00456758
                                                    0x0045675d
                                                    0x00456767
                                                    0x0045676d
                                                    0x0045676d
                                                    0x00456775
                                                    0x0045677c
                                                    0x00456782
                                                    0x00456782
                                                    0x00456785
                                                    0x0045678c
                                                    0x004568ed
                                                    0x004568f6
                                                    0x004568fe
                                                    0x00456900
                                                    0x00456909
                                                    0x00456909
                                                    0x0045690e
                                                    0x00456912
                                                    0x00456937
                                                    0x0045693f
                                                    0x00456914
                                                    0x00456919
                                                    0x0045691b
                                                    0x00000000
                                                    0x0045691d
                                                    0x00456925
                                                    0x00456932
                                                    0x00456932
                                                    0x0045691b
                                                    0x00456942
                                                    0x00456946
                                                    0x00456948
                                                    0x00456948
                                                    0x00456953
                                                    0x0045695c
                                                    0x0045695e
                                                    0x00456967
                                                    0x00456967
                                                    0x00456975
                                                    0x0045697c
                                                    0x0045697f
                                                    0x00456982
                                                    0x00456987
                                                    0x0045698b
                                                    0x00456990
                                                    0x00456991
                                                    0x00456991
                                                    0x00456996
                                                    0x0045699a
                                                    0x0045699c
                                                    0x004569a2
                                                    0x004569a2
                                                    0x004569a5
                                                    0x004569a9
                                                    0x004569ab
                                                    0x004569b1
                                                    0x004569b1
                                                    0x004569b4
                                                    0x004569bd
                                                    0x004567a6
                                                    0x004567af
                                                    0x004567b5
                                                    0x004567b7
                                                    0x004567b9
                                                    0x004567c2
                                                    0x004567c2
                                                    0x004567cb
                                                    0x004567cd
                                                    0x004567d3
                                                    0x004567e2
                                                    0x004567e8
                                                    0x004567eb
                                                    0x004567ed
                                                    0x004567f6
                                                    0x004567f6
                                                    0x004567ed
                                                    0x004567fd
                                                    0x00456868
                                                    0x0045686c
                                                    0x0045686e
                                                    0x00456874
                                                    0x00456883
                                                    0x0045688c
                                                    0x0045688e
                                                    0x00456897
                                                    0x00456897
                                                    0x0045689c
                                                    0x004568a1
                                                    0x004568a3
                                                    0x004568a5
                                                    0x004568ab
                                                    0x004568bb
                                                    0x004568c4
                                                    0x004568c6
                                                    0x004568cf
                                                    0x004568cf
                                                    0x004568c6
                                                    0x004568a3
                                                    0x004568d4
                                                    0x004568dd
                                                    0x004568df
                                                    0x004568e8
                                                    0x004568e8
                                                    0x00000000
                                                    0x004567ff
                                                    0x004567ff
                                                    0x0045680c
                                                    0x0045680e
                                                    0x00456813
                                                    0x00456815
                                                    0x00456815
                                                    0x00456825
                                                    0x00456831
                                                    0x00456837
                                                    0x0045683a
                                                    0x0045683c
                                                    0x00456845
                                                    0x00456845
                                                    0x0045684c
                                                    0x0045684f
                                                    0x00456852
                                                    0x00456857
                                                    0x0045685a
                                                    0x0045685b
                                                    0x00456860
                                                    0x00456860
                                                    0x004567fd

                                                    APIs
                                                    • 753BB690.OLE32(0049AA74,00000000,00000001,0049A774,?,00000000,004569E3), ref: 0045667E
                                                    • 753BB690.OLE32(0049A764,00000000,00000001,0049A774,?,00000000,004569E3), ref: 004566A4
                                                    • SysFreeString.OLEAUT32(00000000), ref: 0045685B
                                                    Strings
                                                    • IPropertyStore::SetValue(PKEY_AppUserModel_ID), xrefs: 00456840
                                                    • IPersistFile::Save, xrefs: 00456962
                                                    • IPropertyStore::SetValue(PKEY_AppUserModel_ExcludeFromShowInNewInstall), xrefs: 00456892
                                                    • IShellLink::QueryInterface(IID_IPersistFile), xrefs: 00456904
                                                    • IPropertyStore::Commit, xrefs: 004568E3
                                                    • CoCreateInstance, xrefs: 004566AF
                                                    • IShellLink::QueryInterface(IID_IPropertyStore), xrefs: 004567BD
                                                    • IPropertyStore::SetValue(PKEY_AppUserModel_PreventPinning), xrefs: 004567F1
                                                    • {pf32}\, xrefs: 0045671E
                                                    • %ProgramFiles(x86)%\, xrefs: 0045672E
                                                    • IPropertyStore::SetValue(PKEY_AppUserModel_StartPinOption), xrefs: 004568CA
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: B690$FreeString
                                                    • String ID: %ProgramFiles(x86)%\$CoCreateInstance$IPersistFile::Save$IPropertyStore::Commit$IPropertyStore::SetValue(PKEY_AppUserModel_ExcludeFromShowInNewInstall)$IPropertyStore::SetValue(PKEY_AppUserModel_ID)$IPropertyStore::SetValue(PKEY_AppUserModel_PreventPinning)$IPropertyStore::SetValue(PKEY_AppUserModel_StartPinOption)$IShellLink::QueryInterface(IID_IPersistFile)$IShellLink::QueryInterface(IID_IPropertyStore)${pf32}\
                                                    • API String ID: 1621011594-2363233914
                                                    • Opcode ID: 408380bf8d2395c9e29ec18173e4efe72cc11e6f791a4b28abd212c293816f6c
                                                    • Instruction ID: 4476945c37b4f31b89aba6a543103ab5e85505a484c0bcee886d51158b9c11c4
                                                    • Opcode Fuzzy Hash: 408380bf8d2395c9e29ec18173e4efe72cc11e6f791a4b28abd212c293816f6c
                                                    • Instruction Fuzzy Hash: 1DB14270A00104AFDB51DFA9C945B9E7BF8AF09306F5540A6F804E7362DB78DD48CB69
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00483E58, Relevance: 26.3, APIs: 9, Strings: 6, Instructions: 68libraryloaderCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 2443 483e58-483e7d GetModuleHandleA GetProcAddress 2444 483e7f-483e95 GetNativeSystemInfo GetProcAddress 2443->2444 2445 483ee4-483ee9 GetSystemInfo 2443->2445 2446 483eee-483ef7 2444->2446 2447 483e97-483ea2 GetCurrentProcess 2444->2447 2445->2446 2448 483ef9-483efd 2446->2448 2449 483f07-483f0e 2446->2449 2447->2446 2456 483ea4-483ea8 2447->2456 2450 483eff-483f03 2448->2450 2451 483f10-483f17 2448->2451 2452 483f29-483f2e 2449->2452 2454 483f19-483f20 2450->2454 2455 483f05-483f22 2450->2455 2451->2452 2454->2452 2455->2452 2456->2446 2458 483eaa-483eb1 call 45271c 2456->2458 2458->2446 2461 483eb3-483ec0 GetProcAddress 2458->2461 2461->2446 2462 483ec2-483ed9 GetModuleHandleA GetProcAddress 2461->2462 2462->2446 2463 483edb-483ee2 2462->2463 2463->2446
                                                    C-Code - Quality: 67%
                                                    			E00483E58() {
				struct _SYSTEM_INFO _v44;
				_Unknown_base(*)()* _t5;
				void* _t8;
				void* _t9;
				void* _t10;
				struct HINSTANCE__* _t19;
				intOrPtr* _t21;
				intOrPtr* _t22;

				 *0x49d43e = 0;
				_t19 = GetModuleHandleA("kernel32.dll");
				_t5 = GetProcAddress(_t19, "GetNativeSystemInfo");
				if(_t5 == 0) {
					GetSystemInfo( &_v44);
				} else {
					 *_t5( &_v44); // executed
					_t21 = GetProcAddress(_t19, "IsWow64Process");
					if(_t21 != 0) {
						_push(_t22);
						_push(GetCurrentProcess());
						if( *_t21() != 0 &&  *_t22 != 0 && E0045271C() != 0 && GetProcAddress(_t19, "GetSystemWow64DirectoryA") != 0 && GetProcAddress(GetModuleHandleA("advapi32.dll"), "RegDeleteKeyExA") != 0) {
							 *0x49d43e = 1;
						}
					}
				}
				_t8 = _v44.dwOemId - 1;
				if(_t8 < 0) {
					 *0x49ac80 = 1;
					return _t8;
				} else {
					_t9 = _t8 - 5;
					if(_t9 == 0) {
						 *0x49ac80 = 3;
						return _t9;
					}
					_t10 = _t9 - 3;
					if(_t10 == 0) {
						 *0x49ac80 = 2;
						return _t10;
					}
					 *0x49ac80 = 0;
					return _t10;
				}
			}











                                                    0x00483e5d
                                                    0x00483e6e
                                                    0x00483e76
                                                    0x00483e7d
                                                    0x00483ee9
                                                    0x00483e7f
                                                    0x00483e84
                                                    0x00483e91
                                                    0x00483e95
                                                    0x00483e97
                                                    0x00483e9d
                                                    0x00483ea2
                                                    0x00483edb
                                                    0x00483edb
                                                    0x00483ea2
                                                    0x00483e95
                                                    0x00483ef3
                                                    0x00483ef7
                                                    0x00483f07
                                                    0x00000000
                                                    0x00483ef9
                                                    0x00483ef9
                                                    0x00483efd
                                                    0x00483f10
                                                    0x00000000
                                                    0x00483f10
                                                    0x00483eff
                                                    0x00483f03
                                                    0x00483f19
                                                    0x00000000
                                                    0x00483f19
                                                    0x00483f22
                                                    0x00000000
                                                    0x00483f22

                                                    APIs
                                                    • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00483E69
                                                    • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00483E76
                                                    • GetNativeSystemInfo.KERNELBASE(?,00000000,GetNativeSystemInfo,kernel32.dll), ref: 00483E84
                                                    • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00483E8C
                                                    • GetCurrentProcess.KERNEL32(?,00000000,IsWow64Process), ref: 00483E98
                                                    • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryA), ref: 00483EB9
                                                    • GetModuleHandleA.KERNEL32(advapi32.dll,RegDeleteKeyExA,00000000,GetSystemWow64DirectoryA,?,00000000,IsWow64Process), ref: 00483ECC
                                                    • GetProcAddress.KERNEL32(00000000,advapi32.dll), ref: 00483ED2
                                                    • GetSystemInfo.KERNEL32(?,00000000,GetNativeSystemInfo,kernel32.dll), ref: 00483EE9
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: AddressProc$HandleInfoModuleSystem$CurrentNativeProcess
                                                    • String ID: GetNativeSystemInfo$GetSystemWow64DirectoryA$IsWow64Process$RegDeleteKeyExA$advapi32.dll$kernel32.dll
                                                    • API String ID: 2230631259-2623177817
                                                    • Opcode ID: 59f263af4fcdd65992a956226566fe3d4b80b51fd3e4eaa1c72591911b3d10d7
                                                    • Instruction ID: 29dcc52068e6a036ccdcf12c8eee286e016c54428604db045c5eec6500932020
                                                    • Opcode Fuzzy Hash: 59f263af4fcdd65992a956226566fe3d4b80b51fd3e4eaa1c72591911b3d10d7
                                                    • Instruction Fuzzy Hash: 6511BE40D08342A5DA11BB7A5D05B7F2658DB00F1AF040C3BBA80AA286DB7DCE5497BF
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00468DA4, Relevance: 24.7, APIs: 1, Strings: 13, Instructions: 155registryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 2469 468da4-468ddc call 47c648 2472 468de2-468df2 call 4791b8 2469->2472 2473 468fbe-468fd8 call 403420 2469->2473 2478 468df7-468e3c call 4078f4 call 403738 call 42de1c 2472->2478 2484 468e41-468e43 2478->2484 2485 468fb4-468fb8 2484->2485 2486 468e49-468e5e 2484->2486 2485->2473 2485->2478 2487 468e73-468e7a 2486->2487 2488 468e60-468e6e call 42dd4c 2486->2488 2490 468ea7-468eae 2487->2490 2491 468e7c-468e9e call 42dd4c call 42dd64 2487->2491 2488->2487 2493 468f07-468f0e 2490->2493 2494 468eb0-468ed5 call 42dd4c * 2 2490->2494 2491->2490 2510 468ea0 2491->2510 2496 468f54-468f5b 2493->2496 2497 468f10-468f22 call 42dd4c 2493->2497 2513 468ed7-468ee0 call 4314f8 2494->2513 2514 468ee5-468ef7 call 42dd4c 2494->2514 2499 468f96-468fac RegCloseKey 2496->2499 2500 468f5d-468f91 call 42dd4c * 3 2496->2500 2511 468f24-468f2d call 4314f8 2497->2511 2512 468f32-468f44 call 42dd4c 2497->2512 2500->2499 2510->2490 2511->2512 2512->2496 2522 468f46-468f4f call 4314f8 2512->2522 2513->2514 2514->2493 2526 468ef9-468f02 call 4314f8 2514->2526 2522->2496 2526->2493
                                                    C-Code - Quality: 84%
                                                    			E00468DA4(void* __eax, void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char* _v40;
				intOrPtr _t62;
				void* _t76;
				intOrPtr _t77;
				void* _t78;
				void* _t90;
				void* _t92;
				void* _t100;
				void* _t102;
				intOrPtr* _t114;
				intOrPtr _t134;
				intOrPtr _t139;
				void* _t156;
				void* _t158;
				void* _t160;
				void* _t161;
				intOrPtr _t162;

				_t160 = _t161;
				_t162 = _t161 + 0xffffffdc;
				_v24 = 0;
				_v12 = 0;
				_v16 = 0;
				_v20 = 0;
				_t158 = __eax;
				_push(_t160);
				_push(0x468fd9);
				_push( *[fs:eax]);
				 *[fs:eax] = _t162;
				_t62 =  *0x49d1e8; // 0x21b8c78
				E0047C648(_t62, __ecx,  &_v16);
				if(_v16 == 0) {
					L22:
					__eflags = 0;
					_pop(_t134);
					 *[fs:eax] = _t134;
					_push(E00468FE0);
					return E00403420( &_v24, 4);
				} else {
					E004791B8(_v16, __ecx,  &_v20);
					_t156 = 2;
					_t114 = 0x49ab74;
					while(1) {
						_v40 = "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall";
						_v36 = 0xb;
						_v32 = _v20;
						_v28 = 0xb;
						E004078F4("%s\\%s_is1", 1,  &_v40,  &_v24);
						_t76 = E00403738(_v24);
						_t77 =  *0x49ac7c; // 0x2, executed
						_t78 = E0042DE1C(_t77, _t76,  *_t114,  &_v8, 1, 0); // executed
						if(_t78 == 0) {
							_push(_t160);
							_push(0x468fad);
							_push( *[fs:eax]);
							 *[fs:eax] = _t162;
							if(( *0x49d317 & 0x00000040) != 0) {
								E0042DD4C();
							}
							break;
						}
						_t114 = _t114 + 4;
						_t156 = _t156 - 1;
						__eflags = _t156;
						if(_t156 != 0) {
							continue;
						} else {
							goto L22;
						}
						goto L23;
					}
					if(( *0x49d318 & 0x00000001) != 0) {
						E0042DD4C();
						if(E0042DD64(_v8, "Inno Setup: No Icons") != 0) {
							 *((char*)(_t158 + 0x320)) = 1;
						}
					}
					if(( *0x49d318 & 0x00000004) != 0) {
						E0042DD4C();
						_t100 = E0042DD4C();
						_t170 = _t100;
						if(_t100 != 0) {
							E004314F8( *((intOrPtr*)(_t158 + 0x324)), _t114, _v12, _t156, _t158, _t170);
						}
						_t102 = E0042DD4C();
						_t171 = _t102;
						if(_t102 != 0) {
							E004314F8( *((intOrPtr*)(_t158 + 0x328)), _t114, _v12, _t156, _t158, _t171);
						}
					}
					if(( *0x49d318 & 0x00000080) != 0) {
						_t90 = E0042DD4C();
						_t173 = _t90;
						if(_t90 != 0) {
							E004314F8( *((intOrPtr*)(_t158 + 0x32c)), _t114, _v12, _t156, _t158, _t173);
						}
						_t92 = E0042DD4C();
						_t174 = _t92;
						if(_t92 != 0) {
							E004314F8( *((intOrPtr*)(_t158 + 0x330)), _t114, _v12, _t156, _t158, _t174);
						}
					}
					if(( *0x49d319 & 0x00000020) != 0) {
						E0042DD4C();
						E0042DD4C();
						E0042DD4C();
					}
					_pop(_t139);
					 *[fs:eax] = _t139;
					_push(E00468FBE);
					return RegCloseKey(_v8);
				}
				L23:
			}




























                                                    0x00468da5
                                                    0x00468da7
                                                    0x00468daf
                                                    0x00468db2
                                                    0x00468db5
                                                    0x00468db8
                                                    0x00468dbb
                                                    0x00468dbf
                                                    0x00468dc0
                                                    0x00468dc5
                                                    0x00468dc8
                                                    0x00468dce
                                                    0x00468dd3
                                                    0x00468ddc
                                                    0x00468fbe
                                                    0x00468fbe
                                                    0x00468fc0
                                                    0x00468fc3
                                                    0x00468fc6
                                                    0x00468fd8
                                                    0x00468de2
                                                    0x00468de8
                                                    0x00468ded
                                                    0x00468df2
                                                    0x00468df7
                                                    0x00468e08
                                                    0x00468e0b
                                                    0x00468e12
                                                    0x00468e15
                                                    0x00468e26
                                                    0x00468e2e
                                                    0x00468e37
                                                    0x00468e3c
                                                    0x00468e43
                                                    0x00468e4b
                                                    0x00468e4c
                                                    0x00468e51
                                                    0x00468e54
                                                    0x00468e5e
                                                    0x00468e6e
                                                    0x00468e6e
                                                    0x00000000
                                                    0x00468e5e
                                                    0x00468fb4
                                                    0x00468fb7
                                                    0x00468fb7
                                                    0x00468fb8
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00468fb8
                                                    0x00468e7a
                                                    0x00468e8a
                                                    0x00468e9e
                                                    0x00468ea0
                                                    0x00468ea0
                                                    0x00468e9e
                                                    0x00468eae
                                                    0x00468ebe
                                                    0x00468ece
                                                    0x00468ed3
                                                    0x00468ed5
                                                    0x00468ee0
                                                    0x00468ee0
                                                    0x00468ef0
                                                    0x00468ef5
                                                    0x00468ef7
                                                    0x00468f02
                                                    0x00468f02
                                                    0x00468ef7
                                                    0x00468f0e
                                                    0x00468f1b
                                                    0x00468f20
                                                    0x00468f22
                                                    0x00468f2d
                                                    0x00468f2d
                                                    0x00468f3d
                                                    0x00468f42
                                                    0x00468f44
                                                    0x00468f4f
                                                    0x00468f4f
                                                    0x00468f44
                                                    0x00468f5b
                                                    0x00468f6b
                                                    0x00468f7e
                                                    0x00468f91
                                                    0x00468f91
                                                    0x00468f98
                                                    0x00468f9b
                                                    0x00468f9e
                                                    0x00468fac
                                                    0x00468fac
                                                    0x00000000

                                                    APIs
                                                      • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,00483FBF,?,00000001,?,?,00483FBF,?,00000001,00000000), ref: 0042DE38
                                                    • RegCloseKey.ADVAPI32(?,00468FBE,?,?,00000001,00000000,00000000,00468FD9,?,00000000,00000000,?), ref: 00468FA7
                                                    Strings
                                                    • Inno Setup: Deselected Tasks, xrefs: 00468F35
                                                    • Inno Setup: User Info: Name, xrefs: 00468F63
                                                    • Inno Setup: User Info: Organization, xrefs: 00468F76
                                                    • Inno Setup: Deselected Components, xrefs: 00468EE8
                                                    • Inno Setup: Setup Type, xrefs: 00468EB6
                                                    • Inno Setup: No Icons, xrefs: 00468E8F
                                                    • Inno Setup: Selected Tasks, xrefs: 00468F13
                                                    • Inno Setup: Selected Components, xrefs: 00468EC6
                                                    • Inno Setup: User Info: Serial, xrefs: 00468F89
                                                    • Inno Setup: Icon Group, xrefs: 00468E82
                                                    • %s\%s_is1, xrefs: 00468E21
                                                    • Inno Setup: App Path, xrefs: 00468E66
                                                    • Software\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 00468E03
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CloseOpen
                                                    • String ID: %s\%s_is1$Inno Setup: App Path$Inno Setup: Deselected Components$Inno Setup: Deselected Tasks$Inno Setup: Icon Group$Inno Setup: No Icons$Inno Setup: Selected Components$Inno Setup: Selected Tasks$Inno Setup: Setup Type$Inno Setup: User Info: Name$Inno Setup: User Info: Organization$Inno Setup: User Info: Serial$Software\Microsoft\Windows\CurrentVersion\Uninstall
                                                    • API String ID: 47109696-1093091907
                                                    • Opcode ID: b8d1216e8efebf1dbe24cedb12c24db51041ee7c630b2c14b755033d53aaaa17
                                                    • Instruction ID: 089233d71a1efac8667e683b93aebe9146307268439e7b786faecd1ad8525d47
                                                    • Opcode Fuzzy Hash: b8d1216e8efebf1dbe24cedb12c24db51041ee7c630b2c14b755033d53aaaa17
                                                    • Instruction Fuzzy Hash: A251D730A006049BCB14DB65C841BDEB7F5EF49304F9085BEE850AB391EB79AF05CB5A
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00472C9C, Relevance: 23.1, APIs: 4, Strings: 9, Instructions: 341COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 2528 472c9c-472d98 call 403728 call 403778 call 403684 call 47c648 call 403494 * 2 call 40357c call 42c804 call 403494 call 40357c call 42c804 call 403494 call 40357c call 42c804 * 2 2559 472d9f-472da3 2528->2559 2560 472d9a-472d9d 2528->2560 2561 472da8-472dac 2559->2561 2562 472da5 2559->2562 2560->2561 2563 472dbf-472dcd call 47296c 2561->2563 2564 472dae-472db9 call 479198 2561->2564 2562->2561 2570 472dcf-472dda call 403494 2563->2570 2571 472ddc-472de2 call 403494 2563->2571 2564->2563 2569 472dbb 2564->2569 2569->2563 2574 472de7-472e43 call 457f1c call 46e278 call 42c8a4 call 46fc2c call 406f50 * 2 call 42cd24 2570->2574 2571->2574 2590 472e45-472e54 call 403738 WritePrivateProfileStringA 2574->2590 2591 472e59-472e77 call 406f50 call 472b4c call 457d10 2574->2591 2590->2591 2600 472e7d-472eaf call 456638 2591->2600 2601 472f2a-472f45 call 472a08 call 403494 2591->2601 2604 472eb4-472eb8 2600->2604 2612 472f49-472f5e call 457d10 2601->2612 2606 472ec6-472ec8 2604->2606 2607 472eba-472ec4 call 42cd48 2604->2607 2610 472ecc-472ed3 2606->2610 2607->2606 2615 472eca 2607->2615 2610->2612 2613 472ed5-472ed9 2610->2613 2620 472f76-472f85 call 403738 SHChangeNotify 2612->2620 2621 472f60-472f74 call 403738 SHChangeNotify 2612->2621 2613->2612 2617 472edb-472ef5 call 42c8fc call 406ac4 2613->2617 2615->2610 2617->2612 2630 472ef7-472f1c call 4554a8 2617->2630 2629 472f8a-472fb3 call 42c8a4 call 403738 SHChangeNotify 2620->2629 2621->2629 2637 4730b7-4730bc call 46e614 2629->2637 2638 472fb9-472fbd 2629->2638 2630->2612 2645 4730c1-4730eb call 403400 call 403420 call 403400 2637->2645 2639 472fc3-473050 call 45a204 call 42c3fc call 40357c call 45a204 call 42c3fc call 40357c call 45a204 2638->2639 2640 473052-473056 2638->2640 2639->2637 2642 473079-4730b2 call 45a204 * 2 2640->2642 2643 473058-473077 call 45a204 2640->2643 2642->2637 2643->2637
                                                    C-Code - Quality: 82%
                                                    			E00472C9C(char __eax, void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags, void* __fp0, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, char _a16, intOrPtr _a20, char _a24, char _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40, intOrPtr _a44, intOrPtr _a48, intOrPtr _a52) {
				char _v8;
				intOrPtr _v12;
				char _v13;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v41;
				char _v42;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				char _t281;
				signed char _t301;
				void* _t306;
				intOrPtr _t340;
				intOrPtr _t356;
				intOrPtr _t360;
				intOrPtr _t362;
				void* _t364;
				void* _t365;
				intOrPtr _t366;
				void* _t367;
				void* _t384;

				_t384 = __fp0;
				_t367 = __eflags;
				_t364 = _t365;
				_t366 = _t365 + 0xffffffc8;
				_v48 = 0;
				_v20 = 0;
				_v24 = 0;
				_v28 = 0;
				_v32 = 0;
				_v36 = 0;
				_v40 = 0;
				_t362 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				_t360 = _a40;
				E00403728(_v8);
				_push(_t364);
				_push(0x4730ec);
				_push( *[fs:eax]);
				 *[fs:eax] = _t366;
				E00403778(_v8, 8, 1,  &_v48);
				E00403684(_v48, "{group}\\");
				_v13 = _t367 == 0;
				E0047C648(_v8, 8,  &_v48);
				E00403494( &_v8, _v48);
				E00403494( &_v48, _v8);
				E0040357C( &_v48, 0x473118);
				E0042C804(_v48,  &_v20);
				E00403494( &_v48, _v8);
				E0040357C( &_v48, 0x473128);
				E0042C804(_v48,  &_v24);
				E00403494( &_v48, _v8);
				E0040357C( &_v48, 0x473138);
				E0042C804(_v48,  &_v28);
				E0042C804(_v8,  &_v32);
				_t301 =  *0x473140; // 0x8
				if(_a28 == 0) {
					__eflags = _v13;
					if(__eflags != 0) {
						__eflags = _t301;
					}
				} else {
					_t301 = _t301 | 0x00000001;
				}
				if(_a16 != 0) {
					E00479198(6, 1);
					if(6 != 0) {
						_a16 = 0;
					}
				}
				_v41 = E0047296C(_t362, 6);
				_t371 = _v41;
				if(_v41 == 0) {
					E00403494( &_v36, _v20);
				} else {
					E00403494( &_v36, _v28);
				}
				_v56 = _v36;
				_v52 = 0xb;
				E00457F1C("Dest filename: %s", _t301, 0,  &_v56, _t360, _t362);
				E0046E278(_v36, _t301, 1, _t360, _t362, _t371);
				E0042C8A4(_v36, 0,  &_v48);
				E0046FC2C(0, _t301, _t301, _v48, _t360, _t362, _t371,  *((intOrPtr*)(_a52 + 8))); // executed
				_pop(_t306);
				E00406F50(_v20);
				E00406F50(_v24);
				if(E0042CD24(_v28) != 0) {
					WritePrivateProfileStringA(0, 0, 0, E00403738(_v28));
				}
				E00406F50(_v28);
				E00472B4C(_v32, _t301, _t360, _t362); // executed
				E00457D10("Creating the icon.", _t301, _t306, _t360, _t362);
				if(_v41 != 0) {
					_t307 = _t360;
					E00472A08(_v28, _t301, _t360, _t362, _t360, _t362, _a36);
					E00403494( &_v40, _v28);
					_v42 = 0;
				} else {
					_t307 = _t362;
					E00456638(_v20, _t301, _t362, _v12, _t360, _t362,  &_v40, _a4, _a8, _a12, _a16, _a20, _a32, _a36, _t360, _a44, _a48); // executed
					_t374 = _a16;
					if(_a16 == 0 || E0042CD48(_t374) == 0) {
						_t281 = 0;
					} else {
						_t281 = 1;
					}
					_v42 = _t281;
					if(_a24 != 0) {
						_t377 = _v42;
						if(_v42 == 0) {
							E0042C8FC(_v40, _t307,  &_v48, _t377);
							if(E00406AC4(_v48, 0x473128) == 0) {
								_push(_t364);
								_push( *[fs:eax]);
								 *[fs:eax] = _t366;
								E004554A8(_v40, _t301, 0x473100 | _a24 == 0x00000001);
								_pop(_t356);
								_t307 = 0x472f1e;
								 *[fs:eax] = _t356;
							}
						}
					}
				}
				E00457D10("Successfully created the icon.", _t301, _t307, _t360, _t362);
				 *0x49d484 = 1;
				if(_v42 == 0) {
					SHChangeNotify(2, 1, E00403738(_v40), 0); // executed
				} else {
					SHChangeNotify(8, 1, E00403738(_v40), 0);
				}
				E0042C8A4(_v40, _t307,  &_v48);
				SHChangeNotify(0x1000, 0x1001, E00403738(_v48), 0); // executed
				if(_a28 == 0) {
					if(_v42 == 0) {
						__eflags = _v41;
						if(_v41 == 0) {
							_v60 = _v20;
							E0045A204( *((intOrPtr*)( *((intOrPtr*)(_a52 + 8)) - 4)), _t301,  &_v60, 0x82, _t360, _t362, 0x20, 0);
							_v60 = _v24;
							E0045A204( *((intOrPtr*)( *((intOrPtr*)(_a52 + 8)) - 4)), _t301,  &_v60, 0x82, _t360, _t362, 0x20, 0);
						} else {
							_v60 = _v40;
							E0045A204( *((intOrPtr*)( *((intOrPtr*)(_a52 + 8)) - 4)), _t301,  &_v60, 0x82, _t360, _t362, 0x20, 0);
						}
					} else {
						_v60 = _v40;
						E0045A204( *((intOrPtr*)( *((intOrPtr*)(_a52 + 8)) - 4)), _t301,  &_v60, 0x81, _t360, _t362, 0x12, 0);
						E0042C3FC(_v40,  &_v48);
						E0040357C( &_v48, "target.lnk");
						_v60 = _v48;
						E0045A204( *((intOrPtr*)( *((intOrPtr*)(_a52 + 8)) - 4)), _t301,  &_v60, 0x82, _t360, _t362, 0, 0);
						E0042C3FC(_v40,  &_v48);
						E0040357C( &_v48, "Desktop.ini");
						_v60 = _v48;
						E0045A204( *((intOrPtr*)( *((intOrPtr*)(_a52 + 8)) - 4)), _t301,  &_v60, 0x82, _t360, _t362, 0, 0);
					}
				}
				E0046E614(0x3e8, _t384);
				_pop(_t340);
				 *[fs:eax] = _t340;
				_push(0x4730f3);
				E00403400( &_v48);
				E00403420( &_v40, 6);
				return E00403400( &_v8);
			}






























                                                    0x00472c9c
                                                    0x00472c9c
                                                    0x00472c9d
                                                    0x00472c9f
                                                    0x00472ca7
                                                    0x00472caa
                                                    0x00472cad
                                                    0x00472cb0
                                                    0x00472cb3
                                                    0x00472cb6
                                                    0x00472cb9
                                                    0x00472cbc
                                                    0x00472cbe
                                                    0x00472cc1
                                                    0x00472cc4
                                                    0x00472cca
                                                    0x00472cd1
                                                    0x00472cd2
                                                    0x00472cd7
                                                    0x00472cda
                                                    0x00472cee
                                                    0x00472cfb
                                                    0x00472d00
                                                    0x00472d0a
                                                    0x00472d15
                                                    0x00472d20
                                                    0x00472d2d
                                                    0x00472d38
                                                    0x00472d43
                                                    0x00472d50
                                                    0x00472d5b
                                                    0x00472d66
                                                    0x00472d73
                                                    0x00472d7e
                                                    0x00472d89
                                                    0x00472d8e
                                                    0x00472d98
                                                    0x00472d9f
                                                    0x00472da3
                                                    0x00472da5
                                                    0x00472da5
                                                    0x00472d9a
                                                    0x00472d9a
                                                    0x00472d9a
                                                    0x00472dac
                                                    0x00472db2
                                                    0x00472db9
                                                    0x00472dbb
                                                    0x00472dbb
                                                    0x00472db9
                                                    0x00472dc6
                                                    0x00472dc9
                                                    0x00472dcd
                                                    0x00472de2
                                                    0x00472dcf
                                                    0x00472dd5
                                                    0x00472dd5
                                                    0x00472dea
                                                    0x00472ded
                                                    0x00472dfb
                                                    0x00472e05
                                                    0x00472e17
                                                    0x00472e23
                                                    0x00472e28
                                                    0x00472e2c
                                                    0x00472e34
                                                    0x00472e43
                                                    0x00472e54
                                                    0x00472e54
                                                    0x00472e5c
                                                    0x00472e64
                                                    0x00472e6e
                                                    0x00472e77
                                                    0x00472f2e
                                                    0x00472f35
                                                    0x00472f40
                                                    0x00472f45
                                                    0x00472e7d
                                                    0x00472ea7
                                                    0x00472eaf
                                                    0x00472eb4
                                                    0x00472eb8
                                                    0x00472ec6
                                                    0x00472eca
                                                    0x00472eca
                                                    0x00472eca
                                                    0x00472ecc
                                                    0x00472ed3
                                                    0x00472ed5
                                                    0x00472ed9
                                                    0x00472ee1
                                                    0x00472ef5
                                                    0x00472ef9
                                                    0x00472eff
                                                    0x00472f02
                                                    0x00472f0f
                                                    0x00472f16
                                                    0x00472f18
                                                    0x00472f19
                                                    0x00472f19
                                                    0x00472ef5
                                                    0x00472ed9
                                                    0x00472ed3
                                                    0x00472f4e
                                                    0x00472f53
                                                    0x00472f5e
                                                    0x00472f85
                                                    0x00472f60
                                                    0x00472f6f
                                                    0x00472f6f
                                                    0x00472f92
                                                    0x00472faa
                                                    0x00472fb3
                                                    0x00472fbd
                                                    0x00473052
                                                    0x00473056
                                                    0x00473080
                                                    0x00473093
                                                    0x0047309f
                                                    0x004730b2
                                                    0x00473058
                                                    0x0047305f
                                                    0x00473072
                                                    0x00473072
                                                    0x00472fc3
                                                    0x00472fca
                                                    0x00472fdd
                                                    0x00472fec
                                                    0x00472ff9
                                                    0x00473001
                                                    0x00473014
                                                    0x00473023
                                                    0x00473030
                                                    0x00473038
                                                    0x0047304b
                                                    0x0047304b
                                                    0x00472fbd
                                                    0x004730bc
                                                    0x004730c3
                                                    0x004730c6
                                                    0x004730c9
                                                    0x004730d1
                                                    0x004730de
                                                    0x004730eb

                                                    APIs
                                                      • Part of subcall function 0042C804: GetFullPathNameA.KERNEL32(00000000,00001000,?), ref: 0042C828
                                                    • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00472E54
                                                    • SHChangeNotify.SHELL32(00000008,00000001,00000000,00000000), ref: 00472F6F
                                                    • SHChangeNotify.SHELL32(00000002,00000001,00000000,00000000), ref: 00472F85
                                                    • SHChangeNotify.SHELL32(00001000,00001001,00000000,00000000), ref: 00472FAA
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: ChangeNotify$FullNamePathPrivateProfileStringWrite
                                                    • String ID: .lnk$.pif$.url$Creating the icon.$Desktop.ini$Dest filename: %s$Successfully created the icon.$target.lnk${group}\
                                                    • API String ID: 971782779-2902529204
                                                    • Opcode ID: ce71c2a7e26fb7b6508a74b8938571ddbf8c629c0e6c29f47ac95046fd4ef9b9
                                                    • Instruction ID: 69417eb76a4de0c3f78625ae8d8ca34093eef506cfc77e8652370fcf6f2c9048
                                                    • Opcode Fuzzy Hash: ce71c2a7e26fb7b6508a74b8938571ddbf8c629c0e6c29f47ac95046fd4ef9b9
                                                    • Instruction Fuzzy Hash: 11D13474A00149AFDB01EFA9D582BDDBBF5EF08305F50806AF904B7392C6789E45CB69
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0047CA48, Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 187COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    C-Code - Quality: 69%
                                                    			E0047CA48(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				intOrPtr _t57;
				intOrPtr _t65;
				unsigned int _t69;
				void* _t72;
				char _t74;
				intOrPtr _t79;
				intOrPtr _t83;
				intOrPtr _t96;
				intOrPtr _t102;
				void* _t113;
				intOrPtr _t136;
				intOrPtr _t140;
				intOrPtr _t148;
				void* _t157;
				void* _t158;
				intOrPtr _t159;

				_t155 = __esi;
				_t154 = __edi;
				_t113 = __ecx;
				_t112 = __ebx;
				_t157 = _t158;
				_t159 = _t158 + 0xfffffff8;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v12 = 0;
				_push(_t157);
				_push(0x47cd1e);
				_push( *[fs:eax]);
				 *[fs:eax] = _t159;
				E0042D898( &_v12);
				E00403450(0x49d190, __ebx, _v12, __edi, __esi);
				E0042D8C4( &_v12);
				E00403450(0x49d194, _t112, _v12, _t154, _t155);
				E0042D8F0( &_v12);
				E00403450(0x49d198, _t112, _v12, _t154, _t155);
				if( *0x49a0dc != 2) {
					E00403400(0x49d19c);
				} else {
					E0042D208("SystemDrive", _t113,  &_v12);
					E00403450(0x49d19c, _t112, _v12, _t154, _t155);
				}
				if( *0x49d19c == 0) {
					_t102 =  *0x49d190; // 0x21c0d34
					E0042C8CC(_t102,  &_v12);
					E00403450(0x49d19c, _t112, _v12, _t154, _t155);
					_t163 =  *0x49d19c;
					if( *0x49d19c == 0) {
						E00403450(0x49d19c, _t112, 0x47cd48, _t154, _t155);
					}
				}
				E0047C8D0(1, "ProgramFilesDir", _t163); // executed
				E00403450(0x49d1a0, _t112, _v12, _t154, _t155);
				_t164 =  *0x49d1a0;
				if( *0x49d1a0 == 0) {
					_t148 =  *0x49d19c; // 0x21d2860
					E004035C0(0x49d1a0, "\\Program Files", _t148);
				}
				E0047C8D0(1, "CommonFilesDir", _t164); // executed
				E00403450(0x49d1a4, _t112, _v12, _t154, _t155);
				if( *0x49d1a4 == 0) {
					_t96 =  *0x49d1a0; // 0x21d2870
					E0042C3FC(_t96,  &_v12);
					E004035C0(0x49d1a4, "Common Files", _v12);
				}
				_t166 =  *0x49d43e;
				if( *0x49d43e != 0) {
					E0047C8D0(2, "ProgramFilesDir", _t166); // executed
					E00403450(0x49d1a8, _t112, _v12, _t154, _t155);
					_t167 =  *0x49d1a8;
					if( *0x49d1a8 == 0) {
						E00453344("Failed to get path of 64-bit Program Files directory", _t112, _t154, _t155, _t167);
					}
					E0047C8D0(2, "CommonFilesDir", _t167); // executed
					E00403450(0x49d1ac, _t112, _v12, _t154, _t155);
					_t168 =  *0x49d1ac;
					if( *0x49d1ac == 0) {
						E00453344("Failed to get path of 64-bit Common Files directory", _t112, _t154, _t155, _t168);
					}
				}
				if( *0x49d504 == 0) {
					L21:
					__eflags =  *0x49d43d;
					if( *0x49d43d == 0) {
						_t57 =  *0x49d190; // 0x21c0d34
						E0042C3FC(_t57,  &_v12);
						E004035C0(0x49d1b8, "COMMAND.COM", _v12); // executed
					} else {
						_t65 =  *0x49d194; // 0x21d2820
						E0042C3FC(_t65,  &_v12);
						E004035C0(0x49d1b8, "cmd.exe", _v12);
					}
					E0047C9B4(); // executed
					__eflags = 0;
					_pop(_t136);
					 *[fs:eax] = _t136;
					_push(E0047CD25);
					return E00403400( &_v12);
				} else {
					_t69 =  *0x49d450; // 0x6032580
					if(_t69 >> 0x10 < 0x600) {
						goto L21;
					} else {
						_t72 =  *0x49d504( &E0049AD30, 0x8000, 0,  &_v8); // executed
						if(_t72 != 0) {
							_t74 =  *0x49d504(0x49ad40, 0x8000, 0,  &_v8); // executed
							__eflags = _t74;
							if(_t74 != 0) {
								goto L21;
							} else {
								_push(_t157);
								_push(0x47ccb3);
								_push( *[fs:eax]);
								 *[fs:eax] = _t159;
								E00403BA4();
								__eflags = 0;
								_pop(_t140);
								 *[fs:eax] = _t140;
								_push(E0047CCBA);
								_t79 = _v8;
								_push(_t79);
								L0042CC54();
								return _t79;
							}
						} else {
							_push(_t157);
							_push(0x47cc60);
							_push( *[fs:eax]);
							 *[fs:eax] = _t159;
							E00403BA4();
							_pop( *[fs:0x0]);
							_push(E0047CC67);
							_t83 = _v8;
							_push(_t83);
							L0042CC54();
							return _t83;
						}
					}
				}
			}





















                                                    0x0047ca48
                                                    0x0047ca48
                                                    0x0047ca48
                                                    0x0047ca48
                                                    0x0047ca49
                                                    0x0047ca4b
                                                    0x0047ca4e
                                                    0x0047ca4f
                                                    0x0047ca50
                                                    0x0047ca53
                                                    0x0047ca58
                                                    0x0047ca59
                                                    0x0047ca5e
                                                    0x0047ca61
                                                    0x0047ca67
                                                    0x0047ca74
                                                    0x0047ca7c
                                                    0x0047ca89
                                                    0x0047ca91
                                                    0x0047ca9e
                                                    0x0047caaa
                                                    0x0047cacd
                                                    0x0047caac
                                                    0x0047cab4
                                                    0x0047cac1
                                                    0x0047cac1
                                                    0x0047cad9
                                                    0x0047cade
                                                    0x0047cae3
                                                    0x0047caf0
                                                    0x0047caf5
                                                    0x0047cafc
                                                    0x0047cb08
                                                    0x0047cb08
                                                    0x0047cafc
                                                    0x0047cb17
                                                    0x0047cb24
                                                    0x0047cb29
                                                    0x0047cb30
                                                    0x0047cb3c
                                                    0x0047cb42
                                                    0x0047cb42
                                                    0x0047cb51
                                                    0x0047cb5e
                                                    0x0047cb6a
                                                    0x0047cb6f
                                                    0x0047cb74
                                                    0x0047cb86
                                                    0x0047cb86
                                                    0x0047cb8b
                                                    0x0047cb92
                                                    0x0047cb9e
                                                    0x0047cbab
                                                    0x0047cbb0
                                                    0x0047cbb7
                                                    0x0047cbbe
                                                    0x0047cbbe
                                                    0x0047cbcd
                                                    0x0047cbda
                                                    0x0047cbdf
                                                    0x0047cbe6
                                                    0x0047cbed
                                                    0x0047cbed
                                                    0x0047cbe6
                                                    0x0047cbf9
                                                    0x0047ccba
                                                    0x0047ccba
                                                    0x0047ccc1
                                                    0x0047cce7
                                                    0x0047ccec
                                                    0x0047ccfe
                                                    0x0047ccc3
                                                    0x0047ccc6
                                                    0x0047cccb
                                                    0x0047ccdd
                                                    0x0047ccdd
                                                    0x0047cd03
                                                    0x0047cd08
                                                    0x0047cd0a
                                                    0x0047cd0d
                                                    0x0047cd10
                                                    0x0047cd1d
                                                    0x0047cbff
                                                    0x0047cbff
                                                    0x0047cc0c
                                                    0x00000000
                                                    0x0047cc12
                                                    0x0047cc22
                                                    0x0047cc2a
                                                    0x0047cc77
                                                    0x0047cc7d
                                                    0x0047cc7f
                                                    0x00000000
                                                    0x0047cc81
                                                    0x0047cc83
                                                    0x0047cc84
                                                    0x0047cc89
                                                    0x0047cc8c
                                                    0x0047cc97
                                                    0x0047cc9c
                                                    0x0047cc9e
                                                    0x0047cca1
                                                    0x0047cca4
                                                    0x0047cca9
                                                    0x0047ccac
                                                    0x0047ccad
                                                    0x0047ccb2
                                                    0x0047ccb2
                                                    0x0047cc2c
                                                    0x0047cc2e
                                                    0x0047cc2f
                                                    0x0047cc34
                                                    0x0047cc37
                                                    0x0047cc42
                                                    0x0047cc47
                                                    0x0047cc51
                                                    0x0047cc56
                                                    0x0047cc59
                                                    0x0047cc5a
                                                    0x0047cc5f
                                                    0x0047cc5f
                                                    0x0047cc2a
                                                    0x0047cc0c

                                                    APIs
                                                      • Part of subcall function 0042D898: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00453DB4,00000000,00454066,?,?,00000000,0049C628,00000004,00000000,00000000,00000000,?,004988E5), ref: 0042D8AB
                                                      • Part of subcall function 0042D8C4: GetSystemDirectoryA.KERNEL32 ref: 0042D8D7
                                                      • Part of subcall function 0042D8F0: GetModuleHandleA.KERNEL32(kernel32.dll,GetSystemWow64DirectoryA,?,00453B5A,00000000,00453BFD,?,?,00000000,00000000,00000000,00000000,00000000,?,00453FED,00000000), ref: 0042D90A
                                                      • Part of subcall function 0042D8F0: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0042D910
                                                    • SHGetKnownFolderPath.SHELL32(0049AD30,00008000,00000000,?,00000000,0047CD1E), ref: 0047CC22
                                                    • 753CA680.OLE32(?,0047CC67), ref: 0047CC5A
                                                      • Part of subcall function 0042D208: GetEnvironmentVariableA.KERNEL32(00000000,00000000,00000000,?,?,00000000,0042DA3E,00000000,0042DAD0,?,?,?,0049C628,00000000,00000000), ref: 0042D233
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Directory$A680AddressEnvironmentFolderHandleKnownModulePathProcSystemVariableWindows
                                                    • String ID: COMMAND.COM$Common Files$CommonFilesDir$Failed to get path of 64-bit Common Files directory$Failed to get path of 64-bit Program Files directory$ProgramFilesDir$SystemDrive$\Program Files$cmd.exe
                                                    • API String ID: 1289754905-544719455
                                                    • Opcode ID: fcc310bf490460646d1fd6b8b4129c3c707d8ae0284c530feea0f38de33a2a7d
                                                    • Instruction ID: 98c8bf546cfcb3b0d768b5071be100863efb26fba80d147bce383fdfc7eb0663
                                                    • Opcode Fuzzy Hash: fcc310bf490460646d1fd6b8b4129c3c707d8ae0284c530feea0f38de33a2a7d
                                                    • Instruction Fuzzy Hash: 0661A035E00204AFDB21FBA5D982A8E7B69EB44319F50C47BE448A7395C73CAA44CB5D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00423874, Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 98windowregistryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 2913 423874-42387e 2914 4239a7-4239ab 2913->2914 2915 423884-4238a6 call 41f3c4 GetClassInfoA 2913->2915 2918 4238d7-4238e0 GetSystemMetrics 2915->2918 2919 4238a8-4238bf RegisterClassA 2915->2919 2920 4238e2 2918->2920 2921 4238e5-4238ef GetSystemMetrics 2918->2921 2919->2918 2922 4238c1-4238d2 call 408cbc call 40311c 2919->2922 2920->2921 2923 4238f1 2921->2923 2924 4238f4-423950 call 403738 call 4062e8 call 403400 call 42364c SetWindowLongA 2921->2924 2922->2918 2923->2924 2936 423952-423965 call 424178 SendMessageA 2924->2936 2937 42396a-423998 GetSystemMenu DeleteMenu * 2 2924->2937 2936->2937 2937->2914 2938 42399a-4239a2 DeleteMenu 2937->2938 2938->2914
                                                    C-Code - Quality: 56%
                                                    			E00423874(int __eax, void* __edi, void* __esi) {
				void* __ebx;
				int _t12;
				long _t13;
				CHAR* _t14;
				struct HINSTANCE__* _t15;
				signed int _t17;
				signed int _t18;
				signed int _t20;
				struct HINSTANCE__* _t21;
				void* _t23;
				CHAR* _t24;
				struct HWND__* _t25;
				long _t38;
				struct HINSTANCE__* _t41;
				int _t45;
				struct HMENU__* _t46;
				struct _WNDCLASSA* _t54;
				short _t57;

				_t12 = __eax;
				_t45 = __eax;
				if( *((char*)(__eax + 0x7e)) != 0) {
					L12:
					return _t12;
				}
				_t13 = E0041F3C4(E00423C0C, __eax); // executed
				 *(_t45 + 0x24) = _t13;
				_t14 =  *0x49a654; // 0x42367c
				_t15 =  *0x49c014; // 0x400000
				if(GetClassInfoA(_t15, _t14, _t54) == 0) {
					_t41 =  *0x49c014; // 0x400000
					 *0x49a640 = _t41;
					_t57 = RegisterClassA(0x49a630);
					if(_t57 == 0) {
						E00408CBC(_t45, 0xf02c, 1, __edi, __esi);
						E0040311C();
					}
				}
				_t17 = GetSystemMetrics(0); // executed
				_t18 = _t17 >> 1;
				if(_t57 < 0) {
					asm("adc eax, 0x0");
				}
				_push(_t18);
				_t20 = GetSystemMetrics(1) >> 1;
				if(_t57 < 0) {
					asm("adc eax, 0x0");
				}
				_push(_t20);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_t21 =  *0x49c014; // 0x400000
				_push(_t21);
				_push(0);
				_t3 = _t45 + 0x6c; // 0x20040
				_t23 = E00403738( *_t3);
				_t24 =  *0x49a654; // 0x42367c, executed
				_t25 = E004062E8(_t24, 0x94ca0000, _t23); // executed
				 *(_t45 + 0x20) = _t25;
				_t5 = _t45 + 0x6c; // 0x41ee10
				E00403400(_t5);
				 *((char*)(_t45 + 0x7e)) = 1;
				_t7 = _t45 + 0x20; // 0x410460
				E0042364C( *_t7, 9, _t57);
				_t8 = _t45 + 0x24; // 0x42368c
				_t9 = _t45 + 0x20; // 0x410460
				SetWindowLongA( *_t9, 0xfffffffc,  *_t8);
				if( *0x49c5c4 != 0) {
					_t38 = E00424178(_t45);
					_t10 = _t45 + 0x20; // 0x410460
					SendMessageA( *_t10, 0x80, 1, _t38); // executed
				}
				_t11 = _t45 + 0x20; // 0x410460
				_t46 = GetSystemMenu( *_t11, 0);
				DeleteMenu(_t46, 0xf030, 0);
				_t12 = DeleteMenu(_t46, 0xf000, 0);
				if( *0x49c5c4 == 0) {
					goto L12;
				} else {
					return DeleteMenu(_t46, 0xf010, 0);
				}
			}





















                                                    0x00423874
                                                    0x00423878
                                                    0x0042387e
                                                    0x004239ab
                                                    0x004239ab
                                                    0x004239ab
                                                    0x0042388a
                                                    0x0042388f
                                                    0x00423893
                                                    0x00423899
                                                    0x004238a6
                                                    0x004238a8
                                                    0x004238ad
                                                    0x004238bc
                                                    0x004238bf
                                                    0x004238cd
                                                    0x004238d2
                                                    0x004238d2
                                                    0x004238bf
                                                    0x004238d9
                                                    0x004238de
                                                    0x004238e0
                                                    0x004238e2
                                                    0x004238e2
                                                    0x004238e5
                                                    0x004238ed
                                                    0x004238ef
                                                    0x004238f1
                                                    0x004238f1
                                                    0x004238f4
                                                    0x004238f5
                                                    0x004238f7
                                                    0x004238f9
                                                    0x004238fb
                                                    0x004238fd
                                                    0x00423902
                                                    0x00423903
                                                    0x00423905
                                                    0x00423908
                                                    0x00423914
                                                    0x00423919
                                                    0x0042391e
                                                    0x00423921
                                                    0x00423924
                                                    0x00423929
                                                    0x00423932
                                                    0x00423935
                                                    0x0042393a
                                                    0x00423940
                                                    0x00423944
                                                    0x00423950
                                                    0x00423954
                                                    0x00423961
                                                    0x00423965
                                                    0x00423965
                                                    0x0042396c
                                                    0x00423975
                                                    0x0042397f
                                                    0x0042398c
                                                    0x00423998
                                                    0x00000000
                                                    0x0042399a
                                                    0x00000000
                                                    0x004239a2

                                                    APIs
                                                      • Part of subcall function 0041F3C4: VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,00000000,0041EDA4,?,0042388F,00423C0C,0041EDA4), ref: 0041F3E2
                                                    • GetClassInfoA.USER32 ref: 0042389F
                                                    • RegisterClassA.USER32 ref: 004238B7
                                                    • GetSystemMetrics.USER32 ref: 004238D9
                                                    • GetSystemMetrics.USER32 ref: 004238E8
                                                    • SetWindowLongA.USER32 ref: 00423944
                                                    • SendMessageA.USER32 ref: 00423965
                                                    • GetSystemMenu.USER32(00410460,00000000,00410460,000000FC,0042368C,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00000000,00400000), ref: 00423970
                                                    • DeleteMenu.USER32(00000000,0000F030,00000000,00410460,00000000,00410460,000000FC,0042368C,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001), ref: 0042397F
                                                    • DeleteMenu.USER32(00000000,0000F000,00000000,00000000,0000F030,00000000,00410460,00000000,00410460,000000FC,0042368C,00000000,00400000,00000000,00000000,00000000), ref: 0042398C
                                                    • DeleteMenu.USER32(00000000,0000F010,00000000,00000000,0000F000,00000000,00000000,0000F030,00000000,00410460,00000000,00410460,000000FC,0042368C,00000000,00400000), ref: 004239A2
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Menu$DeleteSystem$ClassMetrics$AllocInfoLongMessageRegisterSendVirtualWindow
                                                    • String ID: |6B
                                                    • API String ID: 183575631-3009739247
                                                    • Opcode ID: caeea625127a26a36a20177a08b71d6ea9d58e403ef4893d265ee755c5008273
                                                    • Instruction ID: 701f3ba42b2f6941ce043f3d21f0a29caf986c78014eaa590cfe39abddca5976
                                                    • Opcode Fuzzy Hash: caeea625127a26a36a20177a08b71d6ea9d58e403ef4893d265ee755c5008273
                                                    • Instruction Fuzzy Hash: 0F316FB17402106AEB10BFA5DC82F6A36989B14709F64017BBA44EF2D7C6BDED40876D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0047D254, Relevance: 17.6, APIs: 1, Strings: 9, Instructions: 95libraryloaderCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 3025 47d254-47d2aa call 42c3fc call 4035c0 call 47cf18 call 4525d8 3034 47d2b6-47d2c5 call 4525d8 3025->3034 3035 47d2ac-47d2b1 call 453344 3025->3035 3039 47d2c7-47d2cd 3034->3039 3040 47d2df-47d2e5 3034->3040 3035->3034 3041 47d2ef-47d2f7 call 403494 3039->3041 3042 47d2cf-47d2d5 3039->3042 3043 47d2e7-47d2ed 3040->3043 3044 47d2fc-47d324 call 42e394 * 2 3040->3044 3041->3044 3042->3040 3047 47d2d7-47d2dd 3042->3047 3043->3041 3043->3044 3051 47d326-47d346 call 4078f4 call 453344 3044->3051 3052 47d34b-47d365 GetProcAddress 3044->3052 3047->3040 3047->3041 3051->3052 3054 47d367-47d36c call 453344 3052->3054 3055 47d371-47d38e call 403400 * 2 3052->3055 3054->3055
                                                    C-Code - Quality: 81%
                                                    			E0047D254(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				intOrPtr _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				intOrPtr _t32;
				void* _t39;
				struct HINSTANCE__* _t46;
				struct HINSTANCE__* _t47;
				_Unknown_base(*)()* _t71;
				intOrPtr _t83;
				void* _t90;
				void* _t92;

				_t92 = __eflags;
				_t87 = __esi;
				_t86 = __edi;
				_t70 = __ebx;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v28 = 0;
				_v8 = 0;
				_push(_t90);
				_push(0x47d38f);
				_push( *[fs:eax]);
				 *[fs:eax] = _t90 + 0xffffffe0;
				_t32 =  *0x49d18c; // 0x21d2a78
				E0042C3FC(_t32,  &_v28);
				E004035C0( &_v8, "_isetup\\_shfoldr.dll", _v28);
				E0047CF18("SHFOLDERDLL", __ebx, _v8, __edi, __esi, _t92);
				_t7 =  &_v24; // 0x497e40
				_t39 = E004525D8(_t7);
				_t93 = _t39;
				if(_t39 == 0) {
					E00453344("Failed to get version numbers of _shfoldr.dll", _t70, _t86, _t87, _t93);
				}
				if(E004525D8( &_v16) == 0) {
					L6:
					_t17 =  &_v24; // 0x497e40
					if(_v16 ==  *_t17 && _v12 == _v20) {
						goto L8;
					}
				} else {
					_t11 =  &_v24; // 0x497e40
					if(_v16 >  *_t11) {
						L8:
						E00403494( &_v8, "shfolder.dll");
					} else {
						_t13 =  &_v24; // 0x497e40
						if(_v16 !=  *_t13 || _v12 <= _v20) {
							goto L6;
						} else {
							goto L8;
						}
					}
				}
				E0042E394("shell32.dll", _t70, 0x8000); // executed
				_t46 = E0042E394(_v8, _t70, 0x8000); // executed
				 *0x49d4fc = _t46;
				if( *0x49d4fc == 0) {
					_v36 = _v8;
					_v32 = 0xb;
					E004078F4("Failed to load DLL \"%s\"", 0,  &_v36,  &_v28);
					E00453344(_v28, _t70, _t86, _t87, 0);
				}
				_t47 =  *0x49d4fc; // 0x0
				_t71 = GetProcAddress(_t47, "SHGetFolderPathA");
				 *0x49d500 = _t71;
				_t102 = _t71;
				if(_t71 == 0) {
					E00453344("Failed to get address of SHGetFolderPath function", _t71, _t86, _t87, _t102);
				}
				_pop(_t83);
				 *[fs:eax] = _t83;
				_push(E0047D396);
				E00403400( &_v28);
				return E00403400( &_v8);
			}



















                                                    0x0047d254
                                                    0x0047d254
                                                    0x0047d254
                                                    0x0047d254
                                                    0x0047d25a
                                                    0x0047d25b
                                                    0x0047d25c
                                                    0x0047d25f
                                                    0x0047d262
                                                    0x0047d267
                                                    0x0047d268
                                                    0x0047d26d
                                                    0x0047d270
                                                    0x0047d276
                                                    0x0047d27b
                                                    0x0047d28b
                                                    0x0047d298
                                                    0x0047d29d
                                                    0x0047d2a3
                                                    0x0047d2a8
                                                    0x0047d2aa
                                                    0x0047d2b1
                                                    0x0047d2b1
                                                    0x0047d2c5
                                                    0x0047d2df
                                                    0x0047d2e2
                                                    0x0047d2e5
                                                    0x00000000
                                                    0x00000000
                                                    0x0047d2c7
                                                    0x0047d2ca
                                                    0x0047d2cd
                                                    0x0047d2ef
                                                    0x0047d2f7
                                                    0x0047d2cf
                                                    0x0047d2d2
                                                    0x0047d2d5
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x0047d2d5
                                                    0x0047d2cd
                                                    0x0047d306
                                                    0x0047d313
                                                    0x0047d318
                                                    0x0047d324
                                                    0x0047d32d
                                                    0x0047d330
                                                    0x0047d33e
                                                    0x0047d346
                                                    0x0047d346
                                                    0x0047d350
                                                    0x0047d35b
                                                    0x0047d35d
                                                    0x0047d363
                                                    0x0047d365
                                                    0x0047d36c
                                                    0x0047d36c
                                                    0x0047d373
                                                    0x0047d376
                                                    0x0047d379
                                                    0x0047d381
                                                    0x0047d38e

                                                    APIs
                                                    • GetProcAddress.KERNEL32(00000000,SHGetFolderPathA), ref: 0047D356
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: AddressProc
                                                    • String ID: @~I$Failed to get address of SHGetFolderPath function$Failed to get version numbers of _shfoldr.dll$Failed to load DLL "%s"$SHFOLDERDLL$SHGetFolderPathA$_isetup\_shfoldr.dll$shell32.dll$shfolder.dll
                                                    • API String ID: 190572456-3298939431
                                                    • Opcode ID: 4912deedc86249b44c2b2bc209ab311300b7f510cf8b75585d8d8e5d7b3a2fdc
                                                    • Instruction ID: bc39436a4c90ca8ea62b347ec71a57b5bd866838b4fb2709fb97938870acbe9e
                                                    • Opcode Fuzzy Hash: 4912deedc86249b44c2b2bc209ab311300b7f510cf8b75585d8d8e5d7b3a2fdc
                                                    • Instruction Fuzzy Hash: 4C31FB30E101499BCB00EF99D5829EEB7B5EF44318F5084B7E808E7252E738AE05CB6D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0040631C, Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 27libraryloaderCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 3174 40631c-406336 GetModuleHandleA GetProcAddress 3175 406338 3174->3175 3176 40633f-40634c GetProcAddress 3174->3176 3175->3176 3177 406355-406362 GetProcAddress 3176->3177 3178 40634e 3176->3178 3179 406364-406366 SetProcessDEPPolicy 3177->3179 3180 406368-406369 3177->3180 3178->3177 3179->3180
                                                    C-Code - Quality: 46%
                                                    			E0040631C() {
				_Unknown_base(*)()* _t2;
				_Unknown_base(*)()* _t3;
				_Unknown_base(*)()* _t4;
				void* _t5;
				struct HINSTANCE__* _t8;

				_t8 = GetModuleHandleA("kernel32.dll");
				_t2 = GetProcAddress(_t8, "SetDllDirectoryW");
				if(_t2 != 0) {
					 *_t2(0x406390);
				}
				_t3 = GetProcAddress(_t8, "SetSearchPathMode");
				if(_t3 != 0) {
					 *_t3(0x8001);
				}
				_t4 = GetProcAddress(_t8, "SetProcessDEPPolicy");
				if(_t4 != 0) {
					_t5 =  *_t4(1); // executed
					return _t5;
				}
				return _t4;
			}








                                                    0x00406327
                                                    0x0040632f
                                                    0x00406336
                                                    0x0040633d
                                                    0x0040633d
                                                    0x00406345
                                                    0x0040634c
                                                    0x00406353
                                                    0x00406353
                                                    0x0040635b
                                                    0x00406362
                                                    0x00406366
                                                    0x00000000
                                                    0x00406366
                                                    0x00406369

                                                    APIs
                                                    • GetModuleHandleA.KERNEL32(kernel32.dll,?,00499100), ref: 00406322
                                                    • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 0040632F
                                                    • GetProcAddress.KERNEL32(00000000,SetSearchPathMode), ref: 00406345
                                                    • GetProcAddress.KERNEL32(00000000,SetProcessDEPPolicy), ref: 0040635B
                                                    • SetProcessDEPPolicy.KERNEL32(00000001,00000000,SetProcessDEPPolicy,00000000,SetSearchPathMode,kernel32.dll,?,00499100), ref: 00406366
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: AddressProc$HandleModulePolicyProcess
                                                    • String ID: SetDllDirectoryW$SetProcessDEPPolicy$SetSearchPathMode$kernel32.dll
                                                    • API String ID: 3256987805-3653653586
                                                    • Opcode ID: fb4db72500fb8039bf9e982fa136c472a352d03826636d66c2b82dec8efce00d
                                                    • Instruction ID: 935c6a5f7b98c90e27654dc67135d8c1f882d2ad5d8c1b9d0efaf55941893a49
                                                    • Opcode Fuzzy Hash: fb4db72500fb8039bf9e982fa136c472a352d03826636d66c2b82dec8efce00d
                                                    • Instruction Fuzzy Hash: 97E02D90380702ACEA1032B20D82F3B144C9B54B69B26543B7D56B51C7D9BDDD7059BD
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0041321B, Relevance: 14.6, APIs: 6, Strings: 2, Instructions: 639COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 49%
                                                    			E0041321B(void* __eax, signed char __ebx, void* __ecx, signed int __edx, signed int __edi, signed int __esi, struct HWND__* _a8, void* _a12, void* _a16, intOrPtr _a20, intOrPtr _a64) {
				void* _v4;
				void* _v6;
				void* _v18;
				intOrPtr _v1965293503;
				void* _t357;
				intOrPtr* _t359;
				intOrPtr* _t360;
				void* _t363;
				signed int _t365;
				signed int _t366;
				void* _t369;
				signed int _t370;
				signed int _t371;
				signed int _t372;
				struct HWND__* _t373;
				void* _t375;
				signed int _t376;
				void* _t379;
				void* _t394;
				intOrPtr* _t396;
				void* _t399;
				void* _t401;
				signed int _t402;
				intOrPtr* _t404;
				signed int _t406;
				void* _t411;
				void* _t412;
				signed char _t414;
				intOrPtr* _t416;
				void* _t417;
				intOrPtr* _t418;
				void* _t419;
				signed char _t420;
				void* _t422;
				void* _t423;
				void* _t424;
				signed int* _t425;
				void* _t431;
				void* _t432;
				void* _t433;
				signed int _t434;
				signed int _t435;
				signed int* _t437;
				signed int _t438;
				void* _t439;
				void* _t441;
				signed char _t444;
				void* _t451;
				signed int* _t455;
				signed int _t456;
				signed int _t461;
				intOrPtr* _t463;
				intOrPtr* _t464;
				void* _t466;
				signed int _t468;
				signed int* _t470;
				signed char _t471;
				signed int* _t473;
				signed int* _t474;
				signed int* _t476;
				void* _t478;
				signed int _t479;
				void* _t480;
				void* _t481;
				intOrPtr* _t482;
				void* _t485;
				signed int* _t486;
				void* _t489;
				void* _t490;
				signed int _t493;
				signed int _t494;
				intOrPtr* _t496;
				signed int _t497;
				signed int _t498;
				intOrPtr* _t502;
				signed int _t503;
				void* _t520;
				void* _t527;
				intOrPtr _t537;
				void* _t541;
				signed int _t549;
				void* _t558;
				signed char _t559;
				signed char _t560;
				signed int _t563;
				intOrPtr _t570;
				signed int _t571;
				void* _t573;
				void* _t581;
				void* _t583;
				signed int* _t585;
				signed int* _t598;

				_t497 = __esi;
				_t494 = __edi;
				_t493 = __edx;
				_t420 = __ebx;
				asm("outsd");
				 *((intOrPtr*)(__edi + 0x6fd40041 + _t498 * 2)) =  *((intOrPtr*)(__edi + 0x6fd40041 + _t498 * 2)) + __edx;
				_t357 = __eax + __ebx;
				asm("outsd");
				_t431 = __ecx + 3;
				 *((intOrPtr*)(_t357 + 0x70)) =  *((intOrPtr*)(_t357 + 0x70)) + _t431;
				_t432 = _t431 + 1;
				 *((intOrPtr*)(_t357 + 0x70)) =  *((intOrPtr*)(_t357 + 0x70)) + _t432;
				_t433 = _t432 + 1;
				_t11 = _t357 - 0x53ffbe90;
				 *_t11 =  *((intOrPtr*)(_t357 - 0x53ffbe90)) + _t433;
				if( *_t11 < 0) {
					L10:
					 *(_t497 + 0x41) =  *(_t497 + 0x41) ^ 0x00000000;
					goto L11;
				} else {
					_t419 = _t357 + __edx;
					if(_t419 < 0) {
						L11:
						_t433 = _t433 + 1;
					} else {
						_t359 = _t419 + __edx;
						if(_t359 < 0) {
							 *(_t497 + 0x41) =  *(_t497 + 0x41) << 1;
						} else {
							 *_t359 =  *_t359 + __ebx;
							if( *_t359 >= 0) {
								_push(_t359);
								if(_t520 > 0) {
									goto L33;
								} else {
									 *((intOrPtr*)(_t494 + 0x41 + _t497 * 2)) =  *((intOrPtr*)(_t494 + 0x41 + _t497 * 2)) + _t493;
									 *((intOrPtr*)(_t359 + _t497 * 2)) =  *((intOrPtr*)(_t359 + _t497 * 2)) + _t493;
									goto L17;
								}
							} else {
								 *((intOrPtr*)(_t433 + 0x41 + __esi * 2)) =  *((intOrPtr*)(_t433 + 0x41 + __esi * 2)) + __edx;
								_t359 = _t359 + _t359;
								if(_t359 >= 0) {
									L17:
									asm("adc al, 0x70");
									_t489 = _t433 + 1;
									 *_t359 =  *_t359 + _t489;
									if( *_t359 < 0) {
										goto L35;
									} else {
										 *_t359 =  *_t359 + _t420;
										goto L19;
									}
								} else {
									 *((intOrPtr*)(__edx + __esi * 2)) =  *((intOrPtr*)(__edx + __esi * 2)) + _t359;
									_t489 = _t433 + 1;
									 *_t359 =  *_t359 + __ebx;
									if( *_t359 >= 0) {
										_t418 = _t359 + __edx;
										if(_t418 >= 0) {
											asm("in al, 0x77");
											_t434 = _t489 + 1;
										} else {
											 *_t418 =  *_t418 + __edx;
											if( *_t418 == 0) {
												asm("clc");
												if(_t527 > 0) {
													asm("les edi, [ecx+0x41]");
												} else {
													 *_t416 =  *_t416 + _t416;
													if( *_t416 < 0) {
														asm("int3");
														if(_t541 >= 0) {
															 *(_t414 - 0x7bcbffbf) =  *(_t414 - 0x7bcbffbf) | _t414;
															_t406 = _t414 ^ 0x00000084;
															_t486 = _t434 + 1;
															 *_t420 = _t486 +  *_t420;
															_t558 =  *_t420;
															_t493 = _t493 |  *(_t494 + 0x69 + _t493 * 2);
															asm("outsb");
															_t420 = _t420 + 1;
															asm("outsd");
															asm("outsb");
															if(_t558 == 0) {
																goto L79;
															} else {
																asm("outsd");
																asm("insb");
																goto L65;
															}
														} else {
															_t417 = _t414 + _t493;
															goto L43;
														}
													} else {
														 *_t416 =  *_t416 + _t434;
														if( *_t416 < 0) {
															L43:
															asm("aam 0x79");
															_t486 = _t434 + 1;
														} else {
															 *_t416 =  *_t416 + _t493;
															if( *_t416 < 0) {
																asm("enter 0x417a, 0x0");
															} else {
																 *((intOrPtr*)(_t416 + 0x78)) =  *((intOrPtr*)(_t416 + 0x78)) + _t434;
																_t490 = _t434 + 1;
																 *((intOrPtr*)(_t416 - 0x2fffbe88)) =  *((intOrPtr*)(_t416 - 0x2fffbe88)) + _t490;
																goto L28;
															}
														}
													}
												}
											} else {
												 *((intOrPtr*)(_t502 + 0x74dc0041 + __esi * 2)) =  *((intOrPtr*)(_t502 + 0x74dc0041 + __esi * 2)) + __ebx;
												 *((intOrPtr*)(_t418 + 0x75)) =  *((intOrPtr*)(_t418 + 0x75)) + __ebx;
												_t490 = _t489 + 2;
												_t31 = _t418 + 0xc004175;
												 *_t31 =  *((intOrPtr*)(_t418 + 0xc004175)) + __ebx;
												if( *_t31 <= 0) {
													L28:
													_t487 = _t490 + 1;
													_t406 = _t416 + _t493;
													if(_t406 < 0) {
														_t412 = _t406 + 1;
														if(_t412 < 0) {
															L65:
															_pop(es);
															_t493 = _t493 |  *(_t494 + 0x69 + _t493 * 2);
															asm("outsb");
															_t420 = _t420 + 1;
															_t559 = _t420;
															asm("outsd");
															asm("outsb");
															if (_t559 == 0) goto L81;
															goto L66;
														} else {
															 *((intOrPtr*)(_t502 + 0x7a2c0041 + _t494 * 2)) =  *((intOrPtr*)(_t502 + 0x7a2c0041 + _t494 * 2)) + _t420;
															_t487 =  &(_t486[0]);
															_t411 = _t412 +  &(_t486[0]);
															if(_t411 >= 0) {
																L66:
																if(_t559 < 0) {
																	goto L81;
																} else {
																	asm("outsd");
																}
															} else {
																_t406 = _t411 + _t420;
																_t549 = _t406;
																goto L51;
															}
														}
													} else {
														 *((intOrPtr*)(_t487 + _t494 * 2)) =  *((intOrPtr*)(_t487 + _t494 * 2)) + _t487;
														_t486 = _t487 + 1;
														 *((intOrPtr*)(_t486 + 0x41 + _t494 * 2)) =  *((intOrPtr*)(_t486 + 0x41 + _t494 * 2)) + _t486;
														 *((intOrPtr*)(_t486 + 0x78400041 + _t494 * 2)) =  *((intOrPtr*)(_t486 + 0x78400041 + _t494 * 2)) + _t486;
														asm("invalid");
														 *((intOrPtr*)(_t406 + 0x78)) =  *((intOrPtr*)(_t406 + 0x78)) + _t406;
														_t406 = _t406 + 1;
														if(_t406 < 0) {
															L51:
															asm("cld");
															if(_t549 < 0) {
																 *_t486 =  *_t486 ^ _t406;
																asm("cld");
																asm("das");
																_t437 =  &(_t486[0]);
																 *_t437 = _t437 +  *_t437;
																 *_t406 =  *_t406 + _t437;
																_t420 = _t420 + 1;
																_t560 = _t420;
																asm("outsd");
																asm("outsb");
																if(_t560 == 0) {
																	L83:
																	 *((intOrPtr*)(_t365 + 0x44)) =  *((intOrPtr*)(_t365 + 0x44)) + _t493;
																	_t438 =  &(_t437[0]);
																	 *((intOrPtr*)(_t438 + _t438 * 2)) =  *((intOrPtr*)(_t438 + _t438 * 2)) + _t493;
																	_t439 = _t438 + 1;
																	 *((intOrPtr*)(_t365 + 4)) =  *((intOrPtr*)(_t365 + 4)) + _t439;
																	 *((intOrPtr*)(_t365 + 4)) =  *((intOrPtr*)(_t365 + 4)) + _t365;
																	_t441 = _t439 + 2;
																	 *((intOrPtr*)(_t497 + 0x47400041 + _t365 * 4)) =  *((intOrPtr*)(_t497 + 0x47400041 + _t365 * 4)) + _t441;
																	_t435 = _t441 + 1;
																	 *((intOrPtr*)(_t497 + 0x4d900041 + _t365 * 2)) =  *((intOrPtr*)(_t497 + 0x4d900041 + _t365 * 2)) + _t365;
																	goto L84;
																} else {
																	asm("outsd");
																	asm("insb");
																	if(_t560 < 0) {
																		 *((intOrPtr*)(_t494 + 0x40 + _t420 * 4)) =  *((intOrPtr*)(_t494 + 0x40 + _t420 * 4)) + _t437;
																	}
																	_t502 = _t502 - 1;
																	asm("lahf");
																	_t365 = _t363 + 1 + _t493;
																	asm("rol byte [eax], 1");
																	asm("rol byte [eax], 1");
																	_t420 = _t420 + _t420 + _t420 + _t420;
																	 *_t365 =  *_t365 + _t365;
																	 *_t365 =  *_t365 + _t365;
																	 *_t365 =  *_t365 + _t365;
																	 *_t365 =  *_t365 + _t365;
																	 *_t365 =  *_t365 | _t365;
																	_t435 = _t434 |  *(_t365 + 0x65);
																	_t563 = _t435;
																	asm("insb");
																	if(_t563 < 0) {
																		L82:
																		 *((intOrPtr*)(_t502 + _t365 + 0x41)) =  *((intOrPtr*)(_t502 + _t365 + 0x41)) + 0x40;
																		_t365 = _t365 + _t365;
																		_t502 = _t502 + 1;
																		_t437 = 0x41;
																		goto L83;
																	} else {
																		asm("outsd");
																		asm("outsb");
																		if(_t563 == 0) {
																			L84:
																			 *((intOrPtr*)(_t365 - 0x57ffbeb3)) =  *((intOrPtr*)(_t365 - 0x57ffbeb3)) + _t493;
																			_t420 = _t420 + 1;
																			 *((intOrPtr*)(_t502 + 0x41 + _t365 * 2)) =  *((intOrPtr*)(_t502 + 0x41 + _t365 * 2)) + _t420;
																			_t365 = _t365 + _t420;
																			_t435 = _t435 + 1 - 1 + 1;
																			_t192 = _t365 + 0x52;
																			 *_t192 =  *((intOrPtr*)(_t365 + 0x52)) + _t493;
																			_t570 =  *_t192;
																		} else {
																			if(_t563 >= 0) {
																				 *_t365 =  *_t365 + _t365;
																				 *_t365 =  *_t365 + _t365;
																				 *_t365 =  *_t365 + _t365;
																				 *_t365 =  *_t365 + _t365;
																				_t406 = _t365 - 0x34;
																				 *_t406 =  *_t406 + _t406;
																				 *_t406 =  *_t406 + _t406;
																				 *_t406 =  *_t406 + _t406;
																				 *_t406 =  *_t406 + _t406;
																				 *((intOrPtr*)(_t502 + _t497)) =  *((intOrPtr*)(_t502 + _t497)) + _t493;
																				 *((intOrPtr*)(_t502 + _t497)) =  *((intOrPtr*)(_t502 + _t497)) + _t420;
																				_t485 = _t435 + 3;
																				 *((intOrPtr*)(_t406 + _t406 + 0x2e8c0000)) =  *((intOrPtr*)(_t406 + _t406 + 0x2e8c0000)) + _t485;
																				_t486 = _t485 + 1;
																				 *((intOrPtr*)(_t420 + _t493 * 2)) =  *((intOrPtr*)(_t420 + _t493 * 2)) + _t420;
																				L79:
																				_t487 =  &(_t486[0]);
																				 *_t420 =  *_t420 | _t487;
																				_t411 =  *_t487;
																				 *_t487 = _t406 + _t406 -  *((intOrPtr*)(_t406 + _t406)) + 1 + _t406 + _t406 -  *((intOrPtr*)(_t406 + _t406)) + 1;
																				_t412 = _t411 + _t411;
																				L81:
																				_t493 = 0x40;
																				_push(_t420);
																				_t365 = _t412 + _t412 + _t420;
																				goto L82;
																			}
																		}
																	}
																}
															} else {
																 *_t406 =  *_t406 + _t420;
																goto L53;
															}
														} else {
															_t82 = _t494 + 0x77ac0041 + _t497 * 2;
															 *_t82 =  *((intOrPtr*)(_t494 + 0x77ac0041 + _t497 * 2)) + _t493;
															_t537 =  *_t82;
															L33:
															_t360 = _t502;
															_t502 = _t359;
															if(_t537 > 0) {
																L53:
																asm("sbb [ebx+0x41], dh");
															} else {
																 *((intOrPtr*)(_t494 + 0x77b80041 + _t497 * 2)) =  *((intOrPtr*)(_t494 + 0x77b80041 + _t497 * 2)) + _t433;
																_t489 = _t433 + 1;
																L35:
																asm("les esi, [edi+0x41]");
															}
														}
													}
												} else {
													 *((intOrPtr*)(__esi + __esi * 2)) =  *((intOrPtr*)(__esi + __esi * 2)) + _t490;
													 *((intOrPtr*)(_t418 + 0x76)) =  *((intOrPtr*)(_t418 + 0x76)) + _t418;
													_t433 = _t490 + 2;
													 *((intOrPtr*)(_t418 - 0x4bffbe8a)) =  *((intOrPtr*)(_t418 - 0x4bffbe8a)) + _t418;
													goto L10;
												}
											}
										}
									}
								}
							}
						}
					}
				}
				if(_t570 < 0) {
					L91:
					 *_t365 =  *_t365 + _t365;
					 *((intOrPtr*)(_t420 + 0xc0)) =  *((intOrPtr*)(_t420 + 0xc0)) + _t435;
					 *_t365 =  *_t365 + _t365;
					 *_t365 =  *_t365 + _t365;
					 *_t365 =  *_t365 + _t365;
					_t366 = _t365 ^ 0x00000041;
					 *_t366 =  *_t366 + _t366;
					 *_t366 =  *_t366 + _t366;
					 *_t366 =  *_t366 + _t366;
					 *0x35100041 =  *0x35100041 | _t493;
					_t444 = _t435 + 1;
					 *_t366 =  *_t366 + _t366;
					 *_t366 =  *_t366 + _t366;
					 *_t366 =  *_t366 + _t493;
					 *_t444 =  *_t444 ^ _t366;
					_t502 = _t502 + 1;
					_t365 =  *_t444 * 0xffffffe0 -  *( *_t444 * 0xffffffe0);
					 *_t420 =  *_t420 | _t444;
					goto L93;
				} else {
					_t478 = _t435 + 1;
					 *_t365 =  *_t365 + _t478;
					_t496 = _t494 - 1;
					_t479 = _t478 + 1;
					 *((intOrPtr*)(_t496 + 0x41 + _t479 * 2)) =  *((intOrPtr*)(_t496 + 0x41 + _t479 * 2)) + _t365;
					 *((intOrPtr*)(_t365 + 0x45)) =  *((intOrPtr*)(_t365 + 0x45)) + _t493;
					_t480 = _t479 + 1;
					 *((intOrPtr*)(_t365 + 0x4f)) =  *((intOrPtr*)(_t365 + 0x4f)) + _t480;
					_t481 = _t480 + 1;
					 *((intOrPtr*)(_t365 - 0x79)) =  *((intOrPtr*)(_t365 - 0x79)) + _t481;
					_t482 = _t481 + 1;
					 *_t482 =  *_t482 + _t365;
					 *_t496 =  *_t496 + _t482;
					 *((intOrPtr*)(_t496 + _t365 * 4)) =  *((intOrPtr*)(_t496 + _t365 * 4)) + _t482;
					_t444 = _t482 + 1;
					 *_t496 =  *_t496 + _t444;
					_push(_t502);
					_t494 = _t496 + 1;
					_t571 = _t494;
					if(_t571 < 0) {
						L93:
						_t365 = _t365 + 1;
						 *((intOrPtr*)(_t365 - 0x3fffbe76)) =  *((intOrPtr*)(_t365 - 0x3fffbe76)) + _t444;
						_t493 = 0x40;
						goto L94;
					} else {
						if(_t571 < 0) {
							L94:
							_push(_t420);
							_t369 = _t365 + _t365 + _t420;
							 *((intOrPtr*)(_t502 + _t369 + 0x41)) =  *((intOrPtr*)(_t502 + _t369 + 0x41)) + 0x40;
							_t365 = _t369 + _t369;
							_t503 = _t502 + 1;
							 *_t365 =  *_t365 + _t493;
							goto L95;
						} else {
							_t503 =  *(_t420 + 0x43) * 0x72746e6f;
							asm("outsd");
							asm("insb");
							_pop(es);
							asm("andps xmm0, [edi+0x72]");
							asm("popad");
							if(_t503 < 0) {
								L95:
								 *(_t420 + 0x41) =  *(_t420 + 0x41) ^ _t420;
								 *0x000000C3 =  *((intOrPtr*)(0xc3)) + _t493;
								 *((intOrPtr*)(_t365 + 4)) =  *((intOrPtr*)(_t365 + 4)) + 0x42;
								 *((intOrPtr*)(_t365 + 4)) =  *((intOrPtr*)(_t365 + 4)) + _t365;
								 *((intOrPtr*)(_t493 + 0x151)) =  *((intOrPtr*)(_t493 + 0x151)) + _t493;
								_t365 = _t365 + _t493;
								 *0x00000044 =  *((intOrPtr*)(0x44)) + E00418214;
								_push(0xa8004180);
								_t422 = _t420 + 1;
								_t451 = 0x45;
							} else {
								asm("outsd");
								asm("insb");
								_t503 = 0xfc004133;
								asm("das");
								_t451 = _t444 + 1;
								 *_t365 =  *_t365 + _t451;
								 *_t365 =  *_t365 + _t451;
								_t422 = _t420 + 1;
								_t573 = _t422;
								asm("outsd");
								asm("outsb");
								if(_t573 != 0) {
									asm("outsd");
									asm("insb");
									if (_t573 >= 0) goto L92;
									goto L91;
								}
							}
						}
					}
				}
				 *((intOrPtr*)(_t503 + 0x41 + _t365 * 2)) =  *((intOrPtr*)(_t503 + 0x41 + _t365 * 2)) + _t422;
				_t370 = _t365 + _t422;
				 *((intOrPtr*)(_t493 + _t498 * 2)) =  *((intOrPtr*)(_t493 + _t498 * 2)) + _t422;
				 *((intOrPtr*)(_t370 + _t370 * 4 - 0x7efbffbf)) =  *((intOrPtr*)(_t370 + _t370 * 4 - 0x7efbffbf)) + _t422;
				_t455 = _t451 - 1 + 3;
				_t371 = _t370 + _t493;
				if(_t371 < 0) {
					L101:
					_t423 = _t422 + 1;
					asm("outsd");
					asm("outsb");
					if(_t423 == 0) {
						goto L110;
					} else {
						asm("outsd");
						asm("insb");
						_pop(es);
						_push(cs);
						_push(_t503);
						_t424 = _t423 + 1;
						_t583 = _t424;
						if(_t583 != 0) {
							goto L112;
						} else {
							if(_t583 == 0) {
								goto L111;
							} else {
								asm("insd");
								_t424 = _t424 + 1;
								asm("outsd");
								asm("outsb");
								if(_t424 == 0) {
									goto L113;
								} else {
									asm("outsd");
									asm("insb");
									 *(_t455 + _t371 * 2) = _t493;
									 *((intOrPtr*)(_t371 + 0x33)) =  *((intOrPtr*)(_t371 + 0x33)) + _t371;
									_t455 =  &(_t455[0]);
									 *_t455 = _t455 +  *_t455;
									 *_t371 =  *_t371 + _t455;
									_t425 = _t424 + 1;
									_t585 = _t425;
									asm("outsd");
									asm("outsb");
									if(_t585 != 0) {
										goto L106;
									}
								}
							}
						}
					}
				} else {
					_t404 = _t455 + _t371;
					 *_t455 =  *_t455 + 0x10;
					_pop(_t494);
					_t474 =  &(_t455[0]);
					 *(_t497 + 0x41) =  *(_t497 + 0x41) + _t404;
					 *_t404 =  *_t404 + _t474;
					asm("arpl [ecx], ax");
					_push(_t404);
					 *_t404 =  *_t404 + _t493;
					_t476 =  &(_t474[0]);
					_t371 = _t404 + _t476;
					_v1965293503 = _v1965293503 + _t493;
					_t455 =  &(_t476[0]);
					 *_t371 =  *_t371 + _t371;
					if( *_t371 > 0) {
						L106:
						asm("outsd");
						asm("insb");
						if (_t585 >= 0) goto L107;
						_a64 = _a64 + _t455;
						 *_t371 =  *_t371 + _t371;
						 *_t371 =  *_t371 + _t371;
						 *_t371 =  *_t371 + _t371;
						asm("sbb [esi], dh");
						 *_t371 =  *_t371 + _t371;
						 *_t371 =  *_t371 + _t371;
						 *_t371 =  *_t371 + _t371;
						 *_t371 =  *_t371 + _t371;
						 *((intOrPtr*)(_t497 + _t497)) =  *((intOrPtr*)(_t497 + _t497)) + _t371;
						_t470 =  &(_t455[0]);
						 *((intOrPtr*)(_t497 + _t497)) =  *((intOrPtr*)(_t497 + _t497)) + _t470;
						_t471 =  &(_t470[0]);
						 *_t371 =  *_t371 + _t371;
						 *_t371 =  *_t371 + _t371;
						 *((intOrPtr*)(_t371 + 0x44004134)) =  *((intOrPtr*)(_t371 + 0x44004134)) + _t471;
						 *_t425 =  *_t425 | _t471;
						_t399 =  *_t471 * 0xffffffe0 -  *( *_t471 * 0xffffffe0) + 1;
						 *((intOrPtr*)(_t399 - 0x3fffbe76)) =  *((intOrPtr*)(_t399 - 0x3fffbe76)) + _t471;
						_t493 = 0x40;
						_push(_t425);
						_t401 = _t399 + _t399 + _t425;
						_t473 = 0x40;
						goto L108;
					} else {
						 *((intOrPtr*)(_t455 + _t371 * 4 - 0x74cfffbf)) =  *((intOrPtr*)(_t455 + _t371 * 4 - 0x74cfffbf)) + _t371;
						_t473 =  &(_t455[0]);
						 *_t473 =  *_t473 + _t371;
						 *_t494 =  *_t494 + _t473;
						_t402 =  *_t473;
						_push(cs);
						_push(_t503);
						_t422 = _t422 + 1;
						_t581 = _t422;
						if(_t581 != 0) {
							L109:
							_t371 = _t402 + 0x41 + _t402 + 0x41;
							_t503 = _t503 - 1 + 1;
							_t455 =  &(_t473[0]);
							L110:
							 *_t371 =  *_t371 + _t493;
							_pop(_t424);
							_t456 =  &(_t455[0]);
							 *((intOrPtr*)(_t456 + _t456 * 2)) =  *((intOrPtr*)(_t456 + _t456 * 2)) + _t493;
							_t455 = _t456 + 1;
							L111:
							 *((intOrPtr*)(_t371 + 4)) =  *((intOrPtr*)(_t371 + 4)) + _t455;
							L112:
							_t371 = _t371 + 0x41;
							 *((intOrPtr*)(_t371 + 4)) =  *((intOrPtr*)(_t371 + 4)) + _t371;
							_t455 =  &(_t455[0]);
							 *((intOrPtr*)(_t494 + 0x41 + _t371 * 4)) =  *((intOrPtr*)(_t494 + 0x41 + _t371 * 4)) + _t455;
							L113:
							asm("insb");
							_t294 = _t371;
							_t371 =  *_t455;
							 *_t455 = _t294;
							asm("hlt");
							 *_t455 =  *_t455 + E00418214;
							_push(0xa8004180);
							_t425 = _t424 + 1;
						} else {
							if(_t581 == 0) {
								L108:
								_t402 = _t401 + 1;
								 *((intOrPtr*)(_t503 + _t402 + 0x41)) =  *((intOrPtr*)(_t503 + _t402 + 0x41)) + _t473;
								goto L109;
							} else {
								asm("insd");
								goto L101;
							}
						}
					}
				}
				 *((intOrPtr*)(_t503 + 0x41 + _t371 * 2)) =  *((intOrPtr*)(_t503 + 0x41 + _t371 * 2)) + _t425;
				_t372 = _t425 + _t371;
				 *((intOrPtr*)(_t493 + _t498 * 2)) =  *((intOrPtr*)(_t493 + _t498 * 2)) + _t425;
				 *((intOrPtr*)(_t372 + _t372 * 4 - 0x7efbffbf)) =  *((intOrPtr*)(_t372 + _t372 * 4 - 0x7efbffbf)) + _t425;
				_t461 =  &(_t455[0]) - 1 + 3;
				_t373 = _t372 + _t493;
				if(_t373 < 0) {
					L117:
					_t493 = _t493 |  *(_t373 + 0x69 + _t461 * 2);
					asm("outsb");
					if(_t493 == 0) {
						asm("lock mov eax, [ebp+0x8]");
						if((GetWindowLongA(_t373, ??) & 0x40000000) != 0 && GetWindowLongA(_a8, 0xfffffff4) == 0) {
							SetWindowLongA(_a8, 0xfffffff4, _a8);
						}
						_t375 =  *0x49a2d8; // 0x0
						_push(_t375);
						_t376 =  *0x49c5c8 & 0x0000ffff;
						goto L129;
					} else {
						_push(_t503);
						_t376 = _t373 - 1;
						_t498 =  *(_t497 + 0x74) * 0x646e6957;
						asm("outsd");
						if(_t498 > 0) {
							L129:
							asm("enter 0x49c5, 0x0");
							 *((intOrPtr*)(_t376 - 0x75)) =  *((intOrPtr*)(_t376 - 0x75)) + _t493;
						} else {
							_t376 = _t376 ^ 0x35200041;
							_t463 = _t461 + 1;
							 *_t463 =  *_t463 + _t463;
							 *_t376 =  *_t376 + _t463;
							_t425 =  &(_t425[0]);
							_t598 = _t425;
							asm("outsd");
							asm("outsb");
							if (_t598 == 0) goto L131;
							goto L120;
						}
					}
				} else {
					_t394 = _t373 + _t461;
					 *_t461 =  *_t461 + 0x10;
					_t464 = _t461 + 1;
					 *(_t497 + 0x41) =  *(_t497 + 0x41) + _t394;
					_t396 =  *_t464;
					 *_t464 = _t394 + _t464;
					_push(_t396);
					 *_t396 =  *_t396 + _t493;
					_t466 = _t464 + 2;
					_t376 = _t396 + _t466;
					_v1965293503 = _v1965293503 + _t493;
					_t463 = _t466 + 2;
					 *_t376 =  *_t376 + _t376;
					if( *_t376 > 0) {
						L120:
						if(_t598 >= 0) {
							asm("outsd");
						}
					} else {
						 *((intOrPtr*)(_t463 + _t376 * 4 - 0x77e7ffbf)) =  *((intOrPtr*)(_t463 + _t376 * 4 - 0x77e7ffbf)) + _t376;
						_t468 = _t463 + 1;
						 *((intOrPtr*)(_t468 + _t468 * 4 - 0x7753ffbf)) =  *((intOrPtr*)(_t468 + _t468 * 4 - 0x7753ffbf)) + _t376;
						_t461 = _t468 + 1;
						 *_t461 =  *_t461 + _t376;
						 *_t493 =  *_t493 + _t493;
						_t373 = 0x18;
						 *_t461 = 0x18;
						goto L117;
					}
				}
				SetPropA(_a8, ??, ??);
				_t379 =  *0x49a2d8; // 0x0
				SetPropA(_a8,  *0x49c5c6 & 0x0000ffff, _t379);
				_push(_a20);
			}































































































                                                    0x0041321b
                                                    0x0041321b
                                                    0x0041321b
                                                    0x0041321b
                                                    0x0041321b
                                                    0x0041321d
                                                    0x00413225
                                                    0x00413227
                                                    0x00413228
                                                    0x00413229
                                                    0x0041322c
                                                    0x0041322d
                                                    0x00413230
                                                    0x00413231
                                                    0x00413231
                                                    0x00413237
                                                    0x0041327a
                                                    0x0041327a
                                                    0x00000000
                                                    0x00413239
                                                    0x00413239
                                                    0x0041323b
                                                    0x0041327e
                                                    0x00413280
                                                    0x0041323d
                                                    0x0041323d
                                                    0x0041323f
                                                    0x00413282
                                                    0x00413241
                                                    0x00413241
                                                    0x00413243
                                                    0x00413286
                                                    0x00413287
                                                    0x00000000
                                                    0x00413289
                                                    0x00413289
                                                    0x0041328d
                                                    0x00000000
                                                    0x0041328d
                                                    0x00413245
                                                    0x00413245
                                                    0x00413249
                                                    0x0041324b
                                                    0x0041328e
                                                    0x0041328e
                                                    0x00413290
                                                    0x00413291
                                                    0x00413293
                                                    0x00000000
                                                    0x00413295
                                                    0x00413295
                                                    0x00000000
                                                    0x00413295
                                                    0x0041324d
                                                    0x0041324d
                                                    0x00413250
                                                    0x00413251
                                                    0x00413253
                                                    0x00413255
                                                    0x00413257
                                                    0x0041329a
                                                    0x0041329c
                                                    0x00413259
                                                    0x00413259
                                                    0x0041325b
                                                    0x0041329e
                                                    0x0041329f
                                                    0x004132e2
                                                    0x004132a1
                                                    0x004132a1
                                                    0x004132a3
                                                    0x004132e6
                                                    0x004132e7
                                                    0x0041332a
                                                    0x0041332e
                                                    0x00413330
                                                    0x00413331
                                                    0x00413331
                                                    0x00413332
                                                    0x00413336
                                                    0x00413337
                                                    0x00413338
                                                    0x00413339
                                                    0x0041333a
                                                    0x00000000
                                                    0x0041333c
                                                    0x0041333c
                                                    0x0041333d
                                                    0x00000000
                                                    0x0041333d
                                                    0x004132e9
                                                    0x004132e9
                                                    0x00000000
                                                    0x004132e9
                                                    0x004132a5
                                                    0x004132a5
                                                    0x004132a7
                                                    0x004132ea
                                                    0x004132ea
                                                    0x004132ec
                                                    0x004132a9
                                                    0x004132a9
                                                    0x004132ab
                                                    0x004132ee
                                                    0x004132ad
                                                    0x004132ad
                                                    0x004132b0
                                                    0x004132b1
                                                    0x00000000
                                                    0x004132b1
                                                    0x004132ab
                                                    0x004132a7
                                                    0x004132a3
                                                    0x0041325d
                                                    0x0041325d
                                                    0x00413265
                                                    0x00413268
                                                    0x00413269
                                                    0x00413269
                                                    0x0041326f
                                                    0x004132b2
                                                    0x004132b4
                                                    0x004132b5
                                                    0x004132b7
                                                    0x004132fa
                                                    0x004132fb
                                                    0x00413340
                                                    0x00413340
                                                    0x00413341
                                                    0x00413345
                                                    0x00413346
                                                    0x00413346
                                                    0x00413347
                                                    0x00413348
                                                    0x00413349
                                                    0x00000000
                                                    0x004132fd
                                                    0x004132fd
                                                    0x00413304
                                                    0x00413305
                                                    0x00413307
                                                    0x0041334a
                                                    0x0041334a
                                                    0x00000000
                                                    0x0041334b
                                                    0x0041334b
                                                    0x0041334b
                                                    0x00413309
                                                    0x00413309
                                                    0x00413309
                                                    0x00000000
                                                    0x00413309
                                                    0x00413307
                                                    0x004132b9
                                                    0x004132b9
                                                    0x004132bc
                                                    0x004132bd
                                                    0x004132c1
                                                    0x004132c2
                                                    0x004132c5
                                                    0x004132c6
                                                    0x004132c7
                                                    0x0041330a
                                                    0x0041330a
                                                    0x0041330b
                                                    0x0041334e
                                                    0x00413351
                                                    0x00413352
                                                    0x00413353
                                                    0x00413354
                                                    0x00413356
                                                    0x00413358
                                                    0x00413358
                                                    0x00413359
                                                    0x0041335a
                                                    0x0041335b
                                                    0x004133cf
                                                    0x004133cf
                                                    0x004133d2
                                                    0x004133d3
                                                    0x004133d6
                                                    0x004133d7
                                                    0x004133db
                                                    0x004133de
                                                    0x004133df
                                                    0x004133e6
                                                    0x004133e7
                                                    0x00000000
                                                    0x0041335d
                                                    0x0041335d
                                                    0x0041335e
                                                    0x0041335f
                                                    0x00413361
                                                    0x00413361
                                                    0x00413362
                                                    0x00413363
                                                    0x00413365
                                                    0x00413366
                                                    0x0041336a
                                                    0x0041336c
                                                    0x0041336e
                                                    0x00413370
                                                    0x00413372
                                                    0x00413374
                                                    0x0041337a
                                                    0x0041337c
                                                    0x0041337c
                                                    0x0041337f
                                                    0x00413380
                                                    0x004133c5
                                                    0x004133c7
                                                    0x004133cb
                                                    0x004133cd
                                                    0x004133ce
                                                    0x00000000
                                                    0x00413382
                                                    0x00413382
                                                    0x00413383
                                                    0x00413384
                                                    0x004133eb
                                                    0x004133eb
                                                    0x004133f1
                                                    0x004133f3
                                                    0x004133f7
                                                    0x004133fa
                                                    0x004133fb
                                                    0x004133fb
                                                    0x004133fb
                                                    0x00413386
                                                    0x00413386
                                                    0x00413388
                                                    0x0041338a
                                                    0x0041338c
                                                    0x0041338e
                                                    0x00413390
                                                    0x00413393
                                                    0x00413395
                                                    0x00413397
                                                    0x00413399
                                                    0x0041339b
                                                    0x0041339f
                                                    0x004133a2
                                                    0x004133a3
                                                    0x004133aa
                                                    0x004133ab
                                                    0x004133ae
                                                    0x004133ae
                                                    0x004133b4
                                                    0x004133b9
                                                    0x004133b9
                                                    0x004133bb
                                                    0x004133bd
                                                    0x004133bd
                                                    0x004133c1
                                                    0x004133c3
                                                    0x00000000
                                                    0x004133c3
                                                    0x00413386
                                                    0x00413384
                                                    0x00413380
                                                    0x0041330d
                                                    0x0041330d
                                                    0x00000000
                                                    0x0041330d
                                                    0x004132c9
                                                    0x004132c9
                                                    0x004132c9
                                                    0x004132c9
                                                    0x004132ca
                                                    0x004132ca
                                                    0x004132ca
                                                    0x004132cb
                                                    0x0041330e
                                                    0x0041330e
                                                    0x004132cd
                                                    0x004132cd
                                                    0x004132d4
                                                    0x004132d6
                                                    0x004132d6
                                                    0x004132d6
                                                    0x004132cb
                                                    0x004132c7
                                                    0x00413271
                                                    0x00413271
                                                    0x00413275
                                                    0x00413278
                                                    0x00413279
                                                    0x00000000
                                                    0x00413279
                                                    0x0041326f
                                                    0x0041325b
                                                    0x00413257
                                                    0x00413253
                                                    0x0041324b
                                                    0x00413243
                                                    0x0041323f
                                                    0x0041323b
                                                    0x004133fc
                                                    0x00413450
                                                    0x00413450
                                                    0x00413451
                                                    0x00413457
                                                    0x00413459
                                                    0x0041345b
                                                    0x0041345d
                                                    0x00413462
                                                    0x00413464
                                                    0x00413466
                                                    0x00413468
                                                    0x0041346e
                                                    0x0041346f
                                                    0x00413471
                                                    0x00413473
                                                    0x00413475
                                                    0x00413478
                                                    0x0041347d
                                                    0x00413480
                                                    0x00000000
                                                    0x004133fe
                                                    0x004133fe
                                                    0x004133ff
                                                    0x00413401
                                                    0x00413402
                                                    0x00413403
                                                    0x00413407
                                                    0x0041340a
                                                    0x0041340b
                                                    0x0041340e
                                                    0x0041340f
                                                    0x00413412
                                                    0x00413413
                                                    0x00413415
                                                    0x00413417
                                                    0x0041341a
                                                    0x0041341b
                                                    0x0041341d
                                                    0x0041341e
                                                    0x0041341e
                                                    0x0041341f
                                                    0x00413482
                                                    0x00413482
                                                    0x00413483
                                                    0x00413489
                                                    0x00000000
                                                    0x00413421
                                                    0x00413421
                                                    0x0041348b
                                                    0x0041348d
                                                    0x0041348f
                                                    0x00413493
                                                    0x00413497
                                                    0x00413499
                                                    0x0041349b
                                                    0x00000000
                                                    0x00413423
                                                    0x00413423
                                                    0x0041342a
                                                    0x0041342b
                                                    0x0041342c
                                                    0x0041342d
                                                    0x00413431
                                                    0x00413432
                                                    0x0041349c
                                                    0x0041349c
                                                    0x0041349f
                                                    0x004134a3
                                                    0x004134a7
                                                    0x004134ab
                                                    0x004134af
                                                    0x004134b1
                                                    0x004134b8
                                                    0x004134bd
                                                    0x004134be
                                                    0x00413434
                                                    0x0041343b
                                                    0x0041343c
                                                    0x0041343d
                                                    0x00413442
                                                    0x00413443
                                                    0x00413444
                                                    0x00413446
                                                    0x00413448
                                                    0x00413448
                                                    0x00413449
                                                    0x0041344a
                                                    0x0041344b
                                                    0x0041344d
                                                    0x0041344e
                                                    0x0041344f
                                                    0x00000000
                                                    0x0041344f
                                                    0x0041344b
                                                    0x00413432
                                                    0x00413421
                                                    0x0041341f
                                                    0x004134bf
                                                    0x004134c3
                                                    0x004134c7
                                                    0x004134cb
                                                    0x004134d2
                                                    0x004134d3
                                                    0x004134d5
                                                    0x00413518
                                                    0x00413518
                                                    0x00413519
                                                    0x0041351a
                                                    0x0041351b
                                                    0x00000000
                                                    0x0041351d
                                                    0x0041351d
                                                    0x0041351e
                                                    0x00413520
                                                    0x00413521
                                                    0x00413522
                                                    0x00413523
                                                    0x00413523
                                                    0x00413524
                                                    0x00000000
                                                    0x00413526
                                                    0x00413526
                                                    0x00000000
                                                    0x00413528
                                                    0x00413528
                                                    0x00413529
                                                    0x0041352a
                                                    0x0041352b
                                                    0x0041352c
                                                    0x00000000
                                                    0x0041352e
                                                    0x0041352e
                                                    0x0041352f
                                                    0x00413530
                                                    0x00413533
                                                    0x00413536
                                                    0x00413537
                                                    0x00413539
                                                    0x0041353b
                                                    0x0041353b
                                                    0x0041353c
                                                    0x0041353d
                                                    0x0041353e
                                                    0x00000000
                                                    0x00000000
                                                    0x0041353e
                                                    0x0041352c
                                                    0x00413526
                                                    0x00413524
                                                    0x004134d7
                                                    0x004134d7
                                                    0x004134d9
                                                    0x004134dd
                                                    0x004134de
                                                    0x004134df
                                                    0x004134e3
                                                    0x004134e5
                                                    0x004134e8
                                                    0x004134eb
                                                    0x004134ed
                                                    0x004134ef
                                                    0x004134f3
                                                    0x004134fa
                                                    0x004134fb
                                                    0x004134fd
                                                    0x00413540
                                                    0x00413540
                                                    0x00413541
                                                    0x00413542
                                                    0x00413544
                                                    0x0041354a
                                                    0x0041354c
                                                    0x0041354e
                                                    0x00413550
                                                    0x00413553
                                                    0x00413555
                                                    0x00413557
                                                    0x00413559
                                                    0x0041355b
                                                    0x0041355e
                                                    0x0041355f
                                                    0x00413562
                                                    0x00413563
                                                    0x00413565
                                                    0x00413567
                                                    0x00413574
                                                    0x00413576
                                                    0x00413577
                                                    0x0041357d
                                                    0x00413581
                                                    0x00413583
                                                    0x00413585
                                                    0x00000000
                                                    0x004134ff
                                                    0x004134ff
                                                    0x00413506
                                                    0x00413507
                                                    0x00413509
                                                    0x0041350d
                                                    0x00413510
                                                    0x00413511
                                                    0x00413512
                                                    0x00413512
                                                    0x00413513
                                                    0x00413588
                                                    0x0041358b
                                                    0x0041358d
                                                    0x0041358e
                                                    0x0041358f
                                                    0x0041358f
                                                    0x00413591
                                                    0x00413592
                                                    0x00413593
                                                    0x00413596
                                                    0x00413597
                                                    0x00413597
                                                    0x00413599
                                                    0x00413599
                                                    0x0041359b
                                                    0x0041359e
                                                    0x0041359f
                                                    0x004135a0
                                                    0x004135a0
                                                    0x004135a1
                                                    0x004135a1
                                                    0x004135a1
                                                    0x004135a4
                                                    0x004135a5
                                                    0x004135ac
                                                    0x004135b1
                                                    0x00413515
                                                    0x00413515
                                                    0x00413586
                                                    0x00413586
                                                    0x00413587
                                                    0x00000000
                                                    0x00413517
                                                    0x00413517
                                                    0x00000000
                                                    0x00413517
                                                    0x00413515
                                                    0x00413513
                                                    0x004134fd
                                                    0x004135b3
                                                    0x004135b7
                                                    0x004135bb
                                                    0x004135bf
                                                    0x004135c6
                                                    0x004135c7
                                                    0x004135c9
                                                    0x0041360c
                                                    0x0041360c
                                                    0x00413610
                                                    0x00413611
                                                    0x0041366a
                                                    0x00413679
                                                    0x00413694
                                                    0x00413694
                                                    0x00413699
                                                    0x0041369e
                                                    0x0041369f
                                                    0x00000000
                                                    0x00413613
                                                    0x0041361a
                                                    0x0041361b
                                                    0x0041361c
                                                    0x00413623
                                                    0x00413624
                                                    0x004136a2
                                                    0x004136a2
                                                    0x004136a5
                                                    0x00413626
                                                    0x00413626
                                                    0x0041362b
                                                    0x0041362c
                                                    0x0041362e
                                                    0x00413630
                                                    0x00413630
                                                    0x00413631
                                                    0x00413632
                                                    0x00413633
                                                    0x00000000
                                                    0x00413633
                                                    0x00413624
                                                    0x004135cb
                                                    0x004135cb
                                                    0x004135cd
                                                    0x004135d2
                                                    0x004135d3
                                                    0x004135d9
                                                    0x004135d9
                                                    0x004135dc
                                                    0x004135df
                                                    0x004135e1
                                                    0x004135e3
                                                    0x004135e7
                                                    0x004135ee
                                                    0x004135ef
                                                    0x004135f1
                                                    0x00413634
                                                    0x00413634
                                                    0x00413635
                                                    0x00413635
                                                    0x004135f3
                                                    0x004135f3
                                                    0x004135fa
                                                    0x004135fb
                                                    0x00413602
                                                    0x00413603
                                                    0x00413605
                                                    0x00413607
                                                    0x00413609
                                                    0x00000000
                                                    0x00413609
                                                    0x004135f1
                                                    0x004136ab
                                                    0x004136b0
                                                    0x004136c2
                                                    0x004136c7

                                                    APIs
                                                    • SetWindowLongA.USER32 ref: 00413664
                                                    • GetWindowLongA.USER32 ref: 0041366F
                                                    • GetWindowLongA.USER32 ref: 00413681
                                                    • SetWindowLongA.USER32 ref: 00413694
                                                    • SetPropA.USER32(?,00000000,00000000), ref: 004136AB
                                                    • SetPropA.USER32(?,00000000,00000000), ref: 004136C2
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: LongWindow$Prop
                                                    • String ID: 3A$yA
                                                    • API String ID: 3887896539-3278460822
                                                    • Opcode ID: e250ced8321e83ad2d17813aa4fe58e8106c43814cedddb53e8d5617a151a5ad
                                                    • Instruction ID: fdf3b7c8caa337f9bceaf96aba7cb52f923b616b33b589c47e9bcf33bd172928
                                                    • Opcode Fuzzy Hash: e250ced8321e83ad2d17813aa4fe58e8106c43814cedddb53e8d5617a151a5ad
                                                    • Instruction Fuzzy Hash: D322E06508E3C05FE31B9B34896A5D57FA0EE13325B1945DFC4C28B1A3D21E8A8BC71A
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00481C30, Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 175windowCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 75%
                                                    			E00481C30(void* __eax, void* __ebx, intOrPtr __ecx, intOrPtr __edi, void* __esi, void* __eflags, void* __fp0) {
				char _v8;
				char _v12;
				char _v16;
				intOrPtr* _t30;
				intOrPtr* _t32;
				intOrPtr* _t34;
				intOrPtr* _t36;
				intOrPtr _t42;
				struct HWND__* _t51;
				struct HINSTANCE__* _t55;
				struct HINSTANCE__* _t57;
				intOrPtr _t59;
				intOrPtr* _t61;
				intOrPtr* _t64;
				signed int _t65;
				intOrPtr* _t68;
				intOrPtr* _t71;
				signed int _t72;
				intOrPtr _t77;
				intOrPtr _t83;
				intOrPtr _t85;
				void* _t89;
				void* _t91;
				void* _t92;
				intOrPtr _t108;
				void* _t111;
				void* _t114;
				intOrPtr _t116;
				intOrPtr _t118;
				void* _t123;
				void* _t125;
				void* _t126;
				intOrPtr _t127;

				_t146 = __fp0;
				_t119 = __edi;
				_t93 = __ecx;
				_t125 = _t126;
				_t127 = _t126 + 0xfffffff4;
				_push(__esi);
				_push(__edi);
				_v16 = 0;
				_t89 = __eax;
				_push(_t125);
				_push(0x481e95);
				_push( *[fs:eax]);
				 *[fs:eax] = _t127;
				E00457D10("Deinitializing Setup.", __eax, __ecx, __edi, __esi);
				if( *0x49d488 != 0) {
					_t130 = _t89;
					if(_t89 != 0) {
						_push(_t125);
						_push(0x481cab);
						_push( *[fs:eax]);
						 *[fs:eax] = _t127;
						_t83 =  *0x49d480; // 0x0
						_v12 = 0;
						_v8 = 0xb;
						_t85 =  *0x49d488; // 0x0
						 *0x49d480 = E004953B0(_t85,  &_v12, "GetCustomSetupExitCode", _t130, __fp0, _t83, 0, 0);
						_pop(_t118);
						 *[fs:eax] = _t118;
					}
					_push(_t125);
					_push( *[fs:eax]);
					 *[fs:eax] = _t127;
					_v12 = 0;
					_v8 = 0xb;
					_t77 =  *0x49d488; // 0x0
					E0049522C(_t77,  &_v12, "DeinitializeSetup", _t130, _t146, 0, 0);
					_pop(_t116);
					_t93 = 0x481d02;
					 *[fs:eax] = _t116;
					E0042E384(0x49d488);
				}
				_t30 =  *0x49d464; // 0x0
				_t122 =  *((intOrPtr*)( *_t30 + 0x10))() - 1;
				if(_t122 >= 0) {
					_t123 = _t122 + 1;
					_t92 = 0;
					do {
						_t68 =  *0x49d464; // 0x0
						_t119 =  *_t68;
						 *((intOrPtr*)( *_t68 + 0xc))();
						_t71 =  *0x49d464; // 0x0
						_t93 =  *_t71;
						_t72 =  *((intOrPtr*)( *_t71 + 0x14))(_v16);
						_pop(_t114);
						E00452908(_t72 & 0xffffff00 | _t72 != 0x00000000, _t114, _t72);
						_t92 = _t92 + 1;
						_t123 = _t123 - 1;
					} while (_t123 != 0);
				}
				_t32 =  *0x49d464; // 0x0
				 *((intOrPtr*)( *_t32 + 0x38))();
				_t34 =  *0x49d468; // 0x0
				_t91 =  *((intOrPtr*)( *_t34 + 0x10))() - 1;
				if(_t91 >= 0) {
					do {
						_t61 =  *0x49d468; // 0x0
						_t122 =  *_t61;
						 *((intOrPtr*)( *_t61 + 0xc))();
						_t64 =  *0x49d468; // 0x0
						_t93 =  *_t64;
						_t65 =  *((intOrPtr*)( *_t64 + 0x14))(_v16);
						_pop(_t111);
						E00452E10(_t65 & 0xffffff00 | _t65 != 0x00000000, _t111, _t65);
						_t91 = _t91 - 1;
					} while (_t91 != 0xffffffff);
				}
				_t36 =  *0x49d468; // 0x0
				_t107 =  *_t36;
				 *((intOrPtr*)( *_t36 + 0x38))();
				E0046D4B0();
				if( *0x49d3f0 != 0) {
					_t59 =  *0x49d3f4; // 0x0
					 *0x49c840(_t59); // executed
				}
				if( *0x49d50c != 0) {
					_t57 =  *0x49d50c; // 0x0
					FreeLibrary(_t57);
				}
				if( *0x49d508 != 0) {
					_t55 =  *0x49d508; // 0x0
					FreeLibrary(_t55);
				}
				E0047D4A8(); // executed
				E0047D178(_t91, _t93, _t107, _t119, _t122); // executed
				if( *0x49d445 != 0 &&  *0x49d00c != 0) {
					E00457D10("Not restarting Windows because Setup is being run from the debugger.", _t91, _t93, _t119, _t122);
					 *0x49d445 = 0;
				}
				E00457294();
				_t42 =  *0x49c628; // 0x21a2410
				E0042EB54( *((intOrPtr*)(_t42 + 0x20)));
				if( *0x49d445 != 0) {
					E00457D10("Restarting Windows.", _t91, _t93, _t119, _t122);
					if( *0x49d104 == 0) {
						E0047F4A0(_t91, _t119, _t122);
					} else {
						_t51 =  *0x49d108; // 0x110082
						SendNotifyMessageA(_t51, 0x496, 0x2710, 0);
					}
				}
				_pop(_t108);
				 *[fs:eax] = _t108;
				_push(E00481E9C);
				return E00403400( &_v16);
			}




































                                                    0x00481c30
                                                    0x00481c30
                                                    0x00481c30
                                                    0x00481c31
                                                    0x00481c33
                                                    0x00481c37
                                                    0x00481c38
                                                    0x00481c3b
                                                    0x00481c3e
                                                    0x00481c42
                                                    0x00481c43
                                                    0x00481c48
                                                    0x00481c4b
                                                    0x00481c53
                                                    0x00481c5f
                                                    0x00481c65
                                                    0x00481c67
                                                    0x00481c6b
                                                    0x00481c6c
                                                    0x00481c71
                                                    0x00481c74
                                                    0x00481c7b
                                                    0x00481c83
                                                    0x00481c86
                                                    0x00481c92
                                                    0x00481c9c
                                                    0x00481ca3
                                                    0x00481ca6
                                                    0x00481ca6
                                                    0x00481ccd
                                                    0x00481cd3
                                                    0x00481cd6
                                                    0x00481cdf
                                                    0x00481ce2
                                                    0x00481cee
                                                    0x00481cf3
                                                    0x00481cfa
                                                    0x00481cfc
                                                    0x00481cfd
                                                    0x00481d27
                                                    0x00481d27
                                                    0x00481d2c
                                                    0x00481d38
                                                    0x00481d3b
                                                    0x00481d3d
                                                    0x00481d3e
                                                    0x00481d40
                                                    0x00481d45
                                                    0x00481d4a
                                                    0x00481d4c
                                                    0x00481d55
                                                    0x00481d5a
                                                    0x00481d5c
                                                    0x00481d64
                                                    0x00481d65
                                                    0x00481d6a
                                                    0x00481d6b
                                                    0x00481d6b
                                                    0x00481d40
                                                    0x00481d6e
                                                    0x00481d75
                                                    0x00481d78
                                                    0x00481d84
                                                    0x00481d88
                                                    0x00481d8a
                                                    0x00481d8f
                                                    0x00481d94
                                                    0x00481d96
                                                    0x00481d9f
                                                    0x00481da4
                                                    0x00481da6
                                                    0x00481dae
                                                    0x00481daf
                                                    0x00481db4
                                                    0x00481db5
                                                    0x00481d8a
                                                    0x00481dba
                                                    0x00481dbf
                                                    0x00481dc1
                                                    0x00481dc4
                                                    0x00481dd0
                                                    0x00481dd2
                                                    0x00481dd8
                                                    0x00481dd8
                                                    0x00481de5
                                                    0x00481de7
                                                    0x00481ded
                                                    0x00481ded
                                                    0x00481df9
                                                    0x00481dfb
                                                    0x00481e01
                                                    0x00481e01
                                                    0x00481e06
                                                    0x00481e0b
                                                    0x00481e17
                                                    0x00481e27
                                                    0x00481e2c
                                                    0x00481e2c
                                                    0x00481e33
                                                    0x00481e38
                                                    0x00481e40
                                                    0x00481e4c
                                                    0x00481e53
                                                    0x00481e5f
                                                    0x00481e7a
                                                    0x00481e61
                                                    0x00481e6d
                                                    0x00481e73
                                                    0x00481e73
                                                    0x00481e5f
                                                    0x00481e81
                                                    0x00481e84
                                                    0x00481e87
                                                    0x00481e94

                                                    APIs
                                                    • FreeLibrary.KERNEL32(00000000), ref: 00481DED
                                                    • FreeLibrary.KERNEL32(00000000), ref: 00481E01
                                                    • SendNotifyMessageA.USER32(00110082,00000496,00002710,00000000), ref: 00481E73
                                                    Strings
                                                    • DeinitializeSetup, xrefs: 00481CE9
                                                    • Restarting Windows., xrefs: 00481E4E
                                                    • GetCustomSetupExitCode, xrefs: 00481C8D
                                                    • Not restarting Windows because Setup is being run from the debugger., xrefs: 00481E22
                                                    • Deinitializing Setup., xrefs: 00481C4E
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: FreeLibrary$MessageNotifySend
                                                    • String ID: DeinitializeSetup$Deinitializing Setup.$GetCustomSetupExitCode$Not restarting Windows because Setup is being run from the debugger.$Restarting Windows.
                                                    • API String ID: 3817813901-1884538726
                                                    • Opcode ID: f211ac0d1b37887ab1129f0b9ad4c32d24b1f47543329a948a2358cc85fd3b7c
                                                    • Instruction ID: bddaa785ec81662f7bf2f9e5d539fe02af4b88b7679db2884a5df8f2f905bec6
                                                    • Opcode Fuzzy Hash: f211ac0d1b37887ab1129f0b9ad4c32d24b1f47543329a948a2358cc85fd3b7c
                                                    • Instruction Fuzzy Hash: A3516134A042009FD715FF69E845B6A7BE8EB59318F50887BF805873B1DB38AC46CB59
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0042F560, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 90windowregistryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 70%
                                                    			E0042F560(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				void* _t10;
				intOrPtr _t17;
				struct HINSTANCE__* _t22;
				struct HWND__* _t23;
				struct HINSTANCE__* _t24;
				intOrPtr _t26;
				struct HWND__* _t30;
				void* _t38;
				intOrPtr _t40;
				void* _t43;
				struct HWND__* _t45;
				struct HWND__* _t46;
				intOrPtr _t48;
				intOrPtr _t49;

				_t44 = __esi;
				_t38 = __edx;
				_t48 = _t49;
				_push(0);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				if(__edx != 0) {
					_t49 = _t49 + 0xfffffff0;
					_t10 = E00402D30(_t10, _t48);
				}
				_t43 = _t10;
				_push(_t48);
				_push(0x42f66f);
				_push( *[fs:eax]);
				 *[fs:eax] = _t49;
				E00402B30(0);
				 *((intOrPtr*)(_t43 + 0xc)) = GetActiveWindow();
				 *((intOrPtr*)(_t43 + 0x10)) = GetFocus();
				_t17 = E0041EEA4(0, _t38, _t43, _t44); // executed
				 *((intOrPtr*)(_t43 + 0x14)) = _t17;
				if( *0x49c696 == 0) {
					 *0x49c696 = RegisterClassA(0x49a7ac);
				}
				if( *0x49c696 != 0) {
					_t22 =  *0x49c014; // 0x400000
					_t23 = CreateWindowExA(0, "TWindowDisabler-Window", 0x42f68c, 0x88000000, 0, 0, 0, 0, 0, 0, _t22, 0); // executed
					_t45 = _t23;
					 *(_t43 + 8) = _t45;
					if(_t45 != 0) {
						_t24 =  *0x49c014; // 0x400000
						_t5 = _t43 + 8; // 0x61736944
						_t26 =  *0x49c628; // 0x21a2410
						E0042427C(_t26,  &_v8);
						_t30 = CreateWindowExA(0, "TWindowDisabler-Window", E00403738(_v8), 0x80000000, 0, 0, 0, 0,  *_t5, 0, _t24, 0); // executed
						_t46 = _t30;
						 *(_t43 + 4) = _t46;
						if(_t46 != 0) {
							ShowWindow(_t46, 8); // executed
						}
					}
				}
				SetFocus(0);
				_pop(_t40);
				 *[fs:eax] = _t40;
				_push(E0042F676);
				return E00403400( &_v8);
			}


















                                                    0x0042f560
                                                    0x0042f560
                                                    0x0042f561
                                                    0x0042f563
                                                    0x0042f565
                                                    0x0042f566
                                                    0x0042f567
                                                    0x0042f56a
                                                    0x0042f56c
                                                    0x0042f56f
                                                    0x0042f56f
                                                    0x0042f576
                                                    0x0042f57a
                                                    0x0042f57b
                                                    0x0042f580
                                                    0x0042f583
                                                    0x0042f58a
                                                    0x0042f594
                                                    0x0042f59c
                                                    0x0042f5a1
                                                    0x0042f5a6
                                                    0x0042f5b1
                                                    0x0042f5bd
                                                    0x0042f5bd
                                                    0x0042f5cb
                                                    0x0042f5d3
                                                    0x0042f5f6
                                                    0x0042f5fb
                                                    0x0042f5fd
                                                    0x0042f602
                                                    0x0042f606
                                                    0x0042f60e
                                                    0x0042f622
                                                    0x0042f627
                                                    0x0042f63c
                                                    0x0042f641
                                                    0x0042f643
                                                    0x0042f648
                                                    0x0042f64d
                                                    0x0042f64d
                                                    0x0042f648
                                                    0x0042f602
                                                    0x0042f654
                                                    0x0042f65b
                                                    0x0042f65e
                                                    0x0042f661
                                                    0x0042f66e

                                                    APIs
                                                    • GetActiveWindow.USER32 ref: 0042F58F
                                                    • GetFocus.USER32(00000000,0042F66F,?,?,?,00000001,00000000,?,00458352,00000000,0049C628), ref: 0042F597
                                                    • RegisterClassA.USER32 ref: 0042F5B8
                                                    • CreateWindowExA.USER32 ref: 0042F5F6
                                                    • CreateWindowExA.USER32 ref: 0042F63C
                                                    • ShowWindow.USER32(00000000,00000008,00000000,TWindowDisabler-Window,00000000,80000000,00000000,00000000,00000000,00000000,61736944,00000000,00400000,00000000,00000000,TWindowDisabler-Window), ref: 0042F64D
                                                    • SetFocus.USER32(00000000,00000000,0042F66F,?,?,?,00000001,00000000,?,00458352,00000000,0049C628), ref: 0042F654
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Window$CreateFocus$ActiveClassRegisterShow
                                                    • String ID: TWindowDisabler-Window
                                                    • API String ID: 3167913817-1824977358
                                                    • Opcode ID: fb1f9fe1c71c5b8af9586d8a33087bfec474bba9d7159f42365ff7ae09dbc791
                                                    • Instruction ID: dda2d5eb7d34b28f2f272ba96fc4d61883a47f5b0b42ca6576ba0e0cf2f65365
                                                    • Opcode Fuzzy Hash: fb1f9fe1c71c5b8af9586d8a33087bfec474bba9d7159f42365ff7ae09dbc791
                                                    • Instruction Fuzzy Hash: 5521B271740710BAE210EF62DC43F1A76B8EB04B44F91853BF604BB2E1D7B8AD0586AD
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00472B4C, Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 55%
                                                    			E00472B4C(void* __eax, void* __ebx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				signed int _t15;
				signed int _t38;
				intOrPtr _t45;
				CHAR* _t52;
				void* _t54;
				intOrPtr _t57;

				_push(0);
				_push(0);
				_push(0);
				_push(__edi);
				_t54 = __eax;
				_push(_t57);
				_push(0x472c0d);
				_push( *[fs:eax]);
				 *[fs:eax] = _t57;
				_t15 = GetFileAttributesA(E00403738(__eax)); // executed
				_t38 = _t15;
				if(_t38 != 0xffffffff && (_t38 & 0x00000010) != 0) {
					E0042C57C(_t54,  &_v8, "desktop.ini");
					E0042CD94(".ShellClassInfo", _t38, 0, "CLSID2", __edi, _t54,  &_v12, _v8);
					if(E00406AC4(_v12, "{0AFACED1-E828-11D1-9187-B532F1E9575D}") == 0) {
						E00406F50(_v8);
						E0042C57C(_t54,  &_v16, "target.lnk");
						E00406F50(_v16);
						_t52 = E00403738(_t54);
						SetFileAttributesA(_t52, _t38 & 0xfffffffe);
						RemoveDirectoryA(_t52);
					}
				}
				_pop(_t45);
				 *[fs:eax] = _t45;
				_push(0x472c14);
				return E00403420( &_v16, 3);
			}












                                                    0x00472b4f
                                                    0x00472b51
                                                    0x00472b53
                                                    0x00472b57
                                                    0x00472b58
                                                    0x00472b5c
                                                    0x00472b5d
                                                    0x00472b62
                                                    0x00472b65
                                                    0x00472b70
                                                    0x00472b75
                                                    0x00472b7a
                                                    0x00472b8b
                                                    0x00472ba4
                                                    0x00472bb8
                                                    0x00472bbd
                                                    0x00472bcc
                                                    0x00472bd4
                                                    0x00472be4
                                                    0x00472be7
                                                    0x00472bed
                                                    0x00472bed
                                                    0x00472bb8
                                                    0x00472bf4
                                                    0x00472bf7
                                                    0x00472bfa
                                                    0x00472c0c

                                                    APIs
                                                    • GetFileAttributesA.KERNEL32(00000000,00000000,00472C0D,?,?,?,00000008,00000000,00000000,00000000,?,00472E69,?,?,00000000,004730EC), ref: 00472B70
                                                      • Part of subcall function 0042CD94: GetPrivateProfileStringA.KERNEL32(00000000,00000000,00000000,00000000,00000100,00000000), ref: 0042CE0A
                                                      • Part of subcall function 00406F50: DeleteFileA.KERNEL32(00000000,0049C628,00498C31,00000000,00498C86,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000), ref: 00406F5B
                                                    • SetFileAttributesA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00472C0D,?,?,?,00000008,00000000,00000000,00000000,?,00472E69), ref: 00472BE7
                                                    • RemoveDirectoryA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00472C0D,?,?,?,00000008,00000000,00000000,00000000), ref: 00472BED
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: File$Attributes$DeleteDirectoryPrivateProfileRemoveString
                                                    • String ID: .ShellClassInfo$CLSID2$desktop.ini$target.lnk${0AFACED1-E828-11D1-9187-B532F1E9575D}
                                                    • API String ID: 884541143-1710247218
                                                    • Opcode ID: 91b9d32a9e144b1738ef69a7fe7085cb68739ddc56e810c05d10909770faa689
                                                    • Instruction ID: 5d3afa004f47515b0afb51a46fc12790b9d79365c4da9299bd662cb786c7dc46
                                                    • Opcode Fuzzy Hash: 91b9d32a9e144b1738ef69a7fe7085cb68739ddc56e810c05d10909770faa689
                                                    • Instruction Fuzzy Hash: 3E11D0707005147FD712EA698E82A9F73ACDB59714F61857BB404A72C1DB7CEE02865C
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004531F0, Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 46libraryloaderCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 53%
                                                    			E004531F0(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				char _v8;
				char _t8;
				intOrPtr _t22;
				intOrPtr _t27;

				_t16 = __ebx;
				_push(0);
				_push(__ebx);
				_push(_t27);
				_push(0x453289);
				_push( *[fs:eax]);
				 *[fs:eax] = _t27;
				 *0x49cff4 = GetProcAddress(GetModuleHandleA("kernel32.dll"), "Wow64DisableWow64FsRedirection");
				 *0x49cff8 = GetProcAddress(GetModuleHandleA("kernel32.dll"), "Wow64RevertWow64FsRedirection");
				if( *0x49cff4 == 0 ||  *0x49cff8 == 0) {
					_t8 = 0;
				} else {
					_t8 = 1;
				}
				 *0x49cffc = _t8;
				E0042E394("shell32.dll", _t16, 0x8000); // executed
				E0042E8C8(0x4c783afb,  &_v8);
				_pop(_t22);
				 *[fs:eax] = _t22;
				_push(E00453290);
				return E00403400( &_v8);
			}







                                                    0x004531f0
                                                    0x004531f3
                                                    0x004531f5
                                                    0x004531fa
                                                    0x004531fb
                                                    0x00453200
                                                    0x00453203
                                                    0x0045321b
                                                    0x00453235
                                                    0x00453241
                                                    0x0045324c
                                                    0x00453250
                                                    0x00453250
                                                    0x00453250
                                                    0x00453252
                                                    0x00453261
                                                    0x0045326e
                                                    0x00453275
                                                    0x00453278
                                                    0x0045327b
                                                    0x00453288

                                                    APIs
                                                    • GetModuleHandleA.KERNEL32(kernel32.dll,Wow64DisableWow64FsRedirection,00000000,00453289,?,?,?,?,00000000,?,00499146), ref: 00453210
                                                    • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00453216
                                                    • GetModuleHandleA.KERNEL32(kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000,00453289,?,?,?,?,00000000,?,00499146), ref: 0045322A
                                                    • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00453230
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: AddressHandleModuleProc
                                                    • String ID: Wow64DisableWow64FsRedirection$Wow64RevertWow64FsRedirection$kernel32.dll$shell32.dll
                                                    • API String ID: 1646373207-2130885113
                                                    • Opcode ID: d0ff59f18b9530acdeb51d97d08688cc37fc3775ca9e0494baf4630f4706f7f5
                                                    • Instruction ID: f910edb4458e3938851fe9583b63f0ae2a58c37d0beebab1d7f8606323274804
                                                    • Opcode Fuzzy Hash: d0ff59f18b9530acdeb51d97d08688cc37fc3775ca9e0494baf4630f4706f7f5
                                                    • Instruction Fuzzy Hash: E601F770240B00BED311AF629C53F663A58D7567ABF6044BBFC14A65C2C67C4A088A2D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00467180, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 141windowCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 74%
                                                    			E00467180(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				int _v8;
				char _v348;
				int _v356;
				struct _SHFILEINFO _v360;
				char _v364;
				int _t62;
				int _t77;
				void* _t80;
				intOrPtr _t86;
				char* _t91;
				void* _t92;
				void* _t93;
				void* _t97;
				void* _t98;
				intOrPtr _t114;
				intOrPtr _t115;
				void* _t131;
				void* _t132;
				intOrPtr _t133;

				_t129 = __esi;
				_t128 = __edi;
				_t131 = _t132;
				_t133 = _t132 + 0xfffffe98;
				_push(__esi);
				_push(__edi);
				_v364 = 0;
				_v8 = 0;
				_push(_t131);
				_push(0x467372);
				_push( *[fs:eax]);
				 *[fs:eax] = _t133;
				E0041461C( *((intOrPtr*)( *((intOrPtr*)(_a4 - 4)) + 0x2e0)), 0x20);
				E0041463C( *((intOrPtr*)( *((intOrPtr*)(_a4 - 4)) + 0x2e0)), 0x20);
				E0041461C( *((intOrPtr*)( *((intOrPtr*)(_a4 - 4)) + 0x2e4)), 0x20);
				E0041463C( *((intOrPtr*)( *((intOrPtr*)(_a4 - 4)) + 0x2e4)), 0x20);
				_push(_t131);
				_push(0x467347);
				_push( *[fs:eax]);
				 *[fs:eax] = _t133;
				_t62 = SHGetFileInfo("c:\\directory", 0x10,  &_v360, 0x160, 0x1010); // executed
				if(_t62 != 0 && _v348 != 0) {
					_t97 =  *0x49c014; // 0x400000
					_t98 = ExtractIconA(_t97,  &_v348, _v356); // executed
					E004670C0(_t98,  *((intOrPtr*)( *((intOrPtr*)(_a4 - 4)) + 0x2e0)), __edi);
				}
				if(E00479198(6, 0) == 0) {
					E0047D718(0, 2, _t128, _t129, __eflags,  &_v8);
					__eflags = _v8;
					if(_v8 == 0) {
						__eflags = 0;
						E0047D718(1, 2, _t128, _t129, 0,  &_v8);
					}
					__eflags = _v8;
					if(_v8 != 0) {
						_t77 = SHGetFileInfo(E00403738(_v8), 0,  &_v360, 0x160, 0x1000);
						__eflags = _t77;
						if(_t77 != 0) {
							__eflags = _v348;
							if(_v348 != 0) {
								_t80 =  *0x49c014; // 0x400000
								E004670C0(ExtractIconA(_t80,  &_v348, _v356),  *((intOrPtr*)( *((intOrPtr*)(_a4 - 4)) + 0x2e4)), _t128);
							}
						}
					}
				} else {
					_t86 =  *0x49d194; // 0x21d2820
					E0042C3FC(_t86,  &_v364);
					E0040357C( &_v364, "shell32.dll");
					_t91 = E00403738(_v364);
					_t92 =  *0x49c014; // 0x400000
					_t93 = ExtractIconA(_t92, _t91, 0x27); // executed
					E004670C0(_t93,  *((intOrPtr*)( *((intOrPtr*)(_a4 - 4)) + 0x2e4)), _t128);
				}
				_pop(_t114);
				 *[fs:eax] = _t114;
				_pop(_t115);
				 *[fs:eax] = _t115;
				_push(E00467379);
				E00403400( &_v364);
				return E00403400( &_v8);
			}






















                                                    0x00467180
                                                    0x00467180
                                                    0x00467181
                                                    0x00467183
                                                    0x0046718a
                                                    0x0046718b
                                                    0x0046718e
                                                    0x00467194
                                                    0x00467199
                                                    0x0046719a
                                                    0x0046719f
                                                    0x004671a2
                                                    0x004671b6
                                                    0x004671cc
                                                    0x004671e2
                                                    0x004671f8
                                                    0x004671ff
                                                    0x00467200
                                                    0x00467205
                                                    0x00467208
                                                    0x00467223
                                                    0x0046722a
                                                    0x00467243
                                                    0x00467249
                                                    0x0046725a
                                                    0x0046725a
                                                    0x0046726a
                                                    0x004672c5
                                                    0x004672ca
                                                    0x004672ce
                                                    0x004672d4
                                                    0x004672da
                                                    0x004672da
                                                    0x004672df
                                                    0x004672e3
                                                    0x00467301
                                                    0x00467306
                                                    0x00467308
                                                    0x0046730a
                                                    0x00467311
                                                    0x00467321
                                                    0x00467338
                                                    0x00467338
                                                    0x00467311
                                                    0x00467308
                                                    0x0046726c
                                                    0x00467274
                                                    0x00467279
                                                    0x00467289
                                                    0x00467294
                                                    0x0046729a
                                                    0x004672a0
                                                    0x004672b1
                                                    0x004672b1
                                                    0x0046733f
                                                    0x00467342
                                                    0x00467353
                                                    0x00467356
                                                    0x00467359
                                                    0x00467364
                                                    0x00467371

                                                    APIs
                                                    • SHGetFileInfo.SHELL32(c:\directory,00000010,?,00000160,00001010), ref: 00467223
                                                    • ExtractIconA.SHELL32(00400000,00000000,?), ref: 00467249
                                                      • Part of subcall function 004670C0: DrawIconEx.USER32 ref: 00467158
                                                      • Part of subcall function 004670C0: DestroyCursor.USER32(00000000), ref: 0046716E
                                                    • ExtractIconA.SHELL32(00400000,00000000,00000027), ref: 004672A0
                                                    • SHGetFileInfo.SHELL32(00000000,00000000,?,00000160,00001000), ref: 00467301
                                                    • ExtractIconA.SHELL32(00400000,00000000,?), ref: 00467327
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Icon$Extract$FileInfo$CursorDestroyDraw
                                                    • String ID: c:\directory$shell32.dll
                                                    • API String ID: 3376378930-1375355148
                                                    • Opcode ID: f8e7a2be6646ab53a43d8afa294666c4430ced656155bca463c38b02dc44b0f5
                                                    • Instruction ID: 138a6298abd7f9113949ce3c73846b23f8ddde712b50b90900ee050f9a83399f
                                                    • Opcode Fuzzy Hash: f8e7a2be6646ab53a43d8afa294666c4430ced656155bca463c38b02dc44b0f5
                                                    • Instruction Fuzzy Hash: 1D516E70604244AFD710DF65CD8AFDFB7E8EB48308F5081A6F8089B351D678AE81DB69
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00455010, Relevance: 10.7, APIs: 2, Strings: 5, Instructions: 154COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 51%
                                                    			E00455010(char __eax, void* __ebx, char __ecx, void* __edx, void* __edi, void* __esi, intOrPtr* _a4, void* _a8, short _a12, intOrPtr _a16, char _a20) {
				char _v5;
				char _v12;
				short _v32;
				intOrPtr _v36;
				char _v80;
				void* _v92;
				char _v96;
				char _v100;
				char _v104;
				intOrPtr _t59;
				void* _t69;
				signed int _t75;
				char _t105;
				intOrPtr _t125;
				void* _t135;
				intOrPtr* _t137;
				void* _t140;

				_t109 = __ecx;
				_v100 = 0;
				_v104 = 0;
				_v12 = 0;
				_t105 = __ecx;
				_t135 = __edx;
				_v5 = __eax;
				_t137 = _a4;
				E00403728(_a20);
				_push(_t140);
				_push(0x455206);
				_push( *[fs:eax]);
				 *[fs:eax] = _t140 + 0xffffff9c;
				E00403684(_t135, 0x455220);
				if(0 != 0) {
					_push(0x45522c);
					_push(_t135);
					_push(0x45522c);
					E00403634();
					__eflags = _t105;
					if(__eflags != 0) {
						_push(_v12);
						_push(0x455238);
						_push(_t105);
						E00403634();
					}
					E0042C8FC(_t135, _t109,  &_v100, __eflags);
					__eflags = E00406AC4(_v100, 0x455244);
					if(__eflags == 0) {
						L6:
						_t59 = E0042DBF4(_t58);
						__eflags = _t59;
						if(_t59 == 0) {
							_push(0x45522c);
							E0042D898( &_v104);
							E0042C3FC(_v104,  &_v100);
							_push(_v100);
							_push("COMMAND.COM\" /C ");
							_push(_v12);
							E00403634();
						} else {
							_push(0x45522c);
							E0042D8C4( &_v104);
							E0042C3FC(_v104,  &_v100);
							_push(_v100);
							_push("cmd.exe\" /C \"");
							_push(_v12);
							_push(0x45522c);
							E00403634();
						}
						goto L9;
					} else {
						E0042C8FC(_t135, _t109,  &_v100, __eflags);
						_t58 = E00406AC4(_v100, 0x455254);
						__eflags = _t58;
						if(_t58 != 0) {
							L9:
							__eflags = _a20;
							if(_a20 == 0) {
								E0042C8A4(_t135, _t109,  &_a20);
							}
							goto L11;
						}
						goto L6;
					}
				} else {
					E00403494( &_v12, _t105);
					L11:
					E00402934( &_v80, 0x44);
					_v80 = 0x44;
					_v36 = 1;
					_v32 = _a12;
					_t143 = _a20;
					if(_a20 == 0) {
						E0042D8C4( &_a20);
					}
					_t69 = E00403738(_a20);
					_t75 = E004527E8(_v5, E00403738(_v12), 0, _t143,  &_v96,  &_v80, _t69, 0, 0x4000000, 0, 0, 0); // executed
					asm("sbb ebx, ebx");
					_t108 =  ~( ~_t75);
					if( ~( ~_t75) != 0) {
						CloseHandle(_v92);
						E00454F7C(_v96, _t108, _a16, _t135, _t137, _t137); // executed
					} else {
						 *_t137 = GetLastError();
					}
					_pop(_t125);
					 *[fs:eax] = _t125;
					_push(E0045520D);
					E00403420( &_v104, 2);
					E00403400( &_v12);
					return E00403400( &_a20);
				}
			}




















                                                    0x00455010
                                                    0x0045501b
                                                    0x0045501e
                                                    0x00455021
                                                    0x00455024
                                                    0x00455026
                                                    0x00455028
                                                    0x0045502b
                                                    0x00455031
                                                    0x00455038
                                                    0x00455039
                                                    0x0045503e
                                                    0x00455041
                                                    0x0045504b
                                                    0x00455050
                                                    0x00455061
                                                    0x00455066
                                                    0x00455067
                                                    0x00455074
                                                    0x00455079
                                                    0x0045507b
                                                    0x0045507d
                                                    0x00455080
                                                    0x00455085
                                                    0x0045508e
                                                    0x0045508e
                                                    0x00455098
                                                    0x004550aa
                                                    0x004550ac
                                                    0x004550c9
                                                    0x004550c9
                                                    0x004550ce
                                                    0x004550d0
                                                    0x00455109
                                                    0x00455111
                                                    0x0045511c
                                                    0x00455121
                                                    0x00455124
                                                    0x00455129
                                                    0x00455134
                                                    0x004550d2
                                                    0x004550d2
                                                    0x004550da
                                                    0x004550e5
                                                    0x004550ea
                                                    0x004550ed
                                                    0x004550f2
                                                    0x004550f5
                                                    0x00455102
                                                    0x00455102
                                                    0x00000000
                                                    0x004550ae
                                                    0x004550b3
                                                    0x004550c0
                                                    0x004550c5
                                                    0x004550c7
                                                    0x00455139
                                                    0x00455139
                                                    0x0045513d
                                                    0x00455144
                                                    0x00455144
                                                    0x00000000
                                                    0x0045513d
                                                    0x00000000
                                                    0x004550c7
                                                    0x00455052
                                                    0x00455057
                                                    0x00455149
                                                    0x00455153
                                                    0x00455158
                                                    0x0045515f
                                                    0x0045516a
                                                    0x0045516e
                                                    0x00455172
                                                    0x00455177
                                                    0x00455177
                                                    0x0045518c
                                                    0x004551a9
                                                    0x004551b2
                                                    0x004551b4
                                                    0x004551b8
                                                    0x004551c7
                                                    0x004551d6
                                                    0x004551ba
                                                    0x004551bf
                                                    0x004551bf
                                                    0x004551dd
                                                    0x004551e0
                                                    0x004551e3
                                                    0x004551f0
                                                    0x004551f8
                                                    0x00455205
                                                    0x00455205

                                                    APIs
                                                    • GetLastError.KERNEL32(?,00000044,00000000,00000000,04000000,00000000,00000000,00000000,?,COMMAND.COM" /C ,?,0045522C,0045522C,?,0045522C,00000000), ref: 004551BA
                                                    • CloseHandle.KERNEL32(?,?,00000044,00000000,00000000,04000000,00000000,00000000,00000000,?,COMMAND.COM" /C ,?,0045522C,0045522C,?,0045522C), ref: 004551C7
                                                      • Part of subcall function 00454F7C: WaitForInputIdle.USER32 ref: 00454FA8
                                                      • Part of subcall function 00454F7C: MsgWaitForMultipleObjects.USER32 ref: 00454FCA
                                                      • Part of subcall function 00454F7C: GetExitCodeProcess.KERNEL32 ref: 00454FD9
                                                      • Part of subcall function 00454F7C: CloseHandle.KERNEL32(?,00455006,00454FFF,?,?,?,00000000,?,?,004551DB,?,?,?,00000044,00000000,00000000), ref: 00454FF9
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CloseHandleWait$CodeErrorExitIdleInputLastMultipleObjectsProcess
                                                    • String ID: .bat$.cmd$COMMAND.COM" /C $D$cmd.exe" /C "
                                                    • API String ID: 854858120-615399546
                                                    • Opcode ID: 63752eec2b59b4f13cc9efe802cf5237778c55757737ce0832ecc6fe0270d99e
                                                    • Instruction ID: 058baa7e90e176347c833b132b7c272bf8058e823d6e061bdbf2f6311869cd9e
                                                    • Opcode Fuzzy Hash: 63752eec2b59b4f13cc9efe802cf5237778c55757737ce0832ecc6fe0270d99e
                                                    • Instruction Fuzzy Hash: 41516D34B0074DABCF10EFA5D852BDEBBB9AF44305F50447BB804B7292D7789A098B59
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0042368C, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 96windowCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 93%
                                                    			E0042368C(void* __ecx, char __edx, void* __edi) {
				char _v5;
				char _v261;
				void* __esi;
				void* __ebp;
				int _t29;
				struct HINSTANCE__* _t40;
				intOrPtr _t44;
				struct HINSTANCE__* _t46;
				void* _t52;
				char* _t54;
				int _t65;
				void* _t66;
				char _t68;
				void* _t78;
				void* _t80;
				void* _t81;

				_t78 = __edi;
				_t68 = __edx;
				_t66 = __ecx;
				if(__edx != 0) {
					_t81 = _t81 + 0xfffffff0;
					_t29 = E00402D30(_t29, _t80);
				}
				_v5 = _t68;
				_t65 = _t29;
				E00410030(_t66, 0);
				 *((intOrPtr*)(_t65 + 0x70)) = E00402B30(1);
				 *((intOrPtr*)(_t65 + 0x80)) = E00402B30(1);
				 *((intOrPtr*)(_t65 + 0x40)) = 0;
				 *((intOrPtr*)(_t65 + 0x60)) = 0;
				 *((intOrPtr*)(_t65 + 0x3c)) = 0x80000018;
				 *((intOrPtr*)(_t65 + 0x54)) = 0x1f4;
				 *((intOrPtr*)(_t65 + 0x58)) = 0x32;
				 *((intOrPtr*)(_t65 + 0x5c)) = 0x9c4;
				 *((char*)(_t65 + 0x64)) = 0;
				 *((char*)(_t65 + 0x7d)) = 1;
				_t79 = E0041DA14(1);
				 *((intOrPtr*)(_t65 + 0x78)) = _t39;
				_t40 =  *0x49c014; // 0x400000
				E0041DDA0(_t79, LoadIconA(_t40, "MAINICON"));
				_t13 = _t65 + 0x78; // 0xc23bc88b
				_t44 =  *_t13;
				 *((intOrPtr*)(_t44 + 8)) = _t65;
				 *((intOrPtr*)(_t44 + 4)) = 0x424aa4;
				_t46 =  *0x49c014; // 0x400000
				GetModuleFileNameA(_t46,  &_v261, 0x100);
				OemToCharA( &_v261,  &_v261);
				_t52 = E004074C0( &_v261, 0x5c);
				if(_t52 != 0) {
					_t20 = _t52 + 1; // 0x1
					E00407328( &_v261, _t20);
				}
				_t54 = E004074A0( &_v261, 0x2e);
				if(_t54 != 0) {
					 *_t54 = 0;
				}
				CharLowerA( &(( &_v261)[1]));
				_t24 = _t65 + 0x6c; // 0x41ee10
				E0040355C(_t24, 0x100,  &_v261);
				if( *0x49c034 == 0) {
					E00423874(_t65, _t78, _t79);
				}
				 *((char*)(_t65 + 0x39)) = 1;
				 *((char*)(_t65 + 0x3a)) = 1;
				if(_v5 != 0) {
					_pop( *[fs:0x0]);
				}
				return _t65;
			}



















                                                    0x0042368c
                                                    0x0042368c
                                                    0x0042368c
                                                    0x00423699
                                                    0x0042369b
                                                    0x0042369e
                                                    0x0042369e
                                                    0x004236a3
                                                    0x004236a6
                                                    0x004236ac
                                                    0x004236bd
                                                    0x004236cc
                                                    0x004236d4
                                                    0x004236d9
                                                    0x004236dc
                                                    0x004236e3
                                                    0x004236ea
                                                    0x004236f1
                                                    0x004236f8
                                                    0x004236fc
                                                    0x0042370c
                                                    0x0042370e
                                                    0x00423716
                                                    0x00423725
                                                    0x0042372a
                                                    0x0042372a
                                                    0x0042372d
                                                    0x00423730
                                                    0x00423743
                                                    0x00423749
                                                    0x0042375c
                                                    0x00423769
                                                    0x00423770
                                                    0x00423772
                                                    0x0042377b
                                                    0x0042377b
                                                    0x00423788
                                                    0x0042378f
                                                    0x00423791
                                                    0x00423791
                                                    0x0042379c
                                                    0x004237a1
                                                    0x004237af
                                                    0x004237bb
                                                    0x004237bf
                                                    0x004237bf
                                                    0x004237c4
                                                    0x004237c8
                                                    0x004237d0
                                                    0x004237d2
                                                    0x004237d9
                                                    0x004237e3

                                                    APIs
                                                    • LoadIconA.USER32(00400000,MAINICON), ref: 0042371C
                                                    • GetModuleFileNameA.KERNEL32(00400000,?,00000100,00400000,MAINICON,?,?,?,00418FE6,00000000,?,?,00000001,00000000), ref: 00423749
                                                    • OemToCharA.USER32 ref: 0042375C
                                                    • CharLowerA.USER32(?,?,?,00400000,?,00000100,00400000,MAINICON,?,?,?,00418FE6,00000000,?,?,00000001), ref: 0042379C
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Char$FileIconLoadLowerModuleName
                                                    • String ID: 2$MAINICON
                                                    • API String ID: 3935243913-3181700818
                                                    • Opcode ID: cf430e0210604bfe20bf37cdaa13f201e8b9ac728ae33447d1f713ae06624bab
                                                    • Instruction ID: b862ab30e907d7d11921ba87c75f7ed125cbb11c913e829f49b155bf854cd81d
                                                    • Opcode Fuzzy Hash: cf430e0210604bfe20bf37cdaa13f201e8b9ac728ae33447d1f713ae06624bab
                                                    • Instruction Fuzzy Hash: 55318370A042549ADF10EF69D8C57C67BA8AF14308F4441BAE844DB393D7BED988CB69
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00418F38, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 55threadCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00418F38(void* __edi, void* __eflags) {
				char _v8;
				long _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v56;
				char _v60;
				char _t15;
				intOrPtr _t22;
				intOrPtr _t25;
				intOrPtr _t27;
				intOrPtr _t29;

				_v24 = GetCurrentProcessId();
				_v20 = 0;
				 *0x49c5c6 = GlobalAddAtomA(E004078C0( &_v56,  &_v24, "Delphi%.8X", 0));
				_t15 =  *0x49c014; // 0x400000
				_v20 = _t15;
				_v16 = 0;
				_v12 = GetCurrentThreadId();
				_v8 = 0;
				 *0x49c5c8 = GlobalAddAtomA(E004078C0( &_v60,  &_v20, "ControlOfs%.8X%.8X", 1));
				 *0x49c600 = E00402B30(1);
				_t22 =  *0x49c600; // 0x21a0638
				E0040B3C8(_t22, 4);
				_t25 = E004230C8(1); // executed
				 *0x49c62c = _t25;
				_t27 = E0042368C(0, 1, __edi); // executed
				 *0x49c628 = _t27;
				E0041F118();
				_t29 =  *0x49c628; // 0x21a2410
				E00424900(_t29, 1);
				E00406A24(E00418F08, 1);
				return E0040ADAC(0x412a20, 0x4138c0, 0x4138f4);
			}















                                                    0x00418f42
                                                    0x00418f46
                                                    0x00418f63
                                                    0x00418f6b
                                                    0x00418f70
                                                    0x00418f74
                                                    0x00418f7e
                                                    0x00418f82
                                                    0x00418f9f
                                                    0x00418fb1
                                                    0x00418fbb
                                                    0x00418fc0
                                                    0x00418fce
                                                    0x00418fd3
                                                    0x00418fe1
                                                    0x00418fe6
                                                    0x00418feb
                                                    0x00418ff2
                                                    0x00418ff7
                                                    0x00419001
                                                    0x0041901d

                                                    APIs
                                                    • GetCurrentProcessId.KERNEL32(00000000), ref: 00418F3D
                                                    • GlobalAddAtomA.KERNEL32 ref: 00418F5E
                                                    • GetCurrentThreadId.KERNEL32 ref: 00418F79
                                                    • GlobalAddAtomA.KERNEL32 ref: 00418F9A
                                                      • Part of subcall function 004230C8: GetDC.USER32(00000000), ref: 0042311E
                                                      • Part of subcall function 004230C8: EnumFontsA.GDI32(00000000,00000000,00423068,00410460,00000000,?,?,00000000,?,00418FD3,00000000,?,?,00000001,00000000), ref: 00423131
                                                      • Part of subcall function 004230C8: GetDeviceCaps.GDI32(00000000,0000005A), ref: 00423139
                                                      • Part of subcall function 004230C8: ReleaseDC.USER32 ref: 00423144
                                                      • Part of subcall function 0042368C: LoadIconA.USER32(00400000,MAINICON), ref: 0042371C
                                                      • Part of subcall function 0042368C: GetModuleFileNameA.KERNEL32(00400000,?,00000100,00400000,MAINICON,?,?,?,00418FE6,00000000,?,?,00000001,00000000), ref: 00423749
                                                      • Part of subcall function 0042368C: OemToCharA.USER32 ref: 0042375C
                                                      • Part of subcall function 0042368C: CharLowerA.USER32(?,?,?,00400000,?,00000100,00400000,MAINICON,?,?,?,00418FE6,00000000,?,?,00000001), ref: 0042379C
                                                      • Part of subcall function 0041F118: GetVersion.KERNEL32(?,00418FF0,00000000,?,?,00000001,00000000), ref: 0041F126
                                                      • Part of subcall function 0041F118: SetErrorMode.KERNEL32(00008000,?,00418FF0,00000000,?,?,00000001,00000000), ref: 0041F142
                                                      • Part of subcall function 0041F118: LoadLibraryA.KERNEL32(CTL3D32.DLL,00008000,?,00418FF0,00000000,?,?,00000001,00000000), ref: 0041F14E
                                                      • Part of subcall function 0041F118: SetErrorMode.KERNEL32(00000000,CTL3D32.DLL,00008000,?,00418FF0,00000000,?,?,00000001,00000000), ref: 0041F15C
                                                      • Part of subcall function 0041F118: GetProcAddress.KERNEL32(00000001,Ctl3dRegister), ref: 0041F18C
                                                      • Part of subcall function 0041F118: GetProcAddress.KERNEL32(00000001,Ctl3dUnregister), ref: 0041F1B5
                                                      • Part of subcall function 0041F118: GetProcAddress.KERNEL32(00000001,Ctl3dSubclassCtl), ref: 0041F1CA
                                                      • Part of subcall function 0041F118: GetProcAddress.KERNEL32(00000001,Ctl3dSubclassDlgEx), ref: 0041F1DF
                                                      • Part of subcall function 0041F118: GetProcAddress.KERNEL32(00000001,Ctl3dDlgFramePaint), ref: 0041F1F4
                                                      • Part of subcall function 0041F118: GetProcAddress.KERNEL32(00000001,Ctl3dCtlColorEx), ref: 0041F209
                                                      • Part of subcall function 0041F118: GetProcAddress.KERNEL32(00000001,Ctl3dAutoSubclass), ref: 0041F21E
                                                      • Part of subcall function 0041F118: GetProcAddress.KERNEL32(00000001,Ctl3dUnAutoSubclass), ref: 0041F233
                                                      • Part of subcall function 0041F118: GetProcAddress.KERNEL32(00000001,Ctl3DColorChange), ref: 0041F248
                                                      • Part of subcall function 0041F118: GetProcAddress.KERNEL32(00000001,BtnWndProc3d), ref: 0041F25D
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: AddressProc$AtomCharCurrentErrorGlobalLoadMode$CapsDeviceEnumFileFontsIconLibraryLowerModuleNameProcessReleaseThreadVersion
                                                    • String ID: ControlOfs%.8X%.8X$Delphi%.8X
                                                    • API String ID: 316262546-2767913252
                                                    • Opcode ID: c3c7402eb53e612c3b512b557f399bbe14ff06964072e4e083a76be830bddd2f
                                                    • Instruction ID: 262aedaf28d83917acc42982c60ac9de39c1673015ef694de88cecf514dc8a08
                                                    • Opcode Fuzzy Hash: c3c7402eb53e612c3b512b557f399bbe14ff06964072e4e083a76be830bddd2f
                                                    • Instruction Fuzzy Hash: 66112E706142419AD740FF75A88274A7BE19B68318F40943FF448A7391DB3D99448B5F
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0042DE44, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 32registrylibraryloaderCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 68%
                                                    			E0042DE44(void* __eax, char* __ecx, void* __edx) {
				void* _t3;

				_t10 = __ecx;
				_t7 = __edx;
				if(__eax == 2) {
					if( *0x49c65c == 0) {
						 *0x49c65c = GetProcAddress(GetModuleHandleA("advapi32.dll"), "RegDeleteKeyExA");
					}
					if( *0x49c65c == 0) {
						return 0x7f;
					} else {
						_t3 =  *0x49c65c(_t7, _t10, 0x100, 0); // executed
						return _t3;
					}
				}
				return RegDeleteKeyA(__edx, __ecx);
			}




                                                    0x0042de46
                                                    0x0042de48
                                                    0x0042de4c
                                                    0x0042de5f
                                                    0x0042de76
                                                    0x0042de76
                                                    0x0042de82
                                                    0x00000000
                                                    0x0042de84
                                                    0x0042de8d
                                                    0x00000000
                                                    0x0042de8d
                                                    0x0042de82
                                                    0x0042de57

                                                    APIs
                                                    • RegDeleteKeyA.ADVAPI32(00000000,00000000), ref: 0042DE50
                                                    • GetModuleHandleA.KERNEL32(advapi32.dll,RegDeleteKeyExA,?,00000000,0042DFEB,00000000,0042E003,?,?,?,?,00000006,?,00000000,00497D9D), ref: 0042DE6B
                                                    • GetProcAddress.KERNEL32(00000000,advapi32.dll), ref: 0042DE71
                                                    • RegDeleteKeyExA.KERNELBASE(00000000,00000000,00000100,00000000,?,00000000,0042DFEB,00000000,0042E003,?,?,?,?,00000006,?,00000000), ref: 0042DE8D
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Delete$AddressHandleModuleProc
                                                    • String ID: RegDeleteKeyExA$advapi32.dll
                                                    • API String ID: 636244128-1846899949
                                                    • Opcode ID: 7c0b6ea7bcf1210885e3a643890e25c79888cd60f6735391ad7bc9aa4f19570a
                                                    • Instruction ID: 3a2ca878903e1795670eed695717ef80bb4394372fb88417f4d80fec8e7fd05d
                                                    • Opcode Fuzzy Hash: 7c0b6ea7bcf1210885e3a643890e25c79888cd60f6735391ad7bc9aa4f19570a
                                                    • Instruction Fuzzy Hash: 1CE06DF1B41B70BAD72022657C8ABA33729DB79365F655437F105AD19182BC1C40CE9C
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0041363C, Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 43%
                                                    			E0041363C(struct HWND__* _a4, void* _a8, void* _a12, intOrPtr _a16) {
				char _v8;
				void* _t22;
				void* _t23;
				struct HWND__* _t26;
				void* _t28;
				signed int _t29;
				void* _t32;
				char* _t43;
				struct HWND__* _t45;

				_t43 =  &_v8;
				_t22 =  *0x49a2d8; // 0x0
				_t45 = _a4;
				 *((intOrPtr*)(_t22 + 0xc0)) = _t45;
				_t23 =  *0x49a2d8; // 0x0
				_t26 = SetWindowLongA(_a4, 0xfffffffc,  *(_t23 + 0xa8));
				_push(0xfffffff0);
				asm("lock mov eax, [ebp+0x8]");
				if((GetWindowLongA(_t26, ??) & 0x40000000) != 0 && GetWindowLongA(_a4, 0xfffffff4) == 0) {
					SetWindowLongA(_a4, 0xfffffff4, _a4);
				}
				_t28 =  *0x49a2d8; // 0x0
				_push(_t28);
				_t29 =  *0x49c5c8 & 0x0000ffff;
				asm("enter 0x49c5, 0x0");
				 *((intOrPtr*)(_t29 - 0x75)) =  *((intOrPtr*)(_t29 - 0x75)) + _t45;
				SetPropA(_a4, ??, ??);
				_t32 =  *0x49a2d8; // 0x0
				SetPropA(_a4,  *0x49c5c6 & 0x0000ffff, _t32);
				_push(_a16);
			}












                                                    0x00413641
                                                    0x00413644
                                                    0x00413649
                                                    0x0041364c
                                                    0x00413652
                                                    0x00413664
                                                    0x00413669
                                                    0x0041366a
                                                    0x00413679
                                                    0x00413694
                                                    0x00413694
                                                    0x00413699
                                                    0x0041369e
                                                    0x0041369f
                                                    0x004136a2
                                                    0x004136a5
                                                    0x004136ab
                                                    0x004136b0
                                                    0x004136c2
                                                    0x004136c7

                                                    APIs
                                                    • SetWindowLongA.USER32 ref: 00413664
                                                    • GetWindowLongA.USER32 ref: 0041366F
                                                    • GetWindowLongA.USER32 ref: 00413681
                                                    • SetWindowLongA.USER32 ref: 00413694
                                                    • SetPropA.USER32(?,00000000,00000000), ref: 004136AB
                                                    • SetPropA.USER32(?,00000000,00000000), ref: 004136C2
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: LongWindow$Prop
                                                    • String ID:
                                                    • API String ID: 3887896539-0
                                                    • Opcode ID: 55b4cfc7ed5f4da29afab9da53070d8663b34cf21f33470337f2daa11a5508e3
                                                    • Instruction ID: 32a7d7ee2a8f5ff67583a88600f624804d914e0ed1a23c97313bafe8e531d0b4
                                                    • Opcode Fuzzy Hash: 55b4cfc7ed5f4da29afab9da53070d8663b34cf21f33470337f2daa11a5508e3
                                                    • Instruction Fuzzy Hash: 55110D76100204BFDF00DF99DC84E9A37E8EB08364F104266B918DB3A2C739E990DB99
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00401A90, Relevance: 9.1, APIs: 6, Instructions: 59COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 71%
                                                    			E00401A90() {
				void* _t2;
				void* _t3;
				void* _t14;
				intOrPtr* _t18;
				intOrPtr _t22;
				intOrPtr _t24;

				_t22 = _t24;
				if( *0x49c419 == 0) {
					return _t2;
				} else {
					_push(_t22);
					_push(E00401B68);
					_push( *[fs:edx]);
					 *[fs:edx] = _t24;
					if( *0x49c036 != 0) {
						_push(0x49c420);
						L00401328();
					}
					 *0x49c419 = 0;
					_t3 =  *0x49c478; // 0x0
					LocalFree(_t3);
					 *0x49c478 = 0;
					_t18 =  *0x49c440; // 0x49c440
					while(_t18 != 0x49c440) {
						_t1 = _t18 + 8; // 0x0
						VirtualFree( *_t1, 0, 0x8000); // executed
						_t18 =  *_t18;
					}
					E00401390(0x49c440);
					E00401390(0x49c450);
					E00401390(0x49c47c);
					_t14 =  *0x49c438; // 0x0
					while(_t14 != 0) {
						 *0x49c438 =  *_t14;
						LocalFree(_t14);
						_t14 =  *0x49c438; // 0x0
					}
					_pop( *[fs:0x0]);
					_push(0x401b6f);
					if( *0x49c036 != 0) {
						_push(0x49c420);
						L00401330();
					}
					_push(0x49c420);
					L00401338();
					return _t14;
				}
			}









                                                    0x00401a91
                                                    0x00401a9b
                                                    0x00401b71
                                                    0x00401aa1
                                                    0x00401aa3
                                                    0x00401aa4
                                                    0x00401aa9
                                                    0x00401aac
                                                    0x00401ab6
                                                    0x00401ab8
                                                    0x00401abd
                                                    0x00401abd
                                                    0x00401ac2
                                                    0x00401ac9
                                                    0x00401acf
                                                    0x00401ad6
                                                    0x00401adb
                                                    0x00401af5
                                                    0x00401aea
                                                    0x00401aee
                                                    0x00401af3
                                                    0x00401af3
                                                    0x00401b02
                                                    0x00401b0c
                                                    0x00401b16
                                                    0x00401b1b
                                                    0x00401b22
                                                    0x00401b26
                                                    0x00401b2d
                                                    0x00401b32
                                                    0x00401b37
                                                    0x00401b3b
                                                    0x00401b45
                                                    0x00401b51
                                                    0x00401b53
                                                    0x00401b58
                                                    0x00401b58
                                                    0x00401b5d
                                                    0x00401b62
                                                    0x00401b67
                                                    0x00401b67

                                                    APIs
                                                    • RtlEnterCriticalSection.KERNEL32(Function_0009C420,00000000,00401B68), ref: 00401ABD
                                                    • LocalFree.KERNEL32(00000000,00000000,00401B68), ref: 00401ACF
                                                    • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,00000000,00401B68), ref: 00401AEE
                                                    • LocalFree.KERNEL32(00000000,00000000,00000000,00008000,00000000,00000000,00401B68), ref: 00401B2D
                                                    • RtlLeaveCriticalSection.KERNEL32(Function_0009C420,00401B6F), ref: 00401B58
                                                    • RtlDeleteCriticalSection.KERNEL32(Function_0009C420,00401B6F), ref: 00401B62
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CriticalFreeSection$Local$DeleteEnterLeaveVirtual
                                                    • String ID:
                                                    • API String ID: 3782394904-0
                                                    • Opcode ID: 506d76f91a6402bd3123c10f578b909d53b5223261c1fc0a6bc221ef69140a08
                                                    • Instruction ID: ece8596464e12e4b83b5bd96c0fd07c419ca8ccd111934747786d766a0fa6b25
                                                    • Opcode Fuzzy Hash: 506d76f91a6402bd3123c10f578b909d53b5223261c1fc0a6bc221ef69140a08
                                                    • Instruction Fuzzy Hash: AC119D30B403405BEB15ABA59CE2B363BE4A765708F94007BF40067AF1D67C984087AE
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004556D8, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 142registryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 57%
                                                    			E004556D8(intOrPtr __eax, void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _v8;
				void* _v12;
				char _v16;
				char _v20;
				intOrPtr* _v24;
				char _v112;
				char _v4208;
				char _v4212;
				char _v4216;
				void* _t41;
				void* _t70;
				void* _t80;
				void* _t86;
				void* _t105;
				void* _t106;
				intOrPtr _t111;
				intOrPtr _t113;
				intOrPtr _t119;
				void* _t129;
				void* _t130;
				intOrPtr _t132;

				_t129 = _t130;
				_push(__eax);
				_t132 = _t130 + 0xffffffffffffef90;
				_v4212 = 0;
				_v4216 = 0;
				_v16 = 0;
				_v20 = 0;
				_v8 = __eax;
				_push(_t129);
				_push(0x4558af);
				_push( *[fs:eax]);
				 *[fs:eax] = _t132;
				_t41 = E00451834( &_v112);
				_push(_t129);
				_push(0x45586f);
				_push( *[fs:edx]);
				 *[fs:edx] = _t132;
				if(E0042DBF4(_t41) == 0) {
					E0042D898( &_v4216);
					E0042C3FC(_v4216,  &_v4212);
					E004035C0( &_v20, "WININIT.INI", _v4212);
					if(E0042CD24(_v20) == 0) {
						goto L12;
					} else {
						_v24 = E0045072C(1, 1, 0, 2);
						_push(_t129);
						_push(0x45585e);
						_push( *[fs:edx]);
						 *[fs:edx] = _t132;
						while( *((intOrPtr*)( *_v24 + 8))() != 0) {
							E0045185C( &_v112, _t62,  &_v4208);
						}
						_pop(_t119);
						 *[fs:eax] = _t119;
						_push(0x455865);
						return E00402B58(_v24);
					}
				} else {
					_t70 = E0042DE1C(0, "SYSTEM\\CurrentControlSet\\Control\\Session Manager", 0x80000002,  &_v12, 1, 0); // executed
					if(_t70 == 0) {
						if(E0042DD58() != 0) {
							_push(E00403574(_v16));
							_t86 = E00403744( &_v16);
							_pop(_t106);
							E0045185C( &_v112, _t106, _t86);
						}
						if(E0042DD58() != 0) {
							_push(E00403574(_v16));
							_t80 = E00403744( &_v16);
							_pop(_t105);
							E0045185C( &_v112, _t105, _t80);
						}
						RegCloseKey(_v12);
					}
					L12:
					_pop(_t111);
					 *[fs:eax] = _t111;
					E0045190C( &_v112, _v8);
					_pop(_t113);
					 *[fs:eax] = _t113;
					_push(0x4558b6);
					E00403420( &_v4216, 2);
					return E00403420( &_v20, 2);
				}
			}
























                                                    0x004556d9
                                                    0x004556e1
                                                    0x004556e2
                                                    0x004556ea
                                                    0x004556f0
                                                    0x004556f6
                                                    0x004556f9
                                                    0x004556fc
                                                    0x00455701
                                                    0x00455702
                                                    0x00455707
                                                    0x0045570a
                                                    0x00455710
                                                    0x00455717
                                                    0x00455718
                                                    0x0045571d
                                                    0x00455720
                                                    0x0045572a
                                                    0x004557c5
                                                    0x004557d6
                                                    0x004557e9
                                                    0x004557f8
                                                    0x00000000
                                                    0x004557fa
                                                    0x0045580f
                                                    0x00455814
                                                    0x00455815
                                                    0x0045581a
                                                    0x0045581d
                                                    0x00455820
                                                    0x00455841
                                                    0x00455841
                                                    0x0045584a
                                                    0x0045584d
                                                    0x00455850
                                                    0x0045585d
                                                    0x0045585d
                                                    0x00455730
                                                    0x00455744
                                                    0x0045574b
                                                    0x00455763
                                                    0x0045576d
                                                    0x00455771
                                                    0x0045577b
                                                    0x0045577c
                                                    0x0045577c
                                                    0x00455793
                                                    0x0045579d
                                                    0x004557a1
                                                    0x004557ab
                                                    0x004557ac
                                                    0x004557ac
                                                    0x004557b5
                                                    0x004557b5
                                                    0x00455865
                                                    0x00455867
                                                    0x0045586a
                                                    0x0045587f
                                                    0x00455886
                                                    0x00455889
                                                    0x0045588c
                                                    0x0045589c
                                                    0x004558ae
                                                    0x004558ae

                                                    APIs
                                                      • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,00483FBF,?,00000001,?,?,00483FBF,?,00000001,00000000), ref: 0042DE38
                                                    • RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,0045586F,?,00000000,004558AF), ref: 004557B5
                                                    Strings
                                                    • SYSTEM\CurrentControlSet\Control\Session Manager, xrefs: 00455738
                                                    • PendingFileRenameOperations, xrefs: 00455754
                                                    • WININIT.INI, xrefs: 004557E4
                                                    • PendingFileRenameOperations2, xrefs: 00455784
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CloseOpen
                                                    • String ID: PendingFileRenameOperations$PendingFileRenameOperations2$SYSTEM\CurrentControlSet\Control\Session Manager$WININIT.INI
                                                    • API String ID: 47109696-2199428270
                                                    • Opcode ID: 8c0e85f1c7885db24e52a249d5dd3c3b4f133e831d547577a59a6845a7cbc00a
                                                    • Instruction ID: 0fa1da25f67206326559771d92c7e47b52ca8d856d575cc5f046ac455f5bab2a
                                                    • Opcode Fuzzy Hash: 8c0e85f1c7885db24e52a249d5dd3c3b4f133e831d547577a59a6845a7cbc00a
                                                    • Instruction Fuzzy Hash: FF51A974E006089FDB10EF61DC51AEEB7B9EF44305F50857BEC04A7292DB78AE49CA58
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0047CF70, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 101COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateDirectoryA.KERNEL32(00000000,00000000,00000000,0047D0C6,?,?,00000000,0049C628,00000000,00000000,?,00498A79,00000000,00498C22,?,00000000), ref: 0047D003
                                                    • GetLastError.KERNEL32(00000000,00000000,00000000,0047D0C6,?,?,00000000,0049C628,00000000,00000000,?,00498A79,00000000,00498C22,?,00000000), ref: 0047D00C
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CreateDirectoryErrorLast
                                                    • String ID: Created temporary directory: $\_setup64.tmp$_isetup
                                                    • API String ID: 1375471231-2952887711
                                                    • Opcode ID: 1eecf4954ce0daf108bada4207312d6aeeb0373aff1a8b62d3740012125efc95
                                                    • Instruction ID: af260f6f7480edecd638166999e30f7be440663a8b327b718aa5de057e1adae4
                                                    • Opcode Fuzzy Hash: 1eecf4954ce0daf108bada4207312d6aeeb0373aff1a8b62d3740012125efc95
                                                    • Instruction Fuzzy Hash: 58413474E101099BDB00EFA5D882ADEB7B5EF45309F50843BE81477392DB38AE05CB69
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00452510, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 75COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • 742514E0.VERSION(00000000,?,?,?,@~I), ref: 00452530
                                                    • 742514C0.VERSION(00000000,?,00000000,?,00000000,004525AB,?,00000000,?,?,?,@~I), ref: 0045255D
                                                    • 74251500.VERSION(?,004525D4,?,?,00000000,?,00000000,?,00000000,004525AB,?,00000000,?,?,?,@~I), ref: 00452577
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: 742514$74251500
                                                    • String ID: @~I$%E
                                                    • API String ID: 4005490263-12183032
                                                    • Opcode ID: ecc4a53eae0f0353b9c4fbae86b81e22f468796990bc4f412eb59b78197fba3a
                                                    • Instruction ID: d9114bf675870787a38e05941c017967a2856d65250c066ee12fed36e81ef4e1
                                                    • Opcode Fuzzy Hash: ecc4a53eae0f0353b9c4fbae86b81e22f468796990bc4f412eb59b78197fba3a
                                                    • Instruction Fuzzy Hash: B2218331A00608BFDB01DAA989519AFB7FCEB4A300F554477F800E7242E6B9AE04C765
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0042ED38, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 55libraryloaderCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SHAutoComplete.SHLWAPI(00000000,00000001), ref: 0042EDC5
                                                      • Part of subcall function 0042D8C4: GetSystemDirectoryA.KERNEL32 ref: 0042D8D7
                                                      • Part of subcall function 0042E394: SetErrorMode.KERNEL32(00008000), ref: 0042E39E
                                                      • Part of subcall function 0042E394: LoadLibraryA.KERNEL32(00000000,00000000,0042E3E8,?,00000000,0042E406,?,00008000), ref: 0042E3CD
                                                    • GetProcAddress.KERNEL32(00000000,SHAutoComplete), ref: 0042EDA8
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: AddressAutoCompleteDirectoryErrorLibraryLoadModeProcSystem
                                                    • String ID: SHAutoComplete$plIw$shlwapi.dll
                                                    • API String ID: 395431579-831489274
                                                    • Opcode ID: d2add807985338a3a4de70ffbea5f6e522c174cd2b64bb88ee8a0c215b8dc213
                                                    • Instruction ID: 8774d5b728639f053903c60940f16a99d8dd695e97b41c3f5606bf77cec82f81
                                                    • Opcode Fuzzy Hash: d2add807985338a3a4de70ffbea5f6e522c174cd2b64bb88ee8a0c215b8dc213
                                                    • Instruction Fuzzy Hash: 4B11A330B40315BBD711EB62EC85B9E7BA8DB55704F90487BF40066291DBB89E05CA1C
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00423A84, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • EnumWindows.USER32(00423A1C), ref: 00423AA8
                                                    • GetWindow.USER32(?,00000003), ref: 00423ABD
                                                    • GetWindowLongA.USER32 ref: 00423ACC
                                                    • SetWindowPos.USER32(00000000,\AB,00000000,00000000,00000000,00000000,00000013,?,000000EC,?,?,?,004241AB,?,?,00423D73), ref: 00423B02
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Window$EnumLongWindows
                                                    • String ID: \AB
                                                    • API String ID: 4191631535-3948367934
                                                    • Opcode ID: a0c9b363d8d6b9641aeb8446b7a4c92f3f3c9368b10cc117bc4f3e1b93ce2f77
                                                    • Instruction ID: 4b6871d745899257b3dec3320e13ee817e68a68cd1b349d039e0556484540124
                                                    • Opcode Fuzzy Hash: a0c9b363d8d6b9641aeb8446b7a4c92f3f3c9368b10cc117bc4f3e1b93ce2f77
                                                    • Instruction Fuzzy Hash: 51115E70700610ABDB109F28D885F5677E8EB08715F10026AF994AB2E3C378ED41CB58
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0046BB68, Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 320COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • Need to restart Windows? %s, xrefs: 0046BEED
                                                    • NextButtonClick, xrefs: 0046BCA4
                                                    • PrepareToInstall failed: %s, xrefs: 0046BEC6
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: Need to restart Windows? %s$NextButtonClick$PrepareToInstall failed: %s
                                                    • API String ID: 0-2329492092
                                                    • Opcode ID: f3819a77ef082afcaf0e6c4a01e491f052cb499867848a1e8605ae4331579db4
                                                    • Instruction ID: 90597b727b8db671a1353bb67a89dff92caaf8a867f7f44957cc6056c8ca7693
                                                    • Opcode Fuzzy Hash: f3819a77ef082afcaf0e6c4a01e491f052cb499867848a1e8605ae4331579db4
                                                    • Instruction Fuzzy Hash: 20D13234A04108DFCB05EF99C585AEE77F5EF09304F6444BAE404AB352E778AE41CB9A
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00483460, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 226COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetActiveWindow.USER32(?,?,00000000,004837B1), ref: 00483584
                                                    • SHChangeNotify.SHELL32(08000000,00000000,00000000,00000000), ref: 00483622
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: ActiveChangeNotifyWindow
                                                    • String ID: $Need to restart Windows? %s
                                                    • API String ID: 1160245247-4200181552
                                                    • Opcode ID: b5dd91243014db4656f03101863c25a3411c418fd9b98f7e5bae53e627ce7ab2
                                                    • Instruction ID: 3cd60a37b7a546e93b5b4b6a9d2fae219af0f2955b55f79ce689c7847cb83c99
                                                    • Opcode Fuzzy Hash: b5dd91243014db4656f03101863c25a3411c418fd9b98f7e5bae53e627ce7ab2
                                                    • Instruction Fuzzy Hash: 7E91B174A002449FDB10FF69D885B9E77E4AF49709F0444BBE8009B362D778AE05CB5E
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0046FC2C, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 161COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 0042C804: GetFullPathNameA.KERNEL32(00000000,00001000,?), ref: 0042C828
                                                    • GetLastError.KERNEL32(00000000,0046FE29,?,?,0049D1E0,00000000), ref: 0046FD06
                                                    • SHChangeNotify.SHELL32(00000008,00000001,00000000,00000000), ref: 0046FD80
                                                    • SHChangeNotify.SHELL32(00001000,00001001,00000000,00000000), ref: 0046FDA5
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: ChangeNotify$ErrorFullLastNamePath
                                                    • String ID: Creating directory: %s
                                                    • API String ID: 2451617938-483064649
                                                    • Opcode ID: ea98750c62917a0b095afa7e3a142fc5e1a7eb630e2ee66878a1c52750688c13
                                                    • Instruction ID: 2176636529ded56865c731fef9b171ef17a3b5c51acbe279b014175de5f2d579
                                                    • Opcode Fuzzy Hash: ea98750c62917a0b095afa7e3a142fc5e1a7eb630e2ee66878a1c52750688c13
                                                    • Instruction Fuzzy Hash: 98514474E00248ABDB01DFA5D982BDEBBF5AF49304F50857AE841B7382D7785E08CB59
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00454DD4, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 102libraryloaderCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetProcAddress.KERNEL32(00000000,SfcIsFileProtected), ref: 00454E82
                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000FFF,00000000,00454F48), ref: 00454EEC
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: AddressByteCharMultiProcWide
                                                    • String ID: SfcIsFileProtected$sfc.dll
                                                    • API String ID: 2508298434-591603554
                                                    • Opcode ID: f4f56a787e99a845eb3d5b1c2e7df3c43ee97e9317219f384cf6a68eabf0849a
                                                    • Instruction ID: b2847923d767e65e5d440d88bb0f32644e07ad36dde2f92948a3e34ea362eb02
                                                    • Opcode Fuzzy Hash: f4f56a787e99a845eb3d5b1c2e7df3c43ee97e9317219f384cf6a68eabf0849a
                                                    • Instruction Fuzzy Hash: 59419A71A04318ABEB20DF55DC85B9DB7B8AB4430DF5041B7A908A7293D7785F89CA1C
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00404D2A, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 72windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: ExitMessageProcess
                                                    • String ID: Error$Runtime error at 00000000
                                                    • API String ID: 1220098344-2970929446
                                                    • Opcode ID: d2d2115462cf46c609d5747887fa32ed032da6f71deecf4a39b0bc855ac853b0
                                                    • Instruction ID: fb75bd3449ddbba25be9859e6e9cdae11be236df4b8f13ef698ff7f8a35764cd
                                                    • Opcode Fuzzy Hash: d2d2115462cf46c609d5747887fa32ed032da6f71deecf4a39b0bc855ac853b0
                                                    • Instruction Fuzzy Hash: 5E215360B44241CBEB11ABB5ACC17263B9197E5348F048177E740B73E2C67C9D5587AE
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00455A10, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 41registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,00483FBF,?,00000001,?,?,00483FBF,?,00000001,00000000), ref: 0042DE38
                                                    • RegCloseKey.ADVAPI32(?,00455A7B,?,00000001,00000000), ref: 00455A6E
                                                    Strings
                                                    • PendingFileRenameOperations, xrefs: 00455A40
                                                    • SYSTEM\CurrentControlSet\Control\Session Manager, xrefs: 00455A1C
                                                    • PendingFileRenameOperations2, xrefs: 00455A4F
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CloseOpen
                                                    • String ID: PendingFileRenameOperations$PendingFileRenameOperations2$SYSTEM\CurrentControlSet\Control\Session Manager
                                                    • API String ID: 47109696-2115312317
                                                    • Opcode ID: 0895c05d49b7e3939e62ac7a28adf6fe7b3a2f4fac34ac9f1d41a877c72018e9
                                                    • Instruction ID: e9356c19d9a7d2c1b22529064790e486fb2be540b5bf165494b3782c633fa2c0
                                                    • Opcode Fuzzy Hash: 0895c05d49b7e3939e62ac7a28adf6fe7b3a2f4fac34ac9f1d41a877c72018e9
                                                    • Instruction Fuzzy Hash: A3F0F671304A08BFDB04D661DC62A3B739CE744725FB08167F800CB682EA7CBD04915C
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004722A8, Relevance: 6.3, APIs: 4, Instructions: 272fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • FindNextFileA.KERNEL32(000000FF,?,00000000,00472479,?,00000000,?,0049D1E0,00000000,00472669,?,00000000,?,00000000,?,00472835), ref: 00472455
                                                    • FindClose.KERNEL32(000000FF,00472480,00472479,?,00000000,?,0049D1E0,00000000,00472669,?,00000000,?,00000000,?,00472835,?), ref: 00472473
                                                    • FindNextFileA.KERNEL32(000000FF,?,00000000,0047259B,?,00000000,?,0049D1E0,00000000,00472669,?,00000000,?,00000000,?,00472835), ref: 00472577
                                                    • FindClose.KERNEL32(000000FF,004725A2,0047259B,?,00000000,?,0049D1E0,00000000,00472669,?,00000000,?,00000000,?,00472835,?), ref: 00472595
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Find$CloseFileNext
                                                    • String ID:
                                                    • API String ID: 2066263336-0
                                                    • Opcode ID: 90631b43460fd9e42b3e5bfe8f0942dab53e2d25ed7910e39bcab52b00d49cd6
                                                    • Instruction ID: 7d8bdb7c330d0d553e19ff0d3186efde989b23172d2229495bc5b4a4d049c591
                                                    • Opcode Fuzzy Hash: 90631b43460fd9e42b3e5bfe8f0942dab53e2d25ed7910e39bcab52b00d49cd6
                                                    • Instruction Fuzzy Hash: DBC14D3490425DAFCF11DFA5C981ADEBBB9FF48304F5081AAE808B3251D7789A46CF54
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004800D4, Relevance: 6.1, APIs: 4, Instructions: 147fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • FindNextFileA.KERNEL32(000000FF,?,?,?,?,00000000,004802CD,?,00000000,00000000,?,?,00481523,?,?,00000000), ref: 0048017A
                                                    • FindClose.KERNEL32(000000FF,000000FF,?,?,?,?,00000000,004802CD,?,00000000,00000000,?,?,00481523,?,?), ref: 00480187
                                                    • FindNextFileA.KERNEL32(000000FF,?,00000000,004802A0,?,?,?,?,00000000,004802CD,?,00000000,00000000,?,?,00481523), ref: 0048027C
                                                    • FindClose.KERNEL32(000000FF,004802A7,004802A0,?,?,?,?,00000000,004802CD,?,00000000,00000000,?,?,00481523,?), ref: 0048029A
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Find$CloseFileNext
                                                    • String ID:
                                                    • API String ID: 2066263336-0
                                                    • Opcode ID: 28cc533bfc523aa53880702857ecaa3d8467f01eb555c996684499c35ce7e8ee
                                                    • Instruction ID: 5208c2ed5f7d44eac0491ddb6a85d3f93b460d577737497756e59a9d78ea2d88
                                                    • Opcode Fuzzy Hash: 28cc533bfc523aa53880702857ecaa3d8467f01eb555c996684499c35ce7e8ee
                                                    • Instruction Fuzzy Hash: 4E514071A006499FCB60EF65CC45ADEB7B8EF88315F1044AAA818E7341D6789F89CF58
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00421274, Relevance: 6.1, APIs: 4, Instructions: 127windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetMenu.USER32(00000000), ref: 00421361
                                                    • SetMenu.USER32(00000000,00000000), ref: 0042137E
                                                    • SetMenu.USER32(00000000,00000000), ref: 004213B3
                                                    • SetMenu.USER32(00000000,00000000), ref: 004213CF
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Menu
                                                    • String ID:
                                                    • API String ID: 3711407533-0
                                                    • Opcode ID: e97f0d0fd48087c2803a00cef18cd1164762120fd483752062b803fa073f2342
                                                    • Instruction ID: 73bdf447030a427dfdc8c5b0c3a18704960cc3a96cd20152b70bbf588139ae23
                                                    • Opcode Fuzzy Hash: e97f0d0fd48087c2803a00cef18cd1164762120fd483752062b803fa073f2342
                                                    • Instruction Fuzzy Hash: 88418B3070426457EB20EA3AA88579B36965B65318F4841BFFC40DF7A3CABDCD85839C
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00416B42, Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Color$CallMessageProcSendTextWindow
                                                    • String ID:
                                                    • API String ID: 601730667-0
                                                    • Opcode ID: c90e890836a86ece105dc02c557675ff03ac97a83ebd55d4696c50db8a97684c
                                                    • Instruction ID: 4ea48ea5c9b96bae81565ca4ce64eb356f32bd46963e120bc97d04dec40f2685
                                                    • Opcode Fuzzy Hash: c90e890836a86ece105dc02c557675ff03ac97a83ebd55d4696c50db8a97684c
                                                    • Instruction Fuzzy Hash: BC115171705604AFD710EE6ECC84E8777ECEF49310715887EB959CB612C638F8418B69
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00454F7C, Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • WaitForInputIdle.USER32 ref: 00454FA8
                                                    • MsgWaitForMultipleObjects.USER32 ref: 00454FCA
                                                    • GetExitCodeProcess.KERNEL32 ref: 00454FD9
                                                    • CloseHandle.KERNEL32(?,00455006,00454FFF,?,?,?,00000000,?,?,004551DB,?,?,?,00000044,00000000,00000000), ref: 00454FF9
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Wait$CloseCodeExitHandleIdleInputMultipleObjectsProcess
                                                    • String ID:
                                                    • API String ID: 4071923889-0
                                                    • Opcode ID: e6feda7d3358a80d2693463bb1cb51aaf78648cef31b4280cf5022ab190105ae
                                                    • Instruction ID: ea90b2abd28d60bbe0c33bbe6d7a83e36ef454db8471bda6b5c19e9a906557d9
                                                    • Opcode Fuzzy Hash: e6feda7d3358a80d2693463bb1cb51aaf78648cef31b4280cf5022ab190105ae
                                                    • Instruction Fuzzy Hash: B9012D31A006097FEB1097AA8C02F6FBBECDF49764F610127F904D72C2C5788D409A78
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004230C8, Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetDC.USER32(00000000), ref: 0042311E
                                                    • EnumFontsA.GDI32(00000000,00000000,00423068,00410460,00000000,?,?,00000000,?,00418FD3,00000000,?,?,00000001,00000000), ref: 00423131
                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00423139
                                                    • ReleaseDC.USER32 ref: 00423144
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CapsDeviceEnumFontsRelease
                                                    • String ID:
                                                    • API String ID: 2698912916-0
                                                    • Opcode ID: ae3b46bdf4144dece9088701a44aa945a4d7eb571b2044da6dc5baa79edeb2ca
                                                    • Instruction ID: a9d24610abdaa6694e735d00c6d38f20457f2ac5f1468c421a1b182fb2ef8db9
                                                    • Opcode Fuzzy Hash: ae3b46bdf4144dece9088701a44aa945a4d7eb571b2044da6dc5baa79edeb2ca
                                                    • Instruction Fuzzy Hash: 8D01CC716042102AE700BF6A5C82B9B3AA49F01319F40027BF808AA3C6DA7E980547AE
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0047D124, Relevance: 6.0, APIs: 4, Instructions: 35sleepCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: ErrorLast$CountSleepTick
                                                    • String ID:
                                                    • API String ID: 2227064392-0
                                                    • Opcode ID: 5e041b4854f84dd5c8ffe11e4d8ae333ce3d70cb233263dd3e5c8c0398f1b675
                                                    • Instruction ID: 88a935f4bff1a7cda84d50ccab120ccf5a46d2436649f0ddad28cd11edbfaae5
                                                    • Opcode Fuzzy Hash: 5e041b4854f84dd5c8ffe11e4d8ae333ce3d70cb233263dd3e5c8c0398f1b675
                                                    • Instruction Fuzzy Hash: E4E0EDA27A9210458B2135BE1C826AF4A68CFC2334F68553FF0C8E6292C8584C0A863E
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0045C264, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 166COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 0045092C: SetEndOfFile.KERNEL32(?,?,0045C342,00000000,0045C4CD,?,00000000,00000002,00000002), ref: 00450933
                                                    • FlushFileBuffers.KERNEL32(?), ref: 0045C499
                                                    Strings
                                                    • EndOffset range exceeded, xrefs: 0045C3CD
                                                    • NumRecs range exceeded, xrefs: 0045C396
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: File$BuffersFlush
                                                    • String ID: EndOffset range exceeded$NumRecs range exceeded
                                                    • API String ID: 3593489403-659731555
                                                    • Opcode ID: d9f71edfcb99a134730ee5f2c7cfc69fb17e69d0c889910873cc03537d1a85a0
                                                    • Instruction ID: 8eda1547737c5d84e7ccfe7966ff70e1a393b030727219d53a7e6597f82188d8
                                                    • Opcode Fuzzy Hash: d9f71edfcb99a134730ee5f2c7cfc69fb17e69d0c889910873cc03537d1a85a0
                                                    • Instruction Fuzzy Hash: 33617334A002588FDB25DF25C891AD9B7B5AF49305F0084DAED88AB353D674AEC8CF54
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00483968, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetForegroundWindow.USER32(00000000,00483AF2,?,00000000,00483B33,?,?,?,?,00000000,00000000,00000000,?,0046BDF1), ref: 004839A1
                                                    • SetActiveWindow.USER32(?,00000000,00483AF2,?,00000000,00483B33,?,?,?,?,00000000,00000000,00000000,?,0046BDF1), ref: 004839B3
                                                    Strings
                                                    • Will not restart Windows automatically., xrefs: 00483AD2
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Window$ActiveForeground
                                                    • String ID: Will not restart Windows automatically.
                                                    • API String ID: 307657957-4169339592
                                                    • Opcode ID: f2c0c7ae88c9a1c977d1f2e06e6fb28cfa539c0beb9938399133172c65ca23d7
                                                    • Instruction ID: 179e77541fb544bac6a7c6ee7372f3d74283346fcc557f02defac7d99283c3b4
                                                    • Opcode Fuzzy Hash: f2c0c7ae88c9a1c977d1f2e06e6fb28cfa539c0beb9938399133172c65ca23d7
                                                    • Instruction Fuzzy Hash: 1D413530604240AECB11FF65DC02B6D7BE09B65F09F180CB7E880573A2D2BD6A46A71D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004990E8, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 119COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00403344: GetModuleHandleA.KERNEL32(00000000,004990F6), ref: 0040334B
                                                      • Part of subcall function 00403344: GetCommandLineA.KERNEL32(00000000,004990F6), ref: 00403356
                                                      • Part of subcall function 0040631C: GetModuleHandleA.KERNEL32(kernel32.dll,?,00499100), ref: 00406322
                                                      • Part of subcall function 0040631C: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 0040632F
                                                      • Part of subcall function 0040631C: GetProcAddress.KERNEL32(00000000,SetSearchPathMode), ref: 00406345
                                                      • Part of subcall function 0040631C: GetProcAddress.KERNEL32(00000000,SetProcessDEPPolicy), ref: 0040635B
                                                      • Part of subcall function 0040631C: SetProcessDEPPolicy.KERNEL32(00000001,00000000,SetProcessDEPPolicy,00000000,SetSearchPathMode,kernel32.dll,?,00499100), ref: 00406366
                                                      • Part of subcall function 004063C4: 7035DB20.COMCTL32(00499105), ref: 004063C4
                                                      • Part of subcall function 00410764: GetCurrentThreadId.KERNEL32 ref: 004107B2
                                                      • Part of subcall function 00419040: GetVersion.KERNEL32(0049911E), ref: 00419040
                                                      • Part of subcall function 0044F744: GetModuleHandleA.KERNEL32(user32.dll,NotifyWinEvent,00499132), ref: 0044F77F
                                                      • Part of subcall function 0044F744: GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0044F785
                                                      • Part of subcall function 0044FC10: GetVersionExA.KERNEL32(0049C790,00499137), ref: 0044FC1F
                                                      • Part of subcall function 004531F0: GetModuleHandleA.KERNEL32(kernel32.dll,Wow64DisableWow64FsRedirection,00000000,00453289,?,?,?,?,00000000,?,00499146), ref: 00453210
                                                      • Part of subcall function 004531F0: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00453216
                                                      • Part of subcall function 004531F0: GetModuleHandleA.KERNEL32(kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000,00453289,?,?,?,?,00000000,?,00499146), ref: 0045322A
                                                      • Part of subcall function 004531F0: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00453230
                                                      • Part of subcall function 004570B4: GetProcAddress.KERNEL32(00000000,SHCreateItemFromParsingName), ref: 004570D8
                                                      • Part of subcall function 004645F4: LoadLibraryA.KERNEL32(shell32.dll,SHPathPrepareForWriteA,0049915A), ref: 00464603
                                                      • Part of subcall function 004645F4: GetProcAddress.KERNEL32(00000000,shell32.dll), ref: 00464609
                                                      • Part of subcall function 0046CE48: GetProcAddress.KERNEL32(00000000,SHPathPrepareForWriteA), ref: 0046CE5D
                                                      • Part of subcall function 00478FB4: GetModuleHandleA.KERNEL32(kernel32.dll,?,00499164), ref: 00478FBA
                                                      • Part of subcall function 00478FB4: GetProcAddress.KERNEL32(00000000,VerSetConditionMask), ref: 00478FC7
                                                      • Part of subcall function 00478FB4: GetProcAddress.KERNEL32(00000000,VerifyVersionInfoW), ref: 00478FD7
                                                      • Part of subcall function 00484364: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 00484453
                                                      • Part of subcall function 004960F4: RegisterClipboardFormatA.USER32(QueryCancelAutoPlay), ref: 0049610D
                                                    • SetErrorMode.KERNEL32(00000001,00000000,004991AC), ref: 0049917E
                                                      • Part of subcall function 00498EA8: GetModuleHandleA.KERNEL32(user32.dll,DisableProcessWindowsGhosting,00499188,00000001,00000000,004991AC), ref: 00498EB2
                                                      • Part of subcall function 00498EA8: GetProcAddress.KERNEL32(00000000,user32.dll), ref: 00498EB8
                                                      • Part of subcall function 004244D4: SendMessageA.USER32 ref: 004244F3
                                                      • Part of subcall function 004242C4: SetWindowTextA.USER32(?,00000000), ref: 004242DC
                                                    • ShowWindow.USER32(?,00000005,00000000,004991AC), ref: 004991DF
                                                      • Part of subcall function 004829A4: SetActiveWindow.USER32(?), ref: 00482A52
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: AddressProc$HandleModule$Window$Version$7035ActiveClipboardCommandCurrentErrorFormatLibraryLineLoadMessageModePolicyProcessRegisterSendShowTextThread
                                                    • String ID: Setup
                                                    • API String ID: 4039385630-3839654196
                                                    • Opcode ID: c59cda99c7f3b7dd56ce25b8713d597b36d481173d63b5a40afe6873286dddfb
                                                    • Instruction ID: 269abd3331905c75c8a085e9ea64c9f4e062dff64d37a48967bf0643ce2afdb9
                                                    • Opcode Fuzzy Hash: c59cda99c7f3b7dd56ce25b8713d597b36d481173d63b5a40afe6873286dddfb
                                                    • Instruction Fuzzy Hash: 9C31D5312546409FDA01BBBBED53A1D3BA8EB8971CB51447FF80486593DE3D5C508A3E
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00453A24, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateDirectoryA.KERNEL32(00000000,00000000,?,00000000,00453B13,?,?,00000000,0049C628,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00453A6A
                                                    • GetLastError.KERNEL32(00000000,00000000,?,00000000,00453B13,?,?,00000000,0049C628,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00453A73
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CreateDirectoryErrorLast
                                                    • String ID: .tmp
                                                    • API String ID: 1375471231-2986845003
                                                    • Opcode ID: 8326ea691d92b319eae40e0868bf4200299e6435eaf0a251bd2c26a13e9fea0a
                                                    • Instruction ID: 2c169793aa1d4e8b0ae54453200dd0eeecd34c8d921a2c5b894f13e1de3ec917
                                                    • Opcode Fuzzy Hash: 8326ea691d92b319eae40e0868bf4200299e6435eaf0a251bd2c26a13e9fea0a
                                                    • Instruction Fuzzy Hash: BD213575A002089BDB01EFA5C8429DEB7B8EF49305F50457BE801B7343DA3CAF058B69
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00484364, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68libraryloaderCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00483E58: GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00483E69
                                                      • Part of subcall function 00483E58: GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00483E76
                                                      • Part of subcall function 00483E58: GetNativeSystemInfo.KERNELBASE(?,00000000,GetNativeSystemInfo,kernel32.dll), ref: 00483E84
                                                      • Part of subcall function 00483E58: GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00483E8C
                                                      • Part of subcall function 00483E58: GetCurrentProcess.KERNEL32(?,00000000,IsWow64Process), ref: 00483E98
                                                      • Part of subcall function 00483E58: GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryA), ref: 00483EB9
                                                      • Part of subcall function 00483E58: GetModuleHandleA.KERNEL32(advapi32.dll,RegDeleteKeyExA,00000000,GetSystemWow64DirectoryA,?,00000000,IsWow64Process), ref: 00483ECC
                                                      • Part of subcall function 00483E58: GetProcAddress.KERNEL32(00000000,advapi32.dll), ref: 00483ED2
                                                      • Part of subcall function 00484184: GetVersionExA.KERNEL32(?,00484396,00000000,0048446B,?,?,?,?,?,00499169), ref: 00484192
                                                      • Part of subcall function 00484184: GetVersionExA.KERNEL32(0000009C,?,00484396,00000000,0048446B,?,?,?,?,?,00499169), ref: 004841E4
                                                      • Part of subcall function 0042E394: SetErrorMode.KERNEL32(00008000), ref: 0042E39E
                                                      • Part of subcall function 0042E394: LoadLibraryA.KERNEL32(00000000,00000000,0042E3E8,?,00000000,0042E406,?,00008000), ref: 0042E3CD
                                                    • GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 00484453
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: AddressProc$HandleModuleVersion$CurrentErrorInfoLibraryLoadModeNativeProcessSystem
                                                    • String ID: SHGetKnownFolderPath$shell32.dll
                                                    • API String ID: 3869789854-2936008475
                                                    • Opcode ID: 6e632a5fc1652dc2cb73537de3c19423d59f8d29a9b232880bcd190a523d1805
                                                    • Instruction ID: 2b158ccf600997a1d48e7bca93d97b59053c96c6275c7fefbd1af4682491a366
                                                    • Opcode Fuzzy Hash: 6e632a5fc1652dc2cb73537de3c19423d59f8d29a9b232880bcd190a523d1805
                                                    • Instruction Fuzzy Hash: CE21FEB0A103116EC700BFBE5D5620A3BA5EBA471C381493BF804EB3D1D77E64159B6E
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00452908, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • DeleteFileA.KERNEL32(00000000,00000000,00452965,?,-00000001,?), ref: 0045293F
                                                    • GetLastError.KERNEL32(00000000,00000000,00452965,?,-00000001,?), ref: 00452947
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: DeleteErrorFileLast
                                                    • String ID: 0(H
                                                    • API String ID: 2018770650-4268776330
                                                    • Opcode ID: fbcc140a81a3acb9c96393828f2cc587f034b3ec3a8bc9b7824854e1d547cdb8
                                                    • Instruction ID: a1d21d86fbcf93c7076efe682877c1f84c37cf58088428800e153654eea74c02
                                                    • Opcode Fuzzy Hash: fbcc140a81a3acb9c96393828f2cc587f034b3ec3a8bc9b7824854e1d547cdb8
                                                    • Instruction Fuzzy Hash: 05F0C2B2B04608ABDB01EFB59D414AEB7E8EB4E315B6045B7FC04E3742E6B85E148598
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00452E10, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RemoveDirectoryA.KERNEL32(00000000,00000000,00452E6D,?,-00000001,00000000), ref: 00452E47
                                                    • GetLastError.KERNEL32(00000000,00000000,00452E6D,?,-00000001,00000000), ref: 00452E4F
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: DirectoryErrorLastRemove
                                                    • String ID: 0(H
                                                    • API String ID: 377330604-4268776330
                                                    • Opcode ID: 8769a646033274a50feaa89106c60670f2dbad91017c501587ea10a2b48d2d14
                                                    • Instruction ID: a8b2bafe79397aca91686f8656b478e2385adfe3b855dfce5f6cc0b9ba314abc
                                                    • Opcode Fuzzy Hash: 8769a646033274a50feaa89106c60670f2dbad91017c501587ea10a2b48d2d14
                                                    • Instruction Fuzzy Hash: 70F0FC71A04708AFCF01EF759D4249EB7E8DB4E31575049B7FC14E3642E7785E048598
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0047C9B4, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RegCloseKey.ADVAPI32(?,?,00000001,00000000,?,?,?,0047CD08,00000000,0047CD1E), ref: 0047CA16
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Close
                                                    • String ID: RegisteredOrganization$RegisteredOwner
                                                    • API String ID: 3535843008-1113070880
                                                    • Opcode ID: 33038bb034d0984985c816098cb44169ecc5dcb76246990e0ff32b8c974480d2
                                                    • Instruction ID: 70857084149a5beb2a7d1338117c8c2bf8ba385f4f19f0c503d2a96cb260f129
                                                    • Opcode Fuzzy Hash: 33038bb034d0984985c816098cb44169ecc5dcb76246990e0ff32b8c974480d2
                                                    • Instruction Fuzzy Hash: FBF0B4B1B00208AFD740D678EDC2B9B7369D740304F60807FE5059B341D67CAE01975C
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004755E0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000001,00000080,00000000,00000000,?,00475817), ref: 00475605
                                                    • CloseHandle.KERNEL32(00000000,00000000,C0000000,00000000,00000000,00000001,00000080,00000000,00000000,?,00475817), ref: 0047561C
                                                      • Part of subcall function 0045349C: GetLastError.KERNEL32(00000000,00454031,00000005,00000000,00454066,?,?,00000000,0049C628,00000004,00000000,00000000,00000000,?,004988E5,00000000), ref: 0045349F
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CloseCreateErrorFileHandleLast
                                                    • String ID: CreateFile
                                                    • API String ID: 2528220319-823142352
                                                    • Opcode ID: 8c7955b74f907502151e7606906df582427e1046de69f3d68eddfbc4164f6004
                                                    • Instruction ID: a80e148c354c4078e0aab9d7e8afc8ab7fd6315c0d5d69ed643d7865c3d880f6
                                                    • Opcode Fuzzy Hash: 8c7955b74f907502151e7606906df582427e1046de69f3d68eddfbc4164f6004
                                                    • Instruction Fuzzy Hash: 50E06D302417047BEA10FA69CCC6F4A77989B04728F10C152FA48AF3E2C5B9EC408618
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004062E8, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CreateWindow
                                                    • String ID: TApplication$|6B
                                                    • API String ID: 716092398-782301481
                                                    • Opcode ID: ff94722aa4050723ad3f6c96c0112c9f8192a5aa4540eb1f1ae13447e7542d04
                                                    • Instruction ID: 53e57476791a39574122dfc8a3f58f2f78c4a621b5a82e38d1c80b15216a1e52
                                                    • Opcode Fuzzy Hash: ff94722aa4050723ad3f6c96c0112c9f8192a5aa4540eb1f1ae13447e7542d04
                                                    • Instruction Fuzzy Hash: EEE0FEB2214209BBDB00DE8ADCC1DABB7ACFB4C654F808105BB1C972428275AC608B71
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004570B4, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 11libraryloaderCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00457044: CoInitialize.OLE32(00000000), ref: 0045704A
                                                      • Part of subcall function 0042E394: SetErrorMode.KERNEL32(00008000), ref: 0042E39E
                                                      • Part of subcall function 0042E394: LoadLibraryA.KERNEL32(00000000,00000000,0042E3E8,?,00000000,0042E406,?,00008000), ref: 0042E3CD
                                                    • GetProcAddress.KERNEL32(00000000,SHCreateItemFromParsingName), ref: 004570D8
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: AddressErrorInitializeLibraryLoadModeProc
                                                    • String ID: SHCreateItemFromParsingName$shell32.dll
                                                    • API String ID: 2906209438-2320870614
                                                    • Opcode ID: dc66c58bdd2784791d6d63ed99ce16bff03f35d2417aa22f22154252a14bddde
                                                    • Instruction ID: b955550d369f4af000036abf7723848837eaccdf6feff582815f7c0fd81aadc9
                                                    • Opcode Fuzzy Hash: dc66c58bdd2784791d6d63ed99ce16bff03f35d2417aa22f22154252a14bddde
                                                    • Instruction Fuzzy Hash: 02C08CA0B4861052CB40B3BA640320E1841AB8071FB10C07B7A04A66C7CE3C88088B6E
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0046CE48, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 8libraryloaderCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 0042E394: SetErrorMode.KERNEL32(00008000), ref: 0042E39E
                                                      • Part of subcall function 0042E394: LoadLibraryA.KERNEL32(00000000,00000000,0042E3E8,?,00000000,0042E406,?,00008000), ref: 0042E3CD
                                                    • GetProcAddress.KERNEL32(00000000,SHPathPrepareForWriteA), ref: 0046CE5D
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: AddressErrorLibraryLoadModeProc
                                                    • String ID: SHPathPrepareForWriteA$shell32.dll
                                                    • API String ID: 2492108670-2683653824
                                                    • Opcode ID: e405cdeb591fb651f38ec7bd58ada79ee2f0f05c5c029f4c4b8f158261703452
                                                    • Instruction ID: a9843c9daa69a260ebfe6647d266bdab58c4a766ac2a56c9c88a30f8c22b1be1
                                                    • Opcode Fuzzy Hash: e405cdeb591fb651f38ec7bd58ada79ee2f0f05c5c029f4c4b8f158261703452
                                                    • Instruction Fuzzy Hash: BFB092A1B0570046CB5077B6989262A28259B81B19F60843B7488AB695EB3E88058B5F
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00482058, Relevance: 4.6, APIs: 3, Instructions: 98windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetSystemMenu.USER32(00000000,00000000,00000000,00482190), ref: 00482128
                                                    • AppendMenuA.USER32 ref: 00482139
                                                    • AppendMenuA.USER32 ref: 00482151
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Menu$Append$System
                                                    • String ID:
                                                    • API String ID: 1489644407-0
                                                    • Opcode ID: b385d2c2fee1308f5711df35bc4334c2fbda66480b25a04308bee292125f65d0
                                                    • Instruction ID: 3870c0d8195f6f7ddbf9cfc00c40ab75f467e446c70bd50681a2ce88f54bc534
                                                    • Opcode Fuzzy Hash: b385d2c2fee1308f5711df35bc4334c2fbda66480b25a04308bee292125f65d0
                                                    • Instruction Fuzzy Hash: D831A1707043446AD721FB368D86B9E3AA49B16318F54543FF9009B3E3CABC9D0987AD
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0044B38C, Relevance: 4.6, APIs: 3, Instructions: 74COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: ObjectReleaseSelect
                                                    • String ID:
                                                    • API String ID: 1831053106-0
                                                    • Opcode ID: 66f610a2f1dd75c524d6f684b296bfc340aa9b76b7ea9dc8bcd6144b5817c44b
                                                    • Instruction ID: 242bcfed98594cbdcf51f2854abe94a1ec69c13560e3a72339b9f4254961cc58
                                                    • Opcode Fuzzy Hash: 66f610a2f1dd75c524d6f684b296bfc340aa9b76b7ea9dc8bcd6144b5817c44b
                                                    • Instruction Fuzzy Hash: 62216570A04248AFEB15DFA6C841B9F7BB9DB49304F11806AF904A7682D778D940CB59
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0044B0C0, Relevance: 4.6, APIs: 3, Instructions: 72COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,0044B14C,?,004829BF,?,?), ref: 0044B11E
                                                    • DrawTextW.USER32(?,?,00000000,?,?), ref: 0044B131
                                                    • DrawTextA.USER32(?,00000000,00000000,?,?), ref: 0044B165
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: DrawText$ByteCharMultiWide
                                                    • String ID:
                                                    • API String ID: 65125430-0
                                                    • Opcode ID: 8563819130f5cea45a586b3b419c35d5147b321fdd9d10c596e2d3e9505563a3
                                                    • Instruction ID: a4608c71d04b28885266ea781e5967b5ad27746b42a56a1f72551bbb702c58a2
                                                    • Opcode Fuzzy Hash: 8563819130f5cea45a586b3b419c35d5147b321fdd9d10c596e2d3e9505563a3
                                                    • Instruction Fuzzy Hash: 3D11B9B27046047FEB00DA6A9C91D6F77ECDB49750F10817BF504D7290D6389E018669
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004243FC, Relevance: 4.6, APIs: 3, Instructions: 59windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00424412
                                                    • TranslateMessage.USER32(?), ref: 0042448F
                                                    • DispatchMessageA.USER32 ref: 00424499
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Message$DispatchPeekTranslate
                                                    • String ID:
                                                    • API String ID: 4217535847-0
                                                    • Opcode ID: d4f7142ddfb2041a0388c754ad29f8297397d1c5d5a6fc901d04af05902ad934
                                                    • Instruction ID: 8eae6dca0d2455523dd27ca57e4683f6da326f6f2f90499d04ddbfd693f83f9d
                                                    • Opcode Fuzzy Hash: d4f7142ddfb2041a0388c754ad29f8297397d1c5d5a6fc901d04af05902ad934
                                                    • Instruction Fuzzy Hash: E3116D303043205AEB20FA24A941B9F73D4DFC5758F80481EFC99972C2D77D9D49879A
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00416644, Relevance: 4.5, APIs: 3, Instructions: 39COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetPropA.USER32(00000000,00000000), ref: 0041666A
                                                    • SetPropA.USER32(00000000,00000000), ref: 0041667F
                                                    • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,00000000,00000000,?,00000000,00000000), ref: 004166A6
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Prop$Window
                                                    • String ID:
                                                    • API String ID: 3363284559-0
                                                    • Opcode ID: 2d73b2248289de54f738391a3d398201797fdebe71aa41298530983bb3220f01
                                                    • Instruction ID: a636ca464bd0df0fc67768fb893299e601c729d66e76b164383dc375a9dbcd08
                                                    • Opcode Fuzzy Hash: 2d73b2248289de54f738391a3d398201797fdebe71aa41298530983bb3220f01
                                                    • Instruction Fuzzy Hash: E5F01271741220ABDB10AB598C85FA732DCAB09714F16057AB905EF286C678DC40C7A8
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0041EE54, Relevance: 4.5, APIs: 3, Instructions: 27windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • IsWindowVisible.USER32(?), ref: 0041EE64
                                                    • IsWindowEnabled.USER32(?), ref: 0041EE6E
                                                    • EnableWindow.USER32(?,00000000), ref: 0041EE94
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Window$EnableEnabledVisible
                                                    • String ID:
                                                    • API String ID: 3234591441-0
                                                    • Opcode ID: 908e1640c45beef437f125b63470cd7f97cb81b788dbbb5d15c196427eefded0
                                                    • Instruction ID: 8b334d5574dba77d14df167aff8fbd97924ad8003ce697a24827bf0bfa1ada00
                                                    • Opcode Fuzzy Hash: 908e1640c45beef437f125b63470cd7f97cb81b788dbbb5d15c196427eefded0
                                                    • Instruction Fuzzy Hash: 69E0EDB4200305AAE310AB2BDC81B5B7B9CAB14354F558437A9099B292D67ED8508ABD
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004837F8, Relevance: 4.5, APIs: 3, Instructions: 25threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetForegroundWindow.USER32(00000000,00000000,?,?,0048385D,?,00483942,?,?,00000000), ref: 004837FE
                                                    • GetWindowThreadProcessId.USER32(00000000,?), ref: 00483810
                                                    • GetCurrentProcessId.KERNEL32(00000000,?,00000000,00000000,?,?,0048385D,?,00483942,?,?,00000000), ref: 00483819
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: ProcessWindow$CurrentForegroundThread
                                                    • String ID:
                                                    • API String ID: 3477312055-0
                                                    • Opcode ID: d2635c8f6e4c954f43635f7c951b614f71adc5b1264abc7e4a6b913000aafc16
                                                    • Instruction ID: 5d11f781899e090513e627e213ec8bac45031b0538b13b2ac18f996cd3591ce0
                                                    • Opcode Fuzzy Hash: d2635c8f6e4c954f43635f7c951b614f71adc5b1264abc7e4a6b913000aafc16
                                                    • Instruction Fuzzy Hash: B7D01233505A2A6EA610FAE55D818AFB3DCD900758754017BF904A3241D7299E0446FD
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00406288, Relevance: 4.5, APIs: 3, Instructions: 7COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Global$FreeHandleWire
                                                    • String ID:
                                                    • API String ID: 318822183-0
                                                    • Opcode ID: 6fb441d58b367f32f482df158d6c8a90520777f868e58a6b13673b60c2f5b21c
                                                    • Instruction ID: 0bd3332245bc481727117fba3a6c85ee4c387b864c86d5f24a339be909c9c9d3
                                                    • Opcode Fuzzy Hash: 6fb441d58b367f32f482df158d6c8a90520777f868e58a6b13673b60c2f5b21c
                                                    • Instruction Fuzzy Hash: 4FA001C4800A01A9DC0432B2080B93B200CD84122C390096B3408BA182887C88401A3D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00469F38, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 232COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetActiveWindow.USER32(?), ref: 0046A049
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: ActiveWindow
                                                    • String ID: PrepareToInstall
                                                    • API String ID: 2558294473-1101760603
                                                    • Opcode ID: cb1d2e01ee30e0d9d9d5957d957870874cdb05eaea7a7978ad1feaf5c5457947
                                                    • Instruction ID: c6fcc4da8437ad9deaf3f31bc7b9c1787f312b88a14d5d76669f4651e657ab28
                                                    • Opcode Fuzzy Hash: cb1d2e01ee30e0d9d9d5957d957870874cdb05eaea7a7978ad1feaf5c5457947
                                                    • Instruction Fuzzy Hash: 09A10A34A00105DFD700EF69D986E9EB7F5AF48304F5580B6E404AB362D738AE45DF9A
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0046C514, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 209COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: /:*?"<>|
                                                    • API String ID: 0-4078764451
                                                    • Opcode ID: c96106cfc0cd8103ff6a75e3e8764dc67b611ee9d870184ba0226f85e47180cd
                                                    • Instruction ID: 190302c3af8078684b82dcd48a6d7ef8ab8ee803c0fd766cdc88f4833f534e2d
                                                    • Opcode Fuzzy Hash: c96106cfc0cd8103ff6a75e3e8764dc67b611ee9d870184ba0226f85e47180cd
                                                    • Instruction Fuzzy Hash: D371A670A402056BDB20E766CCD2BEEB7A19F41708F108077F544AB392E779AD458B5E
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004829A4, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 58COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetActiveWindow.USER32(?), ref: 00482A52
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: ActiveWindow
                                                    • String ID: InitializeWizard
                                                    • API String ID: 2558294473-2356795471
                                                    • Opcode ID: 2e9b410ef9385fd40d76c35b0c2cb8d80ae288a68d8002f68427ff38a807edd9
                                                    • Instruction ID: 444aaa6351c1f2e32dff9f8196bc33658d97b33103b2121e2e05cca258361f5a
                                                    • Opcode Fuzzy Hash: 2e9b410ef9385fd40d76c35b0c2cb8d80ae288a68d8002f68427ff38a807edd9
                                                    • Instruction Fuzzy Hash: 8D119131604600AFD314FB29FD86B197BE4EB18728F60047BF404D72A1DA79AC46CB1E
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0047D178, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 51COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    • Failed to remove temporary directory: , xrefs: 0047D1DB
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CountTick
                                                    • String ID: Failed to remove temporary directory:
                                                    • API String ID: 536389180-3544197614
                                                    • Opcode ID: dd9a5857a99a118a51438a50b17ffe6a365ad9b023db0066fafebb99be548814
                                                    • Instruction ID: 4731e8837947617e959e06c9afdf3f02271a57ed853b0b6efef870f50a9632f3
                                                    • Opcode Fuzzy Hash: dd9a5857a99a118a51438a50b17ffe6a365ad9b023db0066fafebb99be548814
                                                    • Instruction Fuzzy Hash: 3F019630A502047ADB11EB72DC07B9A77A8DF45708F61C877B804A61A2D67DA905C91C
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0047C8D0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,00483FBF,?,00000001,?,?,00483FBF,?,00000001,00000000), ref: 0042DE38
                                                    • RegCloseKey.ADVAPI32(?,?,00000001,00000000,?,?,?,?,?,0047CB1C,00000000,0047CD1E), ref: 0047C915
                                                    Strings
                                                    • Software\Microsoft\Windows\CurrentVersion, xrefs: 0047C8E5
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CloseOpen
                                                    • String ID: Software\Microsoft\Windows\CurrentVersion
                                                    • API String ID: 47109696-1019749484
                                                    • Opcode ID: e9787bef6ac19e4bfb9f572c5fd9890d4545c898d878564b3c33c032b2a88c1f
                                                    • Instruction ID: 9d58ec73c0f425f388190a16e5dd3d85ae7c647c6e00b65b3c59fd1b9070581d
                                                    • Opcode Fuzzy Hash: e9787bef6ac19e4bfb9f572c5fd9890d4545c898d878564b3c33c032b2a88c1f
                                                    • Instruction Fuzzy Hash: 13F0A7B170411467EB00A65E6D82BAFA6DDDB84758F20403FF648DB342D9BDDE0243AC
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0046EF94, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RegSetValueExA.ADVAPI32(?,Inno Setup: Setup Version,00000000,00000001,00000000,00000001,004765A2,?,0049D1E0,?,0046F2AB,?,00000000,0046F846,?,_is1), ref: 0046EFB7
                                                    Strings
                                                    • Inno Setup: Setup Version, xrefs: 0046EFB5
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Value
                                                    • String ID: Inno Setup: Setup Version
                                                    • API String ID: 3702945584-4166306022
                                                    • Opcode ID: 01fe3b2d5d6cbd09ffaaa45717ddb91502938b8e731c7b2786fa022487e36440
                                                    • Instruction ID: c391946ca8a1dfb9bd2a8f8d535a4e5f0653d7f158c17c03f22a663429f2d6a6
                                                    • Opcode Fuzzy Hash: 01fe3b2d5d6cbd09ffaaa45717ddb91502938b8e731c7b2786fa022487e36440
                                                    • Instruction Fuzzy Hash: 27E06D753012043FD710AA2B9C85F6BBADCDF98365F10403AB908DB392D578DD0182A9
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0046F004, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RegSetValueExA.ADVAPI32(?,NoModify,00000000,00000004,00000000,00000004,00000001,?,0046F682,?,?,00000000,0046F846,?,_is1,?), ref: 0046F017
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Value
                                                    • String ID: NoModify
                                                    • API String ID: 3702945584-1699962838
                                                    • Opcode ID: 888046907a30d434677c86598fbe01595b923495ae31536c65224a9459d5b981
                                                    • Instruction ID: 36b047244b8a46f46e2a66ab8a4e2d38b38e826dd2d039d91b27308d321ef38c
                                                    • Opcode Fuzzy Hash: 888046907a30d434677c86598fbe01595b923495ae31536c65224a9459d5b981
                                                    • Instruction Fuzzy Hash: 65E0DFB4200308BFEB04DB51CC0AF2B73ECDB08310F104019BA049B280E670EE00C668
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0042DE1C, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 18registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,00483FBF,?,00000001,?,?,00483FBF,?,00000001,00000000), ref: 0042DE38
                                                    Strings
                                                    • System\CurrentControlSet\Control\Windows, xrefs: 0042DE36
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Open
                                                    • String ID: System\CurrentControlSet\Control\Windows
                                                    • API String ID: 71445658-1109719901
                                                    • Opcode ID: a11f376e1d034aeb0d9ae53f60934921bcd728bb93d306f1768079d63b1ffdfe
                                                    • Instruction ID: 60e43675bb36a9eef4a15598a1848ca3f705ecc445ee8c9fe52fc6b05f1352bb
                                                    • Opcode Fuzzy Hash: a11f376e1d034aeb0d9ae53f60934921bcd728bb93d306f1768079d63b1ffdfe
                                                    • Instruction Fuzzy Hash: 29D09E72950128BB9B009A89DC41DFB775DDB15760F45441BF9049B141C5B4AC5197E4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00454100, Relevance: 3.2, APIs: 2, Instructions: 200fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • FindNextFileA.KERNEL32(000000FF,?,00000000,00454346,?,00000000,004543BA,?,?,-00000001,00000000,?,0047D1D7,00000000,0047D124,00000000), ref: 00454322
                                                    • FindClose.KERNEL32(000000FF,0045434D,00454346,?,00000000,004543BA,?,?,-00000001,00000000,?,0047D1D7,00000000,0047D124,00000000,00000000), ref: 00454340
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Find$CloseFileNext
                                                    • String ID:
                                                    • API String ID: 2066263336-0
                                                    • Opcode ID: 78a8d21852d6a6d53d44ad24deb5fa0d65bcba5712b9f7555fa4721f2ed191da
                                                    • Instruction ID: 54d7d993b90550b5414970fc4389b15b7902a372ed294bc13edf2f45dfba5a61
                                                    • Opcode Fuzzy Hash: 78a8d21852d6a6d53d44ad24deb5fa0d65bcba5712b9f7555fa4721f2ed191da
                                                    • Instruction Fuzzy Hash: BE817430A0424D9FCF11DFA5C8457EFBB74AF49309F1440A6EC546B3A2D3399A8ACB58
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0047E850, Relevance: 3.2, APIs: 2, Instructions: 160windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetACP.KERNEL32(?,?,00000001,00000000,0047EB2F,?,-0000001A,004809E5,-00000010,?,00000004,0000001B,00000000,00480D32,?,0045DB68), ref: 0047E8C6
                                                      • Part of subcall function 0042E31C: GetDC.USER32(00000000), ref: 0042E32B
                                                      • Part of subcall function 0042E31C: EnumFontsA.GDI32(?,00000000,0042E308,00000000,00000000,0042E374,?,00000000,00000000,00480D99,?,?,00000001,00000000,00000002,00000000), ref: 0042E356
                                                      • Part of subcall function 0042E31C: ReleaseDC.USER32 ref: 0042E36E
                                                    • SendNotifyMessageA.USER32(00110082,00000496,00002711,-00000001), ref: 0047EA96
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: EnumFontsMessageNotifyReleaseSend
                                                    • String ID:
                                                    • API String ID: 2649214853-0
                                                    • Opcode ID: 294179d95b55cc06d1b7139614fb9670c0477800ae487fd9c719b3ed4dbbba23
                                                    • Instruction ID: 875d0545c0fbee78004b1ef47b0e79431a7a3ba41dae77712d889a667401c5f0
                                                    • Opcode Fuzzy Hash: 294179d95b55cc06d1b7139614fb9670c0477800ae487fd9c719b3ed4dbbba23
                                                    • Instruction Fuzzy Hash: FF5176756001008BD710FF26D88169A7BA9BB99309B50C67BA8485F356C73CDD46C79D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0042DC00, Relevance: 3.1, APIs: 2, Instructions: 113registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RegQueryValueExA.ADVAPI32(?,?,00000000,?,00000000,?,00000000,0042DD38), ref: 0042DC3C
                                                    • RegQueryValueExA.ADVAPI32(?,?,00000000,?,00000000,70000000,?,?,00000000,?,00000000,?,00000000,0042DD38), ref: 0042DCAC
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: QueryValue
                                                    • String ID:
                                                    • API String ID: 3660427363-0
                                                    • Opcode ID: b62dc44b296d1c54c0416b8d239270b5fe200a79a82432283709fd1da487490f
                                                    • Instruction ID: 5bd1c55a509b6dee259ffcee94d68868fe84ce326e73fb4cf6662c4527ef549e
                                                    • Opcode Fuzzy Hash: b62dc44b296d1c54c0416b8d239270b5fe200a79a82432283709fd1da487490f
                                                    • Instruction Fuzzy Hash: 9D414171E00529ABDB11DF95D881BAFB7B8EB04704F918466E810F7241D778AE00CBA5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0042DEC0, Relevance: 3.1, APIs: 2, Instructions: 111registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RegEnumKeyExA.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,0042DFD6,?,?,00000008,00000000,00000000,0042E003), ref: 0042DF6C
                                                    • RegCloseKey.ADVAPI32(?,0042DFDD,?,00000000,00000000,00000000,00000000,00000000,0042DFD6,?,?,00000008,00000000,00000000,0042E003), ref: 0042DFD0
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CloseEnum
                                                    • String ID:
                                                    • API String ID: 2818636725-0
                                                    • Opcode ID: fcca4ea9b8b2b8ec9d436ce0368beb54095d9e53c5dd498a7b406997cc9304dd
                                                    • Instruction ID: 5fc6f256b2d9dc567edc518b3c74b45b45629f96c5c1cd0dd022a126bea0e7a6
                                                    • Opcode Fuzzy Hash: fcca4ea9b8b2b8ec9d436ce0368beb54095d9e53c5dd498a7b406997cc9304dd
                                                    • Instruction Fuzzy Hash: 5C31B270F04248AEDB11DFA2DD42BAEBBB9EB49304F91407BE501E6280D6785E01CA2D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004527E8, Relevance: 3.1, APIs: 2, Instructions: 60processCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateProcessA.KERNEL32 ref: 0045283C
                                                    • GetLastError.KERNEL32(00000000,00000000,?,?,00458278,00000000,00458260,?,?,?,00000000,00452862,?,?,?,00000001), ref: 00452844
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CreateErrorLastProcess
                                                    • String ID:
                                                    • API String ID: 2919029540-0
                                                    • Opcode ID: c95f5f81879e10580f0beb684fbefc560c00cfbc54ddd80bc382dcc14dc7984f
                                                    • Instruction ID: fcc055d8c1a696a2a0db1e32a085008d871673fec5534948229a16d4440eefa6
                                                    • Opcode Fuzzy Hash: c95f5f81879e10580f0beb684fbefc560c00cfbc54ddd80bc382dcc14dc7984f
                                                    • Instruction Fuzzy Hash: A2113C72600208AF8B40DEA9DD41D9F77ECEB4E310B114567FD18D3241D678EE148B68
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0040ADD8, Relevance: 3.1, APIs: 2, Instructions: 51COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • FindResourceA.KERNEL32(00400000,00000000,0000000A), ref: 0040ADF2
                                                    • FreeResource.KERNEL32(00000000,00400000,00000000,0000000A,F0E80040,00000000,?,?,0040AF4F,00000000,0040AF67,?,?,?,00000000), ref: 0040AE03
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Resource$FindFree
                                                    • String ID:
                                                    • API String ID: 4097029671-0
                                                    • Opcode ID: 7f31278ca4c5d7d7b5d6fcd26b8592968b513740c9d4a51f423ebde129d573c2
                                                    • Instruction ID: 1462426bf02b0a84ee0805d627a90520e1dc0c26d68b1654c1ee9aa64efe8ccd
                                                    • Opcode Fuzzy Hash: 7f31278ca4c5d7d7b5d6fcd26b8592968b513740c9d4a51f423ebde129d573c2
                                                    • Instruction Fuzzy Hash: 0D01F271300700AFD700FFA9EC92E1A77EDDB8AB14710807AF500AB2D1DA39AC10966A
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0041EEA4, Relevance: 3.0, APIs: 2, Instructions: 49threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetCurrentThreadId.KERNEL32 ref: 0041EEF3
                                                    • EnumThreadWindows.USER32(00000000,0041EE54,00000000), ref: 0041EEF9
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Thread$CurrentEnumWindows
                                                    • String ID:
                                                    • API String ID: 2396873506-0
                                                    • Opcode ID: c02483761d9af733a7f6458d3fbff844fc4edf6f8a52523c61ee62f03e069ec2
                                                    • Instruction ID: 4de41dbf7b75fb218e259e9c61c6b0a53bf629257b57e72df0ec23b2eb6fcd43
                                                    • Opcode Fuzzy Hash: c02483761d9af733a7f6458d3fbff844fc4edf6f8a52523c61ee62f03e069ec2
                                                    • Instruction Fuzzy Hash: E2016D74B04704BFD705CF6AEC1195ABBE8E749720B22C877EC04D3690E7385820DE9A
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00452C80, Relevance: 3.0, APIs: 2, Instructions: 48fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • MoveFileA.KERNEL32 ref: 00452CC2
                                                    • GetLastError.KERNEL32(00000000,00000000,00000000,00452CE8), ref: 00452CCA
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: ErrorFileLastMove
                                                    • String ID:
                                                    • API String ID: 55378915-0
                                                    • Opcode ID: bd02338dff925e1bcf0a80027825a402961c9c10eaaecac7b210e684feb30c76
                                                    • Instruction ID: 1f9035ddd188b097fe3d15476f32cd7793c58c8f4df07880d9fc6ba60e4ff235
                                                    • Opcode Fuzzy Hash: bd02338dff925e1bcf0a80027825a402961c9c10eaaecac7b210e684feb30c76
                                                    • Instruction Fuzzy Hash: 9401D671A04208AB8712EB799D4149EB7ECEB8A32575045BBFC04E3243EA785E048558
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00452770, Relevance: 3.0, APIs: 2, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateDirectoryA.KERNEL32(00000000,00000000,00000000,004527CF), ref: 004527A9
                                                    • GetLastError.KERNEL32(00000000,00000000,00000000,004527CF), ref: 004527B1
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CreateDirectoryErrorLast
                                                    • String ID:
                                                    • API String ID: 1375471231-0
                                                    • Opcode ID: 903dc6f46ae0353656b5ef1fe2250cc8cd8775a19ac3db80fd29e7e5856ea863
                                                    • Instruction ID: e3b373b60118a844676bb749001e6832c3b26a50706decb61b3ae2e0e224b701
                                                    • Opcode Fuzzy Hash: 903dc6f46ae0353656b5ef1fe2250cc8cd8775a19ac3db80fd29e7e5856ea863
                                                    • Instruction Fuzzy Hash: 40F02871A00308BBCB01EF759D4259EB7E8EB4E311B2045B7FC04E3642E6B94E04859C
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0042323C, Relevance: 3.0, APIs: 2, Instructions: 35COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CursorLoad
                                                    • String ID:
                                                    • API String ID: 3238433803-0
                                                    • Opcode ID: f50906273b4dd4b76e2408c8e955edc8cf5c14898db3d3c1ed1d0f377b452c19
                                                    • Instruction ID: 7cd693af4f5fe314f4f144fbb382ce8dd64a96311c29a7cef9afb5b40cbca783
                                                    • Opcode Fuzzy Hash: f50906273b4dd4b76e2408c8e955edc8cf5c14898db3d3c1ed1d0f377b452c19
                                                    • Instruction Fuzzy Hash: 5FF0A711B04254AADA109A7E6CC0D6A72A8DF82735B61037BFA3EC72D1C62E1D414679
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0042E394, Relevance: 3.0, APIs: 2, Instructions: 33libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetErrorMode.KERNEL32(00008000), ref: 0042E39E
                                                    • LoadLibraryA.KERNEL32(00000000,00000000,0042E3E8,?,00000000,0042E406,?,00008000), ref: 0042E3CD
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: ErrorLibraryLoadMode
                                                    • String ID:
                                                    • API String ID: 2987862817-0
                                                    • Opcode ID: 4bb5710dc3172506f3a82e57bec548632d1945d06b3d92e94bd16d63dfaa8550
                                                    • Instruction ID: 14c2566281f292fbf4bc3f3871eddb8f7eb4f11f4d1149329263d7d1c8790498
                                                    • Opcode Fuzzy Hash: 4bb5710dc3172506f3a82e57bec548632d1945d06b3d92e94bd16d63dfaa8550
                                                    • Instruction Fuzzy Hash: 02F08970B147447FDB119F779CA241BBBECDB49B1175249B6F800A3591E53C4910C928
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0046E13C, Relevance: 3.0, APIs: 2, Instructions: 28COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetVersion.KERNEL32(?,0046E1D2), ref: 0046E146
                                                    • 753BB690.OLE32(0049AB98,00000000,00000001,0049ABA8,?,?,0046E1D2), ref: 0046E162
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: B690Version
                                                    • String ID:
                                                    • API String ID: 1792865128-0
                                                    • Opcode ID: c2e108f7b56692ac873cba0790bc3952f2a2098fcf35aa231a08526eaacaf708
                                                    • Instruction ID: 95f25ee8db0030cadbc810d8c495b3ab00f398313f00538af4315926b72c1bbf
                                                    • Opcode Fuzzy Hash: c2e108f7b56692ac873cba0790bc3952f2a2098fcf35aa231a08526eaacaf708
                                                    • Instruction Fuzzy Hash: BAF0A034642200AEEB20E76ACC46B8B37C46B22318F14007BF144C7291E2BC9492869F
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004162CA, Relevance: 3.0, APIs: 2, Instructions: 27COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: ClassInfo
                                                    • String ID:
                                                    • API String ID: 3534257612-0
                                                    • Opcode ID: 6849bed97a32585e87fc3f826e42921bfb51cc659e746c674283f8c4bd8e7ac3
                                                    • Instruction ID: 7e8b33c8db4972c58dc7511b874cbae3feeb172e243bc4abaf2ee855a43e0698
                                                    • Opcode Fuzzy Hash: 6849bed97a32585e87fc3f826e42921bfb51cc659e746c674283f8c4bd8e7ac3
                                                    • Instruction Fuzzy Hash: 9DE012B26015155ED710DBA88D81EE736DCDB08350B210177BE08CA156D364DD0087A8
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0047CC67, Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SHGetKnownFolderPath.SHELL32(0049AD40,00008000,00000000,?), ref: 0047CC77
                                                    • 753CA680.OLE32(?,0047CCBA), ref: 0047CCAD
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: A680FolderKnownPath
                                                    • String ID: COMMAND.COM$Common Files$CommonFilesDir$Failed to get path of 64-bit Common Files directory$Failed to get path of 64-bit Program Files directory$ProgramFilesDir$SystemDrive$\Program Files$cmd.exe
                                                    • API String ID: 330600242-544719455
                                                    • Opcode ID: 22657732ddb36b50c5cfd1384dfe0831046bf8cbba1529c886ea6590bcb70017
                                                    • Instruction ID: cfbf6c223cf3afd6cdedd5c27fb16fa42648066dab15293e033e5a7925f9a24f
                                                    • Opcode Fuzzy Hash: 22657732ddb36b50c5cfd1384dfe0831046bf8cbba1529c886ea6590bcb70017
                                                    • Instruction Fuzzy Hash: FDE09231700600BEEB12DFA1DD52F6977ACEB48B04B618477F408E2A80D67CAD00865C
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0048382C, Relevance: 3.0, APIs: 2, Instructions: 17COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetTickCount.KERNEL32 ref: 00483836
                                                    • GetTickCount.KERNEL32 ref: 0048382D
                                                      • Part of subcall function 004837F8: GetForegroundWindow.USER32(00000000,00000000,?,?,0048385D,?,00483942,?,?,00000000), ref: 004837FE
                                                      • Part of subcall function 004837F8: GetWindowThreadProcessId.USER32(00000000,?), ref: 00483810
                                                      • Part of subcall function 004837F8: GetCurrentProcessId.KERNEL32(00000000,?,00000000,00000000,?,?,0048385D,?,00483942,?,?,00000000), ref: 00483819
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CountProcessTickWindow$CurrentForegroundThread
                                                    • String ID:
                                                    • API String ID: 711787588-0
                                                    • Opcode ID: 120b11d2bf9850009e1f207d5b15bc1123ac6b1b15330d1b2931d20fc979b4e6
                                                    • Instruction ID: a68ad34387677c18adc6102fc80b4dd6e8427e36267791dfee8170d6bf9eeddc
                                                    • Opcode Fuzzy Hash: 120b11d2bf9850009e1f207d5b15bc1123ac6b1b15330d1b2931d20fc979b4e6
                                                    • Instruction Fuzzy Hash: E1D0C98160068256DD153BFF968222D4184AB1575EF102E7FB44699283DC5C8606633F
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0041EFF4, Relevance: 3.0, APIs: 2, Instructions: 16threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetCurrentThreadId.KERNEL32 ref: 0041F00E
                                                    • EnumThreadWindows.USER32(00000000,0041EF90,00000000), ref: 0041F014
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Thread$CurrentEnumWindows
                                                    • String ID:
                                                    • API String ID: 2396873506-0
                                                    • Opcode ID: d175bc6ee8bbfc749e3fed62a58a63b33cd9a105b2aa63e9ce100911f10ddd18
                                                    • Instruction ID: 91a5b9257cbe4d153b63383d24fe1682f79f6fb92a6a8760fcbdcd854e13a614
                                                    • Opcode Fuzzy Hash: d175bc6ee8bbfc749e3fed62a58a63b33cd9a105b2aa63e9ce100911f10ddd18
                                                    • Instruction Fuzzy Hash: 6BE04275B00200AFDB10EF7DAD45B5A3BE0E324324F124C3BA808D71A1E27858A4DB9F
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0040625C, Relevance: 3.0, APIs: 2, Instructions: 6memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Global$Alloc
                                                    • String ID:
                                                    • API String ID: 2558781224-0
                                                    • Opcode ID: 38fdb687bb69d238822be17628ba02d3430ff360103c12c92fad93c094244837
                                                    • Instruction ID: 06179efae1cd4c7c45065c0f91b58358bdd8bb936cab03a6fa385f12497be06a
                                                    • Opcode Fuzzy Hash: 38fdb687bb69d238822be17628ba02d3430ff360103c12c92fad93c094244837
                                                    • Instruction Fuzzy Hash: 3E9002C4D10B00B8DC0072B20C1AD3F146CD8C172D3D0486F7004B61C3883C88004839
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004014E4, Relevance: 2.5, APIs: 2, Instructions: 37memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • VirtualAlloc.KERNEL32(00000000,?,00002000,00000001,?,?,?,004017ED), ref: 00401513
                                                    • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,?,00002000,00000001,?,?,?,004017ED), ref: 0040153A
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Virtual$AllocFree
                                                    • String ID:
                                                    • API String ID: 2087232378-0
                                                    • Opcode ID: 7d9236a51a6e62d759a8b4f250f4c89c76a4556442c2f53cae6702f33709ebd9
                                                    • Instruction ID: 72296c24d993e0564b30de85c6f195fe79285825457dd4606d191d555c4bfbf2
                                                    • Opcode Fuzzy Hash: 7d9236a51a6e62d759a8b4f250f4c89c76a4556442c2f53cae6702f33709ebd9
                                                    • Instruction Fuzzy Hash: D1F08272B0063067EB605A6A4C81B6359849BC5794F254076FD09FF3E9D6B58C0142A9
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004085DC, Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetSystemDefaultLCID.KERNEL32(00000000,00408712), ref: 004085FB
                                                      • Part of subcall function 00406DEC: LoadStringA.USER32 ref: 00406E09
                                                      • Part of subcall function 00408568: GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0049C4C0,00000001,?,00408633,?,00000000,00408712), ref: 00408586
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: DefaultInfoLoadLocaleStringSystem
                                                    • String ID:
                                                    • API String ID: 1658689577-0
                                                    • Opcode ID: fca7547e3638193b824a1cb857b9f4b1c35dbd26232a6776dc15243f5bef776f
                                                    • Instruction ID: 88e8ba0be63a734383a1a6e5d65c1d41f49f3475fbf491600a9c992d064d6bc0
                                                    • Opcode Fuzzy Hash: fca7547e3638193b824a1cb857b9f4b1c35dbd26232a6776dc15243f5bef776f
                                                    • Instruction Fuzzy Hash: C0315035E00109ABCF00EF55CC819EEB779EF84314F558577E815BB286EB38AE018B98
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0041FB9C, Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetScrollInfo.USER32(00000000,?,?,00000001), ref: 0041FC39
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: InfoScroll
                                                    • String ID:
                                                    • API String ID: 629608716-0
                                                    • Opcode ID: a0ce2aaa01497ac04468ea6ac7a83421c49688bcbeeff2d3e991700215f3b25f
                                                    • Instruction ID: 6365c2cd079840e4170b7c9ce409c3d873e807bce8729d2e10e5c00059922083
                                                    • Opcode Fuzzy Hash: a0ce2aaa01497ac04468ea6ac7a83421c49688bcbeeff2d3e991700215f3b25f
                                                    • Instruction Fuzzy Hash: D8214FB1608746AFC351DF3984407A6BBE4BB48344F14893EE498C3741E778E99ACBD6
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0046C4A8, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 0041EEA4: GetCurrentThreadId.KERNEL32 ref: 0041EEF3
                                                      • Part of subcall function 0041EEA4: EnumThreadWindows.USER32(00000000,0041EE54,00000000), ref: 0041EEF9
                                                    • SHPathPrepareForWriteA.SHELL32(00000000,00000000,00000000,00000000,00000000,0046C506,?,00000000,?,?,0046C718,?,00000000,0046C78C), ref: 0046C4EA
                                                      • Part of subcall function 0041EF58: IsWindow.USER32(?), ref: 0041EF66
                                                      • Part of subcall function 0041EF58: EnableWindow.USER32(?,00000001), ref: 0041EF75
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: ThreadWindow$CurrentEnableEnumPathPrepareWindowsWrite
                                                    • String ID:
                                                    • API String ID: 3319771486-0
                                                    • Opcode ID: dbae09f81caea43298e1e2d0d49e25f8bee619fdb8f5cd46b78ac08149b29795
                                                    • Instruction ID: e5e9e719de3a057d7f130b497200caeef730ae12372367b2a58313213cac24a5
                                                    • Opcode Fuzzy Hash: dbae09f81caea43298e1e2d0d49e25f8bee619fdb8f5cd46b78ac08149b29795
                                                    • Instruction Fuzzy Hash: C4F0B470708340BFEB059F61AC96B257798E745714F91043BF409C6590E6796840C51E
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00416550, Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CreateWindow
                                                    • String ID:
                                                    • API String ID: 716092398-0
                                                    • Opcode ID: 5ff731208ea2669c00132db587fc5b09c37a3f2098bcfa82a293bed1c7b74572
                                                    • Instruction ID: 0c02f625eff59d096721037d9f94d65fc7bd043eed4bfd3cc04e62c8adee1921
                                                    • Opcode Fuzzy Hash: 5ff731208ea2669c00132db587fc5b09c37a3f2098bcfa82a293bed1c7b74572
                                                    • Instruction Fuzzy Hash: D3F019B2200510AFDB84DEDCD8C0F9373ECEB0C250B0481A6BA08CB21AD220EC108BB0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004149B4, Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • KiUserCallbackDispatcher.NTDLL(?,?), ref: 004149EF
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CallbackDispatcherUser
                                                    • String ID:
                                                    • API String ID: 2492992576-0
                                                    • Opcode ID: 9e73aedc2ede48524128b4fba7c94cddd86b5e43f4b9cee2e76a3e9f018a4363
                                                    • Instruction ID: 59ac3629b8f45f7a6bca1b57e2bf54285868c68ba6336e642f1ef9b7bb8d2b05
                                                    • Opcode Fuzzy Hash: 9e73aedc2ede48524128b4fba7c94cddd86b5e43f4b9cee2e76a3e9f018a4363
                                                    • Instruction Fuzzy Hash: B2F0DA762042019FC740DF6CC8C488A77E5FF89255B5546A9F989CB356C731EC54CB91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004507C4, Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileA.KERNEL32(00000000,?,?,00000000,?,00000080,00000000), ref: 00450804
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: 25a3a1c597d96d6ec6eeff5ed90690fea83c0a7d17e9792404b65ad20c66f51d
                                                    • Instruction ID: ff74e5a8d4592d8fd3b5a2de0ea1d69cf02ca9f83d78e7382fef9d423995e771
                                                    • Opcode Fuzzy Hash: 25a3a1c597d96d6ec6eeff5ed90690fea83c0a7d17e9792404b65ad20c66f51d
                                                    • Instruction Fuzzy Hash: A7E06DA13401483ED280AAAC6C42F9237CC931A714F008433B998C7241C46199218BE9
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0042CCCC, Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetFileAttributesA.KERNEL32(00000000,00000000,0042CD14,?,00000001,?,?,00000000,?,0042CD66,00000000,00452A25,00000000,00452A46,?,00000000), ref: 0042CCF7
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: AttributesFile
                                                    • String ID:
                                                    • API String ID: 3188754299-0
                                                    • Opcode ID: a1ebe1bbf11a3f0589be15ad0de550f021876ee2d34cf3deda41d0e0afd3aa3f
                                                    • Instruction ID: d3c11148bbbe1678040d416a6bc301cfea82702c80b798926358c5e84281cc0e
                                                    • Opcode Fuzzy Hash: a1ebe1bbf11a3f0589be15ad0de550f021876ee2d34cf3deda41d0e0afd3aa3f
                                                    • Instruction Fuzzy Hash: 80E065B1304304BFD701EB66EC92A5EBAACDB49754BA14876B50097592D5B86E008468
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0042E8C8, Relevance: 1.5, APIs: 1, Instructions: 28windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • FormatMessageA.KERNEL32(00003200,00000000,4C783AFB,00000000,?,00000400,00000000,?,00453273,00000000,kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000), ref: 0042E8E7
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: FormatMessage
                                                    • String ID:
                                                    • API String ID: 1306739567-0
                                                    • Opcode ID: 07eb917982e44065cc90d67cadef310e262c4caec6bcfbb1197f6d5f5d2cfc19
                                                    • Instruction ID: fbc307da5c1359fbfbc351051067b699ae1438aedf6613c80dda169529e76e7e
                                                    • Opcode Fuzzy Hash: 07eb917982e44065cc90d67cadef310e262c4caec6bcfbb1197f6d5f5d2cfc19
                                                    • Instruction Fuzzy Hash: BCE0206278431116F2353416AC47B77150E43C0708F944027BB90DF3D3D6AF9945D25E
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0041AF70, Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetTextExtentPointA.GDI32(?,00000000,00000000), ref: 0041AF9B
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: ExtentPointText
                                                    • String ID:
                                                    • API String ID: 566491939-0
                                                    • Opcode ID: fe3873e992a20e622ffaf78f93863b288a9be0a8311253c2d6346deae250c6a6
                                                    • Instruction ID: 6b43be1268843882f9474f888990ee0a0f71ddbfb678ee1088bae751a0726d8f
                                                    • Opcode Fuzzy Hash: fe3873e992a20e622ffaf78f93863b288a9be0a8311253c2d6346deae250c6a6
                                                    • Instruction Fuzzy Hash: E3E086F13097102BD600E67E1DC19DB77DC8A483697148177F458E7392D62DDE1A43AE
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0042DDE4, Relevance: 1.5, APIs: 1, Instructions: 26registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RegCreateKeyExA.ADVAPI32(?,?,?,?,?,?,?,?,?), ref: 0042DE10
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Create
                                                    • String ID:
                                                    • API String ID: 2289755597-0
                                                    • Opcode ID: 296f4a6b1841180fcb6525c1425398a2afe0618770c3240f8adf4a5c8222c494
                                                    • Instruction ID: 68673b5cf84413dff1d7ecec16939cb2303f89f305828e6cd22260af4b89741b
                                                    • Opcode Fuzzy Hash: 296f4a6b1841180fcb6525c1425398a2afe0618770c3240f8adf4a5c8222c494
                                                    • Instruction Fuzzy Hash: EDE07EB2610119AF9B40DE8CDC81EEB37ADAB1D350F404016FA08E7200C2B4EC519BB4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00454BF8, Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • FindClose.KERNEL32(00000000,000000FF,00470ABC,00000000,004718D2,?,00000000,0047191D,?,00000000,00471A56,?,00000000,?,00000000), ref: 00454C0E
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CloseFind
                                                    • String ID:
                                                    • API String ID: 1863332320-0
                                                    • Opcode ID: 11f85fe3eadb56deb2a36587797c04edf00a0a96d22c61031c4e408c888de5f9
                                                    • Instruction ID: 5c2dbd3a099336849a47a332199978da45cb785deb8a29a76394180ab3bc5383
                                                    • Opcode Fuzzy Hash: 11f85fe3eadb56deb2a36587797c04edf00a0a96d22c61031c4e408c888de5f9
                                                    • Instruction Fuzzy Hash: A1E09BB09097004BC715DF39858031A76D19FC9325F05C96AEC99CF3D7E77D84454617
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0041467C, Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • KiUserCallbackDispatcher.NTDLL(00495F26,?,00495F48,?,?,00000000,00495F26,?,?), ref: 0041469B
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CallbackDispatcherUser
                                                    • String ID:
                                                    • API String ID: 2492992576-0
                                                    • Opcode ID: 6e76042b9040d81ea616cca6ecacd77bc76811df147480a1eef497ac36b7c045
                                                    • Instruction ID: 3a83c41fa5c3d176b15f2666d2672a78f9af76d4247255e2ff0bda4df6ea0631
                                                    • Opcode Fuzzy Hash: 6e76042b9040d81ea616cca6ecacd77bc76811df147480a1eef497ac36b7c045
                                                    • Instruction Fuzzy Hash: 59E012723001199F8250CE5EDC88C57FBEDEBC966130983A6F508C7306DA31EC44C7A0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00406F10, Relevance: 1.5, APIs: 1, Instructions: 23fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 00406F24
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: FileWrite
                                                    • String ID:
                                                    • API String ID: 3934441357-0
                                                    • Opcode ID: 4c02731fe18b0a47ab7745946c5e8dd4c7dfafdb2aa22804bebcbb41d9412fbb
                                                    • Instruction ID: adeaf4ebd0e6cd94d64be6b3cb299443ba394f13a0b1cd3d8337db6b6af80796
                                                    • Opcode Fuzzy Hash: 4c02731fe18b0a47ab7745946c5e8dd4c7dfafdb2aa22804bebcbb41d9412fbb
                                                    • Instruction Fuzzy Hash: 53D012722091506AD220965A6C44EAB6BDCCBC5770F11063AB558C2181D7209C01C675
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0042364C, Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 004235F8: SystemParametersInfoA.USER32(00000048,00000000,00000000,00000000), ref: 0042360D
                                                    • ShowWindow.USER32(00410460,00000009,?,00000000,0041EDA4,0042393A,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00000000), ref: 00423667
                                                      • Part of subcall function 00423628: SystemParametersInfoA.USER32(00000049,00000000,00000000,00000000), ref: 00423644
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: InfoParametersSystem$ShowWindow
                                                    • String ID:
                                                    • API String ID: 3202724764-0
                                                    • Opcode ID: 5ea0717b5a237d90ae3b60c45d238232e42852dd61880cea7560cbd7bb09fbd7
                                                    • Instruction ID: 3e39ddd90fb628193caaea160b6f4ed5bf244f394cc2da11a07db6b12dca8b82
                                                    • Opcode Fuzzy Hash: 5ea0717b5a237d90ae3b60c45d238232e42852dd61880cea7560cbd7bb09fbd7
                                                    • Instruction Fuzzy Hash: 34D05E123821703142307ABB280699B46EC8D822EB389043BB5449B312ED5DCE01116C
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004242C4, Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetWindowTextA.USER32(?,00000000), ref: 004242DC
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: TextWindow
                                                    • String ID:
                                                    • API String ID: 530164218-0
                                                    • Opcode ID: 968e2600307bd84f4d65718215a4df57ccfa9b7919b98356d7a542cd4e907fd2
                                                    • Instruction ID: e359d8c046b4275bb87a72ac3440150ee0889cd0e7de0465f76ccf46c1161c2e
                                                    • Opcode Fuzzy Hash: 968e2600307bd84f4d65718215a4df57ccfa9b7919b98356d7a542cd4e907fd2
                                                    • Instruction Fuzzy Hash: 81D05EE27011602BCB01BAED54C4AC667CC9B8D25AB1840BBF904EF257D638CE40C398
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0042CD6C, Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetFileAttributesA.KERNEL32(00000000,?,00452C55,00000000,00452C6E,?,-00000001,00000000), ref: 0042CD77
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: AttributesFile
                                                    • String ID:
                                                    • API String ID: 3188754299-0
                                                    • Opcode ID: fc34f2137eef7bb4dc4de094efd6e6cefb9e20129c0f8ee63852c37c04a828d7
                                                    • Instruction ID: 2eab32a2699244162946c929296992ee32eb3599f5fc22494aed3d9886f7b4af
                                                    • Opcode Fuzzy Hash: fc34f2137eef7bb4dc4de094efd6e6cefb9e20129c0f8ee63852c37c04a828d7
                                                    • Instruction Fuzzy Hash: 51D012D036121015DF1455BD28C535F05884B65375BA82F37B66DE62E2D23D8857281C
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00466B40, Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • KiUserCallbackDispatcher.NTDLL(?,?,00000000,?,00467828,00000000,00000000,00000000,00400000,STOPIMAGE,0000000C,00000000), ref: 00466B58
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CallbackDispatcherUser
                                                    • String ID:
                                                    • API String ID: 2492992576-0
                                                    • Opcode ID: 1170af52fdfa1b22d402febd08e71c9ecbcd6356f79449625b478cc807a9fefe
                                                    • Instruction ID: a3a9c25b9c80179eca176ae0059a0aa24e3542550d9dc9bac8dced773014ab2a
                                                    • Opcode Fuzzy Hash: 1170af52fdfa1b22d402febd08e71c9ecbcd6356f79449625b478cc807a9fefe
                                                    • Instruction Fuzzy Hash: 0ED09272210A109F8364CAADC9C4C97B3ECEF4C2213004659E54AC3B15D664FC018BA0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0042CD24, Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetFileAttributesA.KERNEL32(00000000,00000000,004515CB,00000000), ref: 0042CD2F
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: AttributesFile
                                                    • String ID:
                                                    • API String ID: 3188754299-0
                                                    • Opcode ID: 6c89678bae6bf830f8c17c6268c6e12585ebb299e13ef4789985508e770dba46
                                                    • Instruction ID: 53db4a1afaa3b7bebcc80daf879f764776582c58df104e6651e2d127eece83ed
                                                    • Opcode Fuzzy Hash: 6c89678bae6bf830f8c17c6268c6e12585ebb299e13ef4789985508e770dba46
                                                    • Instruction Fuzzy Hash: 48C08CE03222001A9E60A6BD2CC551F06CC891423A3A41E3BB129EB2E2D23D88162818
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00406EC0, Relevance: 1.5, APIs: 1, Instructions: 14fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,0040A6D4,0040CC80,?,00000000,?), ref: 00406EDD
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: d487f09bce5ab2446fefe52ff91139140134d323c8d44495a9ab4cbc0f9c4527
                                                    • Instruction ID: fbce42704b7dd2fd8be74a622cf743b4adaa06f64be9adac3ea2875d17ee2119
                                                    • Opcode Fuzzy Hash: d487f09bce5ab2446fefe52ff91139140134d323c8d44495a9ab4cbc0f9c4527
                                                    • Instruction Fuzzy Hash: EAC048A13C130032F92035A60C87F16008C5754F0AE60C43AB740BF1C2D8E9A818022C
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0041F39C, Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • KiUserCallbackDispatcher.NTDLL(?,?,?,00000000), ref: 0041F3B0
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CallbackDispatcherUser
                                                    • String ID:
                                                    • API String ID: 2492992576-0
                                                    • Opcode ID: aa2ab5d04534ce78fd06398472ac87fc8e200d4b6eb1d54961e47d4e7a3c3f50
                                                    • Instruction ID: 48f25c4fc7afed193c39a16cc91a0304f94a1296cd048c63733264e3b5f0309e
                                                    • Opcode Fuzzy Hash: aa2ab5d04534ce78fd06398472ac87fc8e200d4b6eb1d54961e47d4e7a3c3f50
                                                    • Instruction Fuzzy Hash: D2D0C932100108AFDB018E94AC018677B69EB48210B148815FD0485221D633E831AA91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0045092C, Relevance: 1.5, APIs: 1, Instructions: 11fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetEndOfFile.KERNEL32(?,?,0045C342,00000000,0045C4CD,?,00000000,00000002,00000002), ref: 00450933
                                                      • Part of subcall function 004506B4: GetLastError.KERNEL32(004504D0,00450776,?,00000000,?,0049836C,00000001,00000000,00000002,00000000,004984CD,?,?,00000005,00000000,00498501), ref: 004506B7
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: ErrorFileLast
                                                    • String ID:
                                                    • API String ID: 734332943-0
                                                    • Opcode ID: dfd6122944db5b319254e7b77af95d7469dcf5406d44b15aeae4525e96e42585
                                                    • Instruction ID: 9573b676cf6dd5fef234c73c81a1a5d02d78d5ca05287b50762f3c98dcfac2da
                                                    • Opcode Fuzzy Hash: dfd6122944db5b319254e7b77af95d7469dcf5406d44b15aeae4525e96e42585
                                                    • Instruction Fuzzy Hash: 1AC04CA5700211479F10A6BA85C1A0662D86A5D3157144066BD08CF207D668D8148A18
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00406F50, Relevance: 1.5, APIs: 1, Instructions: 11fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • DeleteFileA.KERNEL32(00000000,0049C628,00498C31,00000000,00498C86,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000), ref: 00406F5B
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: DeleteFile
                                                    • String ID:
                                                    • API String ID: 4033686569-0
                                                    • Opcode ID: 974406c8209f5f2baf9aa7f60898e2c16b4dbb69ce3e1bfb04616041c36a0a4c
                                                    • Instruction ID: 1cff4f98fe1f8e2c1d524c72e998173d896329315b0501cca3ecf0a0fad01fcd
                                                    • Opcode Fuzzy Hash: 974406c8209f5f2baf9aa7f60898e2c16b4dbb69ce3e1bfb04616041c36a0a4c
                                                    • Instruction Fuzzy Hash: E4B012E13D224A26CB0079FE4CC1D1A00CC4A293063406A3A3006F72C3D83CC8180014
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004072A8, Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetCurrentDirectoryA.KERNEL32(00000000,?,004982FA,00000000,004984CD,?,?,00000005,00000000,00498501,?,?,00000000), ref: 004072B3
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CurrentDirectory
                                                    • String ID:
                                                    • API String ID: 1611563598-0
                                                    • Opcode ID: 9cfe1b671e2ded52e2a4f1899edd371c25323ab6eac1b77aed394817f5a1d109
                                                    • Instruction ID: 2ee9fcf0c2ecb8048618371478a38130c752a95b947e2a8aefd026f579ab26ad
                                                    • Opcode Fuzzy Hash: 9cfe1b671e2ded52e2a4f1899edd371c25323ab6eac1b77aed394817f5a1d109
                                                    • Instruction Fuzzy Hash: 33B012E03D120A2BCA0079FE4CC192A00CC46292163401B3B3006EB1C3D83DC8180824
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0042E3EF, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetErrorMode.KERNEL32(?,0042E40D), ref: 0042E400
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: ErrorMode
                                                    • String ID:
                                                    • API String ID: 2340568224-0
                                                    • Opcode ID: cb8e2ebd86b0ac1182f6c4657d989dfa6a466ad308997f4b3834ff3b1e7758f7
                                                    • Instruction ID: 426ac138898b17598b25982f2c454791bd479401c65f9a69ae9baa170422678e
                                                    • Opcode Fuzzy Hash: cb8e2ebd86b0ac1182f6c4657d989dfa6a466ad308997f4b3834ff3b1e7758f7
                                                    • Instruction Fuzzy Hash: CDB09B7670C6105EE709D6D5B45552D63D4D7C57207E14477F010D2581D57D58054E18
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0047D4A8, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • FreeLibrary.KERNEL32(00000000,00481E0B), ref: 0047D4BE
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: FreeLibrary
                                                    • String ID:
                                                    • API String ID: 3664257935-0
                                                    • Opcode ID: 8cec373e994d30c1194968ae062add5c89bef3d1aeff6b29735dbd1bd485e345
                                                    • Instruction ID: 3594e3fbca060532f54f402781d86c56d6f8120f57f80614c359da84ab34fd22
                                                    • Opcode Fuzzy Hash: 8cec373e994d30c1194968ae062add5c89bef3d1aeff6b29735dbd1bd485e345
                                                    • Instruction Fuzzy Hash: DDC0EAB1E902019EC758AB7DE989A5636E4A728305B01897BA418C6274E738B4488F18
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00482048, Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: MessagePost
                                                    • String ID:
                                                    • API String ID: 410705778-0
                                                    • Opcode ID: cab4005e88ba2cdea2d2864549b62f14f1d56f585ed6791aa38b378b51621342
                                                    • Instruction ID: fbd2fd99f2342ae97ce2e912f06b4f6775a0193fa59faa32ac81747571f1ea96
                                                    • Opcode Fuzzy Hash: cab4005e88ba2cdea2d2864549b62f14f1d56f585ed6791aa38b378b51621342
                                                    • Instruction Fuzzy Hash: E2A002343C430430F47462511D03F4400441744F05EE1909573053C0C704D82520201E
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004165EC, Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: DestroyWindow
                                                    • String ID:
                                                    • API String ID: 3375834691-0
                                                    • Opcode ID: 1244af60e57b01067fe56da529b9c4312cbd500fa9ed17bad69dff1823a021af
                                                    • Instruction ID: 4f6e5339ba6c71e81ef5aec1f6829bfe42d3c8de95bc03762545e97b2cddf6f9
                                                    • Opcode Fuzzy Hash: 1244af60e57b01067fe56da529b9c4312cbd500fa9ed17bad69dff1823a021af
                                                    • Instruction Fuzzy Hash: 1AA00275501500AADA00E7B5D849F7E2298BB44204FD905F9714897056C57C99008B55
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0047E174, Relevance: 1.4, APIs: 1, Instructions: 157COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,0047E35F,?,?,?,?,00000000,00000000,00000000,00000000), ref: 0047E319
                                                      • Part of subcall function 0042CA00: GetSystemMetrics.USER32 ref: 0042CA12
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: ByteCharMetricsMultiSystemWide
                                                    • String ID:
                                                    • API String ID: 224039744-0
                                                    • Opcode ID: cf2d294a0c176ba4b0a84a6b6d042752cacc0e24fbe341cb32020e1a635ab033
                                                    • Instruction ID: 2647b8cebaaf01057470fca103781b46ae04bb0ae08e27737b6fdd7404d6d7bc
                                                    • Opcode Fuzzy Hash: cf2d294a0c176ba4b0a84a6b6d042752cacc0e24fbe341cb32020e1a635ab033
                                                    • Instruction Fuzzy Hash: 14517870A00245AFD720DF99D885FA9B7B8EB1D309F1181B7E804A7392C7749E45CB59
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00401678, Relevance: 1.3, APIs: 1, Instructions: 54memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 004016E5
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: AllocVirtual
                                                    • String ID:
                                                    • API String ID: 4275171209-0
                                                    • Opcode ID: cf767f32803dc860427cfe16df5e9132c1b8cfeb471eb9c9636e6332cbeca463
                                                    • Instruction ID: c9bf05f2046c2aff823394476b80a09455a481469caf65995526192ac44c957d
                                                    • Opcode Fuzzy Hash: cf767f32803dc860427cfe16df5e9132c1b8cfeb471eb9c9636e6332cbeca463
                                                    • Instruction Fuzzy Hash: 3D11ACB2A057019FC3108F2DCC80A2BBBE5EBC4364F19C93EE598A73A4D635AC409649
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0041F3C4, Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,00000000,0041EDA4,?,0042388F,00423C0C,0041EDA4), ref: 0041F3E2
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: AllocVirtual
                                                    • String ID:
                                                    • API String ID: 4275171209-0
                                                    • Opcode ID: 3cbaba1d1ed1e926f28d71c5e63335cf9c0629673821937be195d69802fdb84b
                                                    • Instruction ID: 76554604a7858b969097af1b7ecb2f553aa84ce625af1746b6c15b3b7cba3152
                                                    • Opcode Fuzzy Hash: 3cbaba1d1ed1e926f28d71c5e63335cf9c0629673821937be195d69802fdb84b
                                                    • Instruction Fuzzy Hash: 851148742007059BCB20DF19C8C0B82FBE4EB98390F10C53AE9688B385D378E8458BA9
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00452FC4, Relevance: 1.3, APIs: 1, Instructions: 48COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLastError.KERNEL32(00000000,0045302D), ref: 0045300F
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: ErrorLast
                                                    • String ID:
                                                    • API String ID: 1452528299-0
                                                    • Opcode ID: 9b36e42861a8e97045d3d1c2d68090febbf4b925d95e27d87fd5eab6f39d8911
                                                    • Instruction ID: b902f5f71593d0acd8113edc39c0d5725662cc955bae9521e0e34912f41e4d76
                                                    • Opcode Fuzzy Hash: 9b36e42861a8e97045d3d1c2d68090febbf4b925d95e27d87fd5eab6f39d8911
                                                    • Instruction Fuzzy Hash: 850170356042486FC701DF699C008EEFBE8EB4D76171082B7FC24C3382D7345E059664
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0040170C, Relevance: 1.3, APIs: 1, Instructions: 48COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • VirtualFree.KERNEL32(00000000,00000000,00004000,?,?,?,?,?,00401973), ref: 00401766
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: FreeVirtual
                                                    • String ID:
                                                    • API String ID: 1263568516-0
                                                    • Opcode ID: c2ec33a786a38e7bd0169ef8bddb7cde116ed653613200da8896670bb901eae8
                                                    • Instruction ID: be7f0be69d4b25e877c81db3c68dd302dbc4ff1700a0c49f545652be0e594e9c
                                                    • Opcode Fuzzy Hash: c2ec33a786a38e7bd0169ef8bddb7cde116ed653613200da8896670bb901eae8
                                                    • Instruction Fuzzy Hash: 1401FC766442148FC3109F29DCC0E2677E8D794378F15453EDA85673A1D37A6C0187D8
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00401340, Relevance: 1.3, APIs: 1, Instructions: 34memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LocalAlloc.KERNEL32(00000000,00000644,?,0049C450,004013A3,?,?,00401443,?,?,?,?,?,00401983), ref: 00401353
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: AllocLocal
                                                    • String ID:
                                                    • API String ID: 3494564517-0
                                                    • Opcode ID: aca4d3d7ff4968b90215f13619ba70cef3d09ec9501acc259b14cf34408ebbe3
                                                    • Instruction ID: 0848adde502159ad1fd96a8234a1f6bbb828a68afa7971909c010f8acedd3e76
                                                    • Opcode Fuzzy Hash: aca4d3d7ff4968b90215f13619ba70cef3d09ec9501acc259b14cf34408ebbe3
                                                    • Instruction Fuzzy Hash: C0F058B17012018FEB24CF29D8D0A66B7E1EBA9366F20807FE9C5D77A0D3358C418B94
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Non-executed Functions

                                                    Function 0041F118, Relevance: 45.6, APIs: 15, Strings: 11, Instructions: 87libraryloaderCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 89%
                                                    			E0041F118() {
				int _t1;
				struct HINSTANCE__* _t2;
				intOrPtr _t4;
				struct HINSTANCE__* _t6;
				int _t7;
				struct HINSTANCE__* _t8;
				struct HINSTANCE__* _t10;
				struct HINSTANCE__* _t12;
				struct HINSTANCE__* _t14;
				struct HINSTANCE__* _t16;
				struct HINSTANCE__* _t18;
				struct HINSTANCE__* _t20;
				struct HINSTANCE__* _t22;
				struct HINSTANCE__* _t24;
				_Unknown_base(*)()* _t25;
				signed int _t27;

				if( *0x49a590 != 0) {
					L10:
					return _t1;
				}
				_t1 = GetVersion();
				_t30 = _t1;
				if(_t1 < 4) {
					_t1 = E00406250(_t30);
					if(_t1 < 0x59) {
						_t27 = SetErrorMode(0x8000);
						 *0x49a590 = LoadLibraryA("CTL3D32.DLL");
						_t1 = SetErrorMode(_t27 & 0x0000ffff);
					}
				}
				if( *0x49a590 < 0x20) {
					 *0x49a590 = 1;
				}
				if( *0x49a590 < 0x20) {
					goto L10;
				} else {
					_t2 =  *0x49a590; // 0x1
					 *0x49c630 = GetProcAddress(_t2, "Ctl3dRegister");
					_t4 =  *0x49c014; // 0x400000
					_push(_t4);
					if( *0x49c630() == 0) {
						_t6 =  *0x49a590; // 0x1
						_t7 = FreeLibrary(_t6);
						 *0x49a590 = 1;
						return _t7;
					}
					_t8 =  *0x49a590; // 0x1
					 *0x49c634 = GetProcAddress(_t8, "Ctl3dUnregister");
					_t10 =  *0x49a590; // 0x1
					 *0x49c638 = GetProcAddress(_t10, "Ctl3dSubclassCtl");
					_t12 =  *0x49a590; // 0x1
					 *0x49c63c = GetProcAddress(_t12, "Ctl3dSubclassDlgEx");
					_t14 =  *0x49a590; // 0x1
					 *0x49a56c = GetProcAddress(_t14, "Ctl3dDlgFramePaint");
					_t16 =  *0x49a590; // 0x1
					 *0x49a570 = GetProcAddress(_t16, "Ctl3dCtlColorEx");
					_t18 =  *0x49a590; // 0x1
					 *0x49c640 = GetProcAddress(_t18, "Ctl3dAutoSubclass");
					_t20 =  *0x49a590; // 0x1
					 *0x49c644 = GetProcAddress(_t20, "Ctl3dUnAutoSubclass");
					_t22 =  *0x49a590; // 0x1
					 *0x49c648 = GetProcAddress(_t22, "Ctl3DColorChange");
					_t24 =  *0x49a590; // 0x1
					_t25 = GetProcAddress(_t24, "BtnWndProc3d");
					 *0x49a568 = _t25;
					return _t25;
				}
			}



















                                                    0x0041f120
                                                    0x0041f27f
                                                    0x0041f27f
                                                    0x0041f27f
                                                    0x0041f126
                                                    0x0041f12b
                                                    0x0041f130
                                                    0x0041f134
                                                    0x0041f13b
                                                    0x0041f142
                                                    0x0041f153
                                                    0x0041f15c
                                                    0x0041f15c
                                                    0x0041f13b
                                                    0x0041f168
                                                    0x0041f16a
                                                    0x0041f16a
                                                    0x0041f17b
                                                    0x00000000
                                                    0x0041f181
                                                    0x0041f186
                                                    0x0041f191
                                                    0x0041f196
                                                    0x0041f19b
                                                    0x0041f1a4
                                                    0x0041f269
                                                    0x0041f26f
                                                    0x0041f274
                                                    0x00000000
                                                    0x0041f274
                                                    0x0041f1af
                                                    0x0041f1ba
                                                    0x0041f1c4
                                                    0x0041f1cf
                                                    0x0041f1d9
                                                    0x0041f1e4
                                                    0x0041f1ee
                                                    0x0041f1f9
                                                    0x0041f203
                                                    0x0041f20e
                                                    0x0041f218
                                                    0x0041f223
                                                    0x0041f22d
                                                    0x0041f238
                                                    0x0041f242
                                                    0x0041f24d
                                                    0x0041f257
                                                    0x0041f25d
                                                    0x0041f262
                                                    0x00000000
                                                    0x0041f262

                                                    APIs
                                                    • GetVersion.KERNEL32(?,00418FF0,00000000,?,?,00000001,00000000), ref: 0041F126
                                                    • SetErrorMode.KERNEL32(00008000,?,00418FF0,00000000,?,?,00000001,00000000), ref: 0041F142
                                                    • LoadLibraryA.KERNEL32(CTL3D32.DLL,00008000,?,00418FF0,00000000,?,?,00000001,00000000), ref: 0041F14E
                                                    • SetErrorMode.KERNEL32(00000000,CTL3D32.DLL,00008000,?,00418FF0,00000000,?,?,00000001,00000000), ref: 0041F15C
                                                    • GetProcAddress.KERNEL32(00000001,Ctl3dRegister), ref: 0041F18C
                                                    • GetProcAddress.KERNEL32(00000001,Ctl3dUnregister), ref: 0041F1B5
                                                    • GetProcAddress.KERNEL32(00000001,Ctl3dSubclassCtl), ref: 0041F1CA
                                                    • GetProcAddress.KERNEL32(00000001,Ctl3dSubclassDlgEx), ref: 0041F1DF
                                                    • GetProcAddress.KERNEL32(00000001,Ctl3dDlgFramePaint), ref: 0041F1F4
                                                    • GetProcAddress.KERNEL32(00000001,Ctl3dCtlColorEx), ref: 0041F209
                                                    • GetProcAddress.KERNEL32(00000001,Ctl3dAutoSubclass), ref: 0041F21E
                                                    • GetProcAddress.KERNEL32(00000001,Ctl3dUnAutoSubclass), ref: 0041F233
                                                    • GetProcAddress.KERNEL32(00000001,Ctl3DColorChange), ref: 0041F248
                                                    • GetProcAddress.KERNEL32(00000001,BtnWndProc3d), ref: 0041F25D
                                                    • FreeLibrary.KERNEL32(00000001,?,00418FF0,00000000,?,?,00000001,00000000), ref: 0041F26F
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: AddressProc$ErrorLibraryMode$FreeLoadVersion
                                                    • String ID: BtnWndProc3d$CTL3D32.DLL$Ctl3DColorChange$Ctl3dAutoSubclass$Ctl3dCtlColorEx$Ctl3dDlgFramePaint$Ctl3dRegister$Ctl3dSubclassCtl$Ctl3dSubclassDlgEx$Ctl3dUnAutoSubclass$Ctl3dUnregister
                                                    • API String ID: 2323315520-3614243559
                                                    • Opcode ID: c1c9d1b6053ab75c91c2e88ec5f32a1b3c473af182a6c91a5ff75eeef97b1c1c
                                                    • Instruction ID: 51138a549d975858c6f438e0ddf30f49d7aaf9b1ba912d381aeb5f1a0b1755e8
                                                    • Opcode Fuzzy Hash: c1c9d1b6053ab75c91c2e88ec5f32a1b3c473af182a6c91a5ff75eeef97b1c1c
                                                    • Instruction Fuzzy Hash: 9B3110B1740700ABDB00EBB5AC86A7A3794F768324751093BB508DB192D77D4C658F9D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004585C8, Relevance: 40.4, APIs: 11, Strings: 12, Instructions: 186pipeprocessfileCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 84%
                                                    			E004585C8(void* __eax, void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				char _v12;
				char _v16;
				void* _v20;
				void* _v24;
				long _v28;
				struct _STARTUPINFOA _v96;
				struct _PROCESS_INFORMATION _v112;
				char _v116;
				long _v120;
				char _v124;
				long _v128;
				char _v132;
				intOrPtr _v136;
				char _v140;
				intOrPtr _v144;
				char _v148;
				char _v152;
				char _v156;
				char _v160;
				char _v164;
				void* _v168;
				char _v172;
				char _v176;
				char _v180;
				char _v184;
				int _t82;
				CHAR* _t90;
				CHAR* _t96;
				intOrPtr _t97;
				int _t99;
				void* _t126;
				intOrPtr _t139;
				struct _FILETIME* _t141;
				void* _t145;
				void* _t146;
				intOrPtr _t147;

				_t145 = _t146;
				_t147 = _t146 + 0xffffff4c;
				_v156 = 0;
				_v160 = 0;
				_v16 = 0;
				_t126 = __eax;
				_t141 =  &_v12;
				_push(_t145);
				_push(0x4588c2);
				_push( *[fs:eax]);
				 *[fs:eax] = _t147;
				E00457D10("Starting 64-bit helper process.", __eax, __ecx, _t141, 0x49d03c);
				_t149 =  *0x49d43e;
				if( *0x49d43e == 0) {
					E00453344("Cannot utilize 64-bit features on this version of Windows", _t126, _t141, 0x49d03c, _t149);
				}
				_t150 =  *0x49d038;
				if( *0x49d038 == 0) {
					E00453344("64-bit helper EXE wasn\'t extracted", _t126, _t141, 0x49d03c, _t150);
				}
				while(1) {
					 *0x49d03c =  *0x49d03c + 1;
					 *((intOrPtr*)(_t126 + 0x14)) = GetTickCount();
					if(QueryPerformanceCounter(_t141) == 0) {
						GetSystemTimeAsFileTime(_t141);
					}
					_v152 = GetCurrentProcessId();
					_v148 = 0;
					_v144 =  *0x49d03c;
					_v140 = 0;
					_v136 =  *((intOrPtr*)(_t126 + 0x14));
					_v132 = 0;
					_v128 = _t141->dwHighDateTime;
					_v124 = 0;
					_v120 = _t141->dwLowDateTime;
					_v116 = 0;
					E004078F4("\\\\.\\pipe\\InnoSetup64BitHelper-%.8x-%.8x-%.8x-%.8x%.8x", 4,  &_v152,  &_v16);
					_v20 = CreateNamedPipeA(E00403738(_v16), 0x40080003, 6, 1, 0x2000, 0x2000, 0, 0);
					if(_v20 != 0xffffffff) {
						break;
					}
					if(GetLastError() != 0xe7) {
						E0045349C("CreateNamedPipe");
					}
				}
				_push(_t145);
				_push(0x45887e);
				_push( *[fs:eax]);
				 *[fs:eax] = _t147;
				_v24 = CreateFileA(E00403738(_v16), 0xc0000000, 0,  &E0049AB24, 3, 0, 0);
				__eflags = _v24 - 0xffffffff;
				if(_v24 == 0xffffffff) {
					E0045349C("CreateFile");
				}
				_push(_t145);
				_push(0x45886d);
				_push( *[fs:eax]);
				 *[fs:eax] = _t147;
				_v28 = 2;
				_t82 = SetNamedPipeHandleState(_v24,  &_v28, 0, 0);
				__eflags = _t82;
				if(_t82 == 0) {
					E0045349C("SetNamedPipeHandleState");
				}
				E00402934( &_v96, 0x44);
				_v96.cb = 0x44;
				E0042D8C4( &_v156);
				_t90 = E00403738(_v156);
				_v176 = 0x69;
				_v172 = 0;
				_v168 = _v24;
				_v164 = 0;
				E004078F4("helper %d 0x%x", 1,  &_v176,  &_v160);
				_t96 = E00403738(_v160);
				_t97 =  *0x49d038; // 0x0
				_t99 = CreateProcessA(E00403738(_t97), _t96, 0, 0, 1, 0xc000000, 0, _t90,  &_v96,  &_v112);
				__eflags = _t99;
				if(_t99 == 0) {
					E0045349C("CreateProcess");
				}
				 *((char*)(_t126 + 4)) = 1;
				 *((char*)(_t126 + 5)) = 0;
				 *(_t126 + 8) = _v112.hProcess;
				 *((intOrPtr*)(_t126 + 0x10)) = _v112.dwProcessId;
				 *((intOrPtr*)(_t126 + 0xc)) = _v20;
				_v20 = 0;
				CloseHandle(_v112.hThread);
				_v184 =  *((intOrPtr*)(_t126 + 0x10));
				_v180 = 0;
				E00457F1C("Helper process PID: %u", _t126, 0,  &_v184, _t141, 0x49d03c);
				__eflags = 0;
				_pop(_t139);
				 *[fs:eax] = _t139;
				_push(E00458874);
				return CloseHandle(_v24);
			}







































                                                    0x004585c9
                                                    0x004585cb
                                                    0x004585d6
                                                    0x004585dc
                                                    0x004585e2
                                                    0x004585e5
                                                    0x004585ec
                                                    0x004585f1
                                                    0x004585f2
                                                    0x004585f7
                                                    0x004585fa
                                                    0x00458602
                                                    0x00458607
                                                    0x0045860e
                                                    0x00458615
                                                    0x00458615
                                                    0x0045861a
                                                    0x00458621
                                                    0x00458628
                                                    0x00458628
                                                    0x0045862d
                                                    0x0045862d
                                                    0x00458634
                                                    0x0045863f
                                                    0x00458642
                                                    0x00458642
                                                    0x00458650
                                                    0x00458656
                                                    0x0045865f
                                                    0x00458665
                                                    0x0045866f
                                                    0x00458675
                                                    0x0045867c
                                                    0x0045867f
                                                    0x00458685
                                                    0x00458688
                                                    0x0045869c
                                                    0x004586c6
                                                    0x004586cd
                                                    0x00000000
                                                    0x00000000
                                                    0x004586d9
                                                    0x004586e4
                                                    0x004586e4
                                                    0x004586d9
                                                    0x004586f0
                                                    0x004586f1
                                                    0x004586f6
                                                    0x004586f9
                                                    0x0045871c
                                                    0x0045871f
                                                    0x00458723
                                                    0x0045872a
                                                    0x0045872a
                                                    0x00458731
                                                    0x00458732
                                                    0x00458737
                                                    0x0045873a
                                                    0x0045873d
                                                    0x00458750
                                                    0x00458755
                                                    0x00458757
                                                    0x0045875e
                                                    0x0045875e
                                                    0x0045876d
                                                    0x00458772
                                                    0x00458787
                                                    0x00458792
                                                    0x004587ac
                                                    0x004587b6
                                                    0x004587c0
                                                    0x004587c6
                                                    0x004587dd
                                                    0x004587e8
                                                    0x004587ee
                                                    0x004587f9
                                                    0x004587fe
                                                    0x00458800
                                                    0x00458807
                                                    0x00458807
                                                    0x0045880c
                                                    0x00458810
                                                    0x00458817
                                                    0x0045881d
                                                    0x00458823
                                                    0x00458828
                                                    0x0045882f
                                                    0x00458837
                                                    0x0045883d
                                                    0x00458851
                                                    0x00458856
                                                    0x00458858
                                                    0x0045885b
                                                    0x0045885e
                                                    0x0045886c

                                                    APIs
                                                    • GetTickCount.KERNEL32 ref: 0045862F
                                                    • QueryPerformanceCounter.KERNEL32(00000000,00000000,004588C2,?,?,00000000,00000000,?,00458FBE,?,00000000,00000000), ref: 00458638
                                                    • GetSystemTimeAsFileTime.KERNEL32(00000000,00000000), ref: 00458642
                                                    • GetCurrentProcessId.KERNEL32(?,00000000,00000000,004588C2,?,?,00000000,00000000,?,00458FBE,?,00000000,00000000), ref: 0045864B
                                                    • CreateNamedPipeA.KERNEL32(00000000,40080003,00000006,00000001,00002000,00002000,00000000,00000000), ref: 004586C1
                                                    • GetLastError.KERNEL32(00000000,40080003,00000006,00000001,00002000,00002000,00000000,00000000,?,00000000,00000000), ref: 004586CF
                                                    • CreateFileA.KERNEL32(00000000,C0000000,00000000,0049AB24,00000003,00000000,00000000,00000000,0045887E), ref: 00458717
                                                    • SetNamedPipeHandleState.KERNEL32(000000FF,00000002,00000000,00000000,00000000,0045886D,?,00000000,C0000000,00000000,0049AB24,00000003,00000000,00000000,00000000,0045887E), ref: 00458750
                                                      • Part of subcall function 0042D8C4: GetSystemDirectoryA.KERNEL32 ref: 0042D8D7
                                                    • CreateProcessA.KERNEL32 ref: 004587F9
                                                    • CloseHandle.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000001,0C000000,00000000,00000000,00000044,?,000000FF,00000002,00000000,00000000), ref: 0045882F
                                                    • CloseHandle.KERNEL32(000000FF,00458874,?,00000000,00000000,00000001,0C000000,00000000,00000000,00000044,?,000000FF,00000002,00000000,00000000,00000000), ref: 00458867
                                                      • Part of subcall function 0045349C: GetLastError.KERNEL32(00000000,00454031,00000005,00000000,00454066,?,?,00000000,0049C628,00000004,00000000,00000000,00000000,?,004988E5,00000000), ref: 0045349F
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CreateHandle$CloseErrorFileLastNamedPipeProcessSystemTime$CountCounterCurrentDirectoryPerformanceQueryStateTick
                                                    • String ID: 64-bit helper EXE wasn't extracted$Cannot utilize 64-bit features on this version of Windows$CreateFile$CreateNamedPipe$CreateProcess$D$Helper process PID: %u$SetNamedPipeHandleState$Starting 64-bit helper process.$\\.\pipe\InnoSetup64BitHelper-%.8x-%.8x-%.8x-%.8x%.8x$helper %d 0x%x$i
                                                    • API String ID: 770386003-3271284199
                                                    • Opcode ID: 2e439d91bb2bc0df059e464c05c25920f638d62ef039cd5a1f0a9cc4d7afe18c
                                                    • Instruction ID: 2bf2c1a5785ca2e529196f6a5ffd0644dc0b7763769c2876684f7691b318427f
                                                    • Opcode Fuzzy Hash: 2e439d91bb2bc0df059e464c05c25920f638d62ef039cd5a1f0a9cc4d7afe18c
                                                    • Instruction Fuzzy Hash: 66710470E003449EDB11EB65CC45B9EB7F4EB05705F1084BAF904FB282DB7899488F69
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00478898, Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 94COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 74%
                                                    			E00478898(void* __eax, void* __ebx, DWORD* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				DWORD* _v8;
				char _v12;
				char _v16;
				void* _v20;
				long _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v72;
				char _v76;
				char* _t37;
				long _t40;
				intOrPtr _t69;
				void* _t72;
				void* _t74;
				void* _t75;
				intOrPtr _t76;

				_t70 = __edi;
				_t74 = _t75;
				_t76 = _t75 + 0xffffffb8;
				_push(__edi);
				_v12 = 0;
				_v16 = 0;
				_v8 = __ecx;
				_t72 = __edx;
				_t60 = __eax;
				_push(_t74);
				_push(0x4789e6);
				_push( *[fs:eax]);
				 *[fs:eax] = _t76;
				E00478704(__eax, __ecx,  &_v12);
				E004787DC( &_v16, _t60, __edi, _t72);
				E00402934( &_v76, 0x3c);
				_v76 = 0x3c;
				_v72 = 0x800540;
				_v64 = 0x4789f4;
				_v60 = E00403738(_v12);
				_v56 = E00403738(_t72);
				_v52 = E00403738(_v16);
				_v48 = 1;
				_t37 =  &_v76;
				_push(_t37);
				L0042CCA4();
				if(_t37 == 0) {
					if(GetLastError() == 0x4c7) {
						E00408BE0();
					}
					E0045349C("ShellExecuteEx");
				}
				_t80 = _v20;
				if(_v20 == 0) {
					E00453344("ShellExecuteEx returned hProcess=0", _t60, _t70, _t72, _t80);
				}
				_push(_t74);
				_push(0x4789c4);
				_push( *[fs:edx]);
				 *[fs:edx] = _t76;
				do {
					E00478424();
					_t40 = MsgWaitForMultipleObjects(1,  &_v20, 0, 0xffffffff, 0xff);
				} while (_t40 == 1);
				if(_t40 + 1 == 0) {
					E0045349C("MsgWaitForMultipleObjects");
				}
				E00478424();
				if(GetExitCodeProcess(_v20, _v8) == 0) {
					E0045349C("GetExitCodeProcess");
				}
				_pop(_t69);
				 *[fs:eax] = _t69;
				_push(E004789CB);
				return CloseHandle(_v20);
			}





















                                                    0x00478898
                                                    0x00478899
                                                    0x0047889b
                                                    0x004788a0
                                                    0x004788a3
                                                    0x004788a6
                                                    0x004788a9
                                                    0x004788ac
                                                    0x004788ae
                                                    0x004788b2
                                                    0x004788b3
                                                    0x004788b8
                                                    0x004788bb
                                                    0x004788c3
                                                    0x004788cb
                                                    0x004788da
                                                    0x004788df
                                                    0x004788e6
                                                    0x004788f2
                                                    0x004788fd
                                                    0x00478907
                                                    0x00478912
                                                    0x00478915
                                                    0x0047891c
                                                    0x0047891f
                                                    0x00478920
                                                    0x00478927
                                                    0x00478933
                                                    0x00478935
                                                    0x00478935
                                                    0x0047893f
                                                    0x0047893f
                                                    0x00478944
                                                    0x00478948
                                                    0x0047894f
                                                    0x0047894f
                                                    0x00478956
                                                    0x00478957
                                                    0x0047895c
                                                    0x0047895f
                                                    0x00478962
                                                    0x00478962
                                                    0x00478976
                                                    0x0047897b
                                                    0x00478981
                                                    0x00478988
                                                    0x00478988
                                                    0x0047898d
                                                    0x004789a1
                                                    0x004789a8
                                                    0x004789a8
                                                    0x004789af
                                                    0x004789b2
                                                    0x004789b5
                                                    0x004789c3

                                                    APIs
                                                      • Part of subcall function 00478704: GetModuleHandleA.KERNEL32(kernel32.dll,GetFinalPathNameByHandleA,021A2A54,?,?,?,021A2A54,004788C8,00000000,004789E6,?,?,-00000010,?), ref: 0047871D
                                                      • Part of subcall function 00478704: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00478723
                                                      • Part of subcall function 00478704: GetFileAttributesA.KERNEL32(00000000,00000000,kernel32.dll,GetFinalPathNameByHandleA,021A2A54,?,?,?,021A2A54,004788C8,00000000,004789E6,?,?,-00000010,?), ref: 00478736
                                                      • Part of subcall function 00478704: CreateFileA.KERNEL32(00000000,00000000,00000007,00000000,00000003,00000000,00000000,00000000,00000000,kernel32.dll,GetFinalPathNameByHandleA,021A2A54,?,?,?,021A2A54), ref: 00478760
                                                      • Part of subcall function 00478704: CloseHandle.KERNEL32(00000000,?,?,?,021A2A54,004788C8,00000000,004789E6,?,?,-00000010,?), ref: 0047877E
                                                      • Part of subcall function 004787DC: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,0047886E,?,?,?,021A2A54,?,004788D0,00000000,004789E6,?,?,-00000010,?), ref: 0047880C
                                                    • ShellExecuteEx.SHELL32(0000003C), ref: 00478920
                                                    • GetLastError.KERNEL32(00000000,004789E6,?,?,-00000010,?), ref: 00478929
                                                    • MsgWaitForMultipleObjects.USER32 ref: 00478976
                                                    • GetExitCodeProcess.KERNEL32 ref: 0047899A
                                                    • CloseHandle.KERNEL32(00000000,004789CB,00000000,00000000,000000FF,000000FF,00000000,004789C4,?,00000000,004789E6,?,?,-00000010,?), ref: 004789BE
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Handle$CloseFile$AddressAttributesCodeCreateCurrentDirectoryErrorExecuteExitLastModuleMultipleObjectsProcProcessShellWait
                                                    • String ID: <$GetExitCodeProcess$MsgWaitForMultipleObjects$ShellExecuteEx$ShellExecuteEx returned hProcess=0$runas
                                                    • API String ID: 883996979-221126205
                                                    • Opcode ID: ab954273edd387bf37095ca0a4e21e321cf1adc72b3c2f5bfa5e99950c490c1d
                                                    • Instruction ID: 52c0b85df27041ba1a2752735e5c03e18a5bd66cad03a31f77198c3576fe1549
                                                    • Opcode Fuzzy Hash: ab954273edd387bf37095ca0a4e21e321cf1adc72b3c2f5bfa5e99950c490c1d
                                                    • Instruction Fuzzy Hash: 243147F0A40205AEDB51EFA6C8496EEB6B8EF45318F50843FF518E7281DB7C4905CB5A
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00418384, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 58windowCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00418384(void* __eax) {
				struct _WINDOWPLACEMENT _v56;
				struct tagPOINT _v64;
				intOrPtr _v68;
				intOrPtr _t33;
				void* _t43;
				struct HWND__* _t49;
				struct tagPOINT* _t51;

				_t51 =  &(_v64.y);
				_t43 = __eax;
				if(IsIconic( *(__eax + 0xc0)) == 0) {
					GetWindowRect( *(_t43 + 0xc0), _t51);
				} else {
					_v56.length = 0x2c;
					GetWindowPlacement( *(_t43 + 0xc0),  &_v56);
					memcpy(_t51,  &(_v56.rcNormalPosition), 4 << 2);
					_t51 = _t51 + 0xc;
				}
				if((GetWindowLongA( *(_t43 + 0xc0), 0xfffffff0) & 0x40000000) != 0) {
					_t49 = GetWindowLongA( *(_t43 + 0xc0), 0xfffffff8);
					ScreenToClient(_t49, _t51);
					ScreenToClient(_t49,  &_v64);
				}
				 *(_t43 + 0x24) = _t51->x;
				 *((intOrPtr*)(_t43 + 0x28)) = _v68;
				 *((intOrPtr*)(_t43 + 0x2c)) = _v64.x - _t51->x;
				_t33 = _v64.y.x - _v68;
				 *((intOrPtr*)(_t43 + 0x30)) = _t33;
				return _t33;
			}










                                                    0x00418387
                                                    0x0041838a
                                                    0x0041839a
                                                    0x004183cc
                                                    0x0041839c
                                                    0x0041839c
                                                    0x004183b0
                                                    0x004183c0
                                                    0x004183c0
                                                    0x004183c0
                                                    0x004183e4
                                                    0x004183f4
                                                    0x004183f8
                                                    0x00418403
                                                    0x00418403
                                                    0x0041840b
                                                    0x00418412
                                                    0x0041841c
                                                    0x00418423
                                                    0x00418427
                                                    0x00418430

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Window$ClientLongScreen$IconicPlacementRect
                                                    • String ID: ,
                                                    • API String ID: 2266315723-3772416878
                                                    • Opcode ID: 093fbc58c9f2bb22a74bd7cb36b3f86111f4d6c014dbe9a16a5ffda61369e0f0
                                                    • Instruction ID: 8875a2d430ef8be2c5346fa25315cde737655516302bc4d2344e38a88124d083
                                                    • Opcode Fuzzy Hash: 093fbc58c9f2bb22a74bd7cb36b3f86111f4d6c014dbe9a16a5ffda61369e0f0
                                                    • Instruction Fuzzy Hash: 2B112B71505201ABEB00DF69C885F9B77E8AF48314F04067EFD58DB296D738D900CB65
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004555E4, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 41shutdownCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 91%
                                                    			E004555E4() {
				int _v4;
				struct _TOKEN_PRIVILEGES _v16;
				void* _v20;
				signed int _t6;

				if( *0x49a0dc != 2) {
					L5:
					_t6 = ExitWindowsEx(2, 0);
					asm("sbb eax, eax");
					return  ~( ~_t6);
				}
				if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v20) != 0) {
					LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v16.Privileges));
					_v16.PrivilegeCount = 1;
					_v4 = 2;
					AdjustTokenPrivileges(_v20, 0,  &_v16, 0, 0, 0);
					if(GetLastError() == 0) {
						goto L5;
					}
					return 0;
				}
				return 0;
			}







                                                    0x004555ee
                                                    0x0045564b
                                                    0x0045564f
                                                    0x00455656
                                                    0x00000000
                                                    0x00455658
                                                    0x00455600
                                                    0x00455612
                                                    0x00455617
                                                    0x0045561f
                                                    0x00455639
                                                    0x00455645
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00455647
                                                    0x00000000

                                                    APIs
                                                    • GetCurrentProcess.KERNEL32(00000028), ref: 004555F3
                                                    • OpenProcessToken.ADVAPI32(00000000,00000028), ref: 004555F9
                                                    • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,00000028), ref: 00455612
                                                    • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000002,00000000,00000000,00000000), ref: 00455639
                                                    • GetLastError.KERNEL32(?,00000000,00000002,00000000,00000000,00000000), ref: 0045563E
                                                    • ExitWindowsEx.USER32 ref: 0045564F
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: ProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
                                                    • String ID: SeShutdownPrivilege
                                                    • API String ID: 107509674-3733053543
                                                    • Opcode ID: 7edfcf9cc11a03a5d38e9ca1be1e40f7490575bd2a4dde823e12e2a46e911632
                                                    • Instruction ID: 0962c3bd28717059a66d7edd8a60bb9ec64b33e91818a01feebfb328f8f752a0
                                                    • Opcode Fuzzy Hash: 7edfcf9cc11a03a5d38e9ca1be1e40f7490575bd2a4dde823e12e2a46e911632
                                                    • Instruction Fuzzy Hash: 0BF0C870294B41B9E610AA718C17F3B21C89B40709F80083ABD05E90D3D7BCD40C4A2E
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004985E4, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 90fileCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 63%
                                                    			E004985E4(void* __eax, void* __ebx, void* __ecx, void* __edi, void* __esi) {
				void* _v8;
				char _v12;
				struct _WIN32_FIND_DATAA _v332;
				char _v336;
				void* _t61;
				intOrPtr _t73;
				intOrPtr _t75;
				signed int _t80;
				void* _t83;
				void* _t84;
				intOrPtr _t85;

				_t83 = _t84;
				_t85 = _t84 + 0xfffffeb4;
				_v336 = 0;
				_v12 = 0;
				_t61 = __eax;
				_push(_t83);
				_push(0x498722);
				_push( *[fs:eax]);
				 *[fs:eax] = _t85;
				E00403494( &_v336, __eax);
				E0040357C( &_v336, "isRS-???.tmp");
				_v8 = FindFirstFileA(E00403738(_v336),  &_v332);
				if(_v8 == 0xffffffff) {
					_pop(_t73);
					 *[fs:eax] = _t73;
					_push(E00498729);
					E00403400( &_v336);
					return E00403400( &_v12);
				} else {
					_push(_t83);
					_push(0x4986fa);
					_push( *[fs:eax]);
					 *[fs:eax] = _t85;
					do {
						if(E00407458( &(_v332.cFileName), 5, "isRS-") == 0 && (_v332.dwFileAttributes & 0x00000010) == 0) {
							E0040355C( &_v336, 0x104,  &(_v332.cFileName));
							E004035C0( &_v12, _v336, _t61);
							_t80 = _v332.dwFileAttributes;
							if((_t80 & 0x00000001) != 0) {
								SetFileAttributesA(E00403738(_v12), _t80 & 0xfffffffe);
							}
							E00406F50(_v12);
						}
					} while (FindNextFileA(_v8,  &_v332) != 0);
					_pop(_t75);
					 *[fs:eax] = _t75;
					_push(E00498701);
					return FindClose(_v8);
				}
			}














                                                    0x004985e5
                                                    0x004985e7
                                                    0x004985f2
                                                    0x004985f8
                                                    0x004985fb
                                                    0x004985ff
                                                    0x00498600
                                                    0x00498605
                                                    0x00498608
                                                    0x0049861a
                                                    0x0049862a
                                                    0x00498640
                                                    0x00498647
                                                    0x00498703
                                                    0x00498706
                                                    0x00498709
                                                    0x00498714
                                                    0x00498721
                                                    0x0049864d
                                                    0x0049864f
                                                    0x00498650
                                                    0x00498655
                                                    0x00498658
                                                    0x0049865b
                                                    0x00498672
                                                    0x0049868e
                                                    0x0049869e
                                                    0x004986a3
                                                    0x004986af
                                                    0x004986be
                                                    0x004986be
                                                    0x004986c6
                                                    0x004986c6
                                                    0x004986db
                                                    0x004986e5
                                                    0x004986e8
                                                    0x004986eb
                                                    0x004986f9
                                                    0x004986f9

                                                    APIs
                                                    • FindFirstFileA.KERNEL32(00000000,?,00000000,00498722,?,?,00000000,0049C628,?,004988AC,00000000,00498900,?,?,00000000,0049C628), ref: 0049863B
                                                    • SetFileAttributesA.KERNEL32(00000000,00000010), ref: 004986BE
                                                    • FindNextFileA.KERNEL32(000000FF,?,00000000,004986FA,?,00000000,?,00000000,00498722,?,?,00000000,0049C628,?,004988AC,00000000), ref: 004986D6
                                                    • FindClose.KERNEL32(000000FF,00498701,004986FA,?,00000000,?,00000000,00498722,?,?,00000000,0049C628,?,004988AC,00000000,00498900), ref: 004986F4
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: FileFind$AttributesCloseFirstNext
                                                    • String ID: isRS-$isRS-???.tmp
                                                    • API String ID: 134685335-3422211394
                                                    • Opcode ID: aca82d085eca5ec992dac592c6efe1d640d392043dc00a9bf52eeca040a23103
                                                    • Instruction ID: 80859704ccdb1d23d9c3006f8c9fb9361beafdb06de4d3c721a10bf0d833455f
                                                    • Opcode Fuzzy Hash: aca82d085eca5ec992dac592c6efe1d640d392043dc00a9bf52eeca040a23103
                                                    • Instruction Fuzzy Hash: E6316A719016189FCF10EF69CC41ADEBBBCDB46315F5084FBA908A72A1DB3C9E458E58
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00457594, Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 241windownativeCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 59%
                                                    			E00457594(void* __ebx, intOrPtr* __edx, void* __edi, void* __esi) {
				intOrPtr* _v8;
				char _v12;
				char _v16;
				char _v144;
				intOrPtr _v148;
				intOrPtr _v152;
				intOrPtr _v156;
				char _v164;
				char _v168;
				void* _t57;
				intOrPtr* _t59;
				signed int _t75;
				intOrPtr _t80;
				void* _t107;
				void* _t110;
				intOrPtr _t111;
				intOrPtr _t122;
				intOrPtr _t125;
				signed int _t156;
				intOrPtr _t162;
				signed int _t163;
				intOrPtr _t168;
				intOrPtr _t169;
				intOrPtr _t170;
				intOrPtr _t171;
				intOrPtr _t172;
				signed int _t175;
				intOrPtr _t179;
				intOrPtr _t184;
				void* _t189;
				void* _t190;
				intOrPtr _t191;

				_t187 = __esi;
				_t186 = __edi;
				_t189 = _t190;
				_t191 = _t190 + 0xffffff5c;
				_push(__esi);
				_push(__edi);
				_v168 = 0;
				_v12 = 0;
				_v16 = 0;
				_v8 = __edx;
				_push(_t189);
				_push(0x45795d);
				_push( *[fs:eax]);
				 *[fs:eax] = _t191;
				_push(_t189);
				_push(0x457921);
				_push( *[fs:edx]);
				 *[fs:edx] = _t191;
				_t125 =  *_v8;
				_t57 = _t125 - 0x4a;
				if(_t57 == 0) {
					_t59 =  *((intOrPtr*)(_v8 + 8));
					_t156 =  *_t59 - 0x800;
					__eflags = _t156;
					if(_t156 == 0) {
						_push(_t189);
						_push(0x457742);
						_push( *[fs:edx]);
						 *[fs:edx] = _t191;
						__eflags =  *(_t59 + 4);
						E004034E0( &_v12,  *(_t59 + 4) >> 0,  *((intOrPtr*)(_t59 + 8)),  *(_t59 + 4));
						_push(_t189);
						_push(0x457700);
						_push( *[fs:eax]);
						 *[fs:eax] = _t191;
						 *0x49d47c =  *0x49d47c + 1;
						_push(_t189);
						_push(0x4576e5);
						_push( *[fs:eax]);
						 *[fs:eax] = _t191;
						E0047C648(_v12,  *(_t59 + 4) >> 0,  &_v16);
						_pop(_t162);
						 *[fs:eax] = _t162;
						_push(E004576EC);
						 *0x49d47c =  *0x49d47c - 1;
						__eflags =  *0x49d47c;
						return 0;
					} else {
						_t163 = _t156 - 1;
						__eflags = _t163;
						if(_t163 == 0) {
							_push(_t189);
							_push(0x457836);
							_push( *[fs:edx]);
							 *[fs:edx] = _t191;
							E00402738( *((intOrPtr*)(_t59 + 8)), 0x94,  &_v164);
							_push(_t189);
							_push(0x4577f4);
							_push( *[fs:eax]);
							 *[fs:eax] = _t191;
							__eflags =  *0x49d488;
							if( *0x49d488 == 0) {
								E00408C0C("Cannot evaluate variable because [Code] isn\'t running yet", 1);
								E0040311C();
							}
							E0040355C( &_v168, 0x80,  &_v144);
							_t75 =  *0x49d488; // 0x0
							E00495568(_t75, _t125, _v152, _v156, _t186, _t187,  &_v16, _v168, _v148);
							 *((intOrPtr*)(_v8 + 0xc)) = 1;
							_pop(_t168);
							 *[fs:eax] = _t168;
							_t169 =  *0x49d01c; // 0x0
							_t80 =  *0x49d018; // 0x0
							E004312D8(_t80, _t125, 0x700, _t169, _t186, _t187, _v16);
							_pop(_t170);
							 *[fs:eax] = _t170;
						} else {
							_t175 = _t163 - 1;
							__eflags = _t175;
							if(_t175 == 0) {
								_push(_t189);
								_push(0x457892);
								_push( *[fs:edx]);
								 *[fs:edx] = _t191;
								E00403400(0x49d010);
								__eflags =  *( *((intOrPtr*)(_v8 + 8)) + 4);
								E004034E0(0x49d010,  *( *((intOrPtr*)(_v8 + 8)) + 4) >> 0,  *((intOrPtr*)( *((intOrPtr*)(_v8 + 8)) + 8)),  *( *((intOrPtr*)(_v8 + 8)) + 4));
								 *((intOrPtr*)(_v8 + 0xc)) = 1;
								_pop(_t179);
								 *[fs:eax] = _t179;
							} else {
								__eflags = _t175 == 1;
								if(_t175 == 1) {
									_push(_t189);
									_push(0x4578e8);
									_push( *[fs:edx]);
									 *[fs:edx] = _t191;
									E00403400(0x49d014);
									__eflags =  *( *((intOrPtr*)(_v8 + 8)) + 4);
									E004034E0(0x49d014,  *( *((intOrPtr*)(_v8 + 8)) + 4) >> 0,  *((intOrPtr*)( *((intOrPtr*)(_v8 + 8)) + 8)),  *( *((intOrPtr*)(_v8 + 8)) + 4));
									 *((intOrPtr*)(_v8 + 0xc)) = 1;
									_pop(_t184);
									 *[fs:eax] = _t184;
								}
							}
						}
						goto L21;
					}
				} else {
					_t107 = _t57 - 0xbb6;
					if(_t107 == 0) {
						 *0x49d00c = 0;
						 *0x49d018 = 0;
						 *0x49d020 = 1;
						 *0x49d021 = 0;
						PostMessageA(0, 0, 0, 0);
					} else {
						_t110 = _t107 - 1;
						if(_t110 == 0) {
							 *0x49d020 = 1;
							_t111 = _v8;
							__eflags =  *((intOrPtr*)(_t111 + 4)) - 1;
							 *0x49d021 =  *((intOrPtr*)(_t111 + 4)) == 1;
							PostMessageA(0, 0, 0, 0);
						} else {
							if(_t110 == 2) {
								SetForegroundWindow( *(_v8 + 4));
							} else {
								_push( *((intOrPtr*)(_v8 + 8)));
								_push( *(_v8 + 4));
								_push(_t125);
								_t122 =  *0x49d01c; // 0x0
								_push(_t122);
								L00405E04();
								 *((intOrPtr*)(_v8 + 0xc)) = _t122;
							}
						}
					}
					L21:
					_pop(_t171);
					 *[fs:eax] = _t171;
					_pop(_t172);
					 *[fs:eax] = _t172;
					_push(E00457964);
					E00403400( &_v168);
					return E00403420( &_v16, 2);
				}
			}



































                                                    0x00457594
                                                    0x00457594
                                                    0x00457595
                                                    0x00457597
                                                    0x0045759e
                                                    0x0045759f
                                                    0x004575a2
                                                    0x004575a8
                                                    0x004575ab
                                                    0x004575ae
                                                    0x004575b3
                                                    0x004575b4
                                                    0x004575b9
                                                    0x004575bc
                                                    0x004575c1
                                                    0x004575c2
                                                    0x004575c7
                                                    0x004575ca
                                                    0x004575d0
                                                    0x004575d4
                                                    0x004575d7
                                                    0x00457656
                                                    0x0045765b
                                                    0x0045765b
                                                    0x00457661
                                                    0x0045767f
                                                    0x00457680
                                                    0x00457685
                                                    0x00457688
                                                    0x00457691
                                                    0x0045769f
                                                    0x004576a6
                                                    0x004576a7
                                                    0x004576ac
                                                    0x004576af
                                                    0x004576b2
                                                    0x004576ba
                                                    0x004576bb
                                                    0x004576c0
                                                    0x004576c3
                                                    0x004576cc
                                                    0x004576d3
                                                    0x004576d6
                                                    0x004576d9
                                                    0x004576de
                                                    0x004576de
                                                    0x004576e4
                                                    0x00457663
                                                    0x00457663
                                                    0x00457663
                                                    0x00457664
                                                    0x00457753
                                                    0x00457754
                                                    0x00457759
                                                    0x0045775c
                                                    0x00457770
                                                    0x00457777
                                                    0x00457778
                                                    0x0045777d
                                                    0x00457780
                                                    0x00457783
                                                    0x0045778a
                                                    0x00457798
                                                    0x0045779d
                                                    0x0045779d
                                                    0x004577ba
                                                    0x004577d6
                                                    0x004577db
                                                    0x004577e3
                                                    0x004577ec
                                                    0x004577ef
                                                    0x00457819
                                                    0x0045781f
                                                    0x00457824
                                                    0x0045782b
                                                    0x0045782e
                                                    0x0045766a
                                                    0x0045766a
                                                    0x0045766a
                                                    0x0045766b
                                                    0x00457847
                                                    0x00457848
                                                    0x0045784d
                                                    0x00457850
                                                    0x00457858
                                                    0x00457866
                                                    0x00457876
                                                    0x0045787e
                                                    0x00457887
                                                    0x0045788a
                                                    0x00457671
                                                    0x00457671
                                                    0x00457672
                                                    0x004578a0
                                                    0x004578a1
                                                    0x004578a6
                                                    0x004578a9
                                                    0x004578b1
                                                    0x004578bf
                                                    0x004578cf
                                                    0x004578d7
                                                    0x004578e0
                                                    0x004578e3
                                                    0x004578e3
                                                    0x00457672
                                                    0x0045766b
                                                    0x00000000
                                                    0x00457664
                                                    0x004575d9
                                                    0x004575d9
                                                    0x004575de
                                                    0x004575ed
                                                    0x004575f6
                                                    0x004575fb
                                                    0x00457602
                                                    0x00457611
                                                    0x004575e0
                                                    0x004575e0
                                                    0x004575e1
                                                    0x0045761b
                                                    0x00457622
                                                    0x00457625
                                                    0x00457629
                                                    0x00457638
                                                    0x004575e3
                                                    0x004575e6
                                                    0x00457649
                                                    0x004575e8
                                                    0x004578fa
                                                    0x00457901
                                                    0x00457905
                                                    0x00457906
                                                    0x0045790b
                                                    0x0045790c
                                                    0x00457914
                                                    0x00457914
                                                    0x004575e6
                                                    0x004575e1
                                                    0x00457917
                                                    0x00457919
                                                    0x0045791c
                                                    0x00457939
                                                    0x0045793c
                                                    0x0045793f
                                                    0x0045794a
                                                    0x0045795c
                                                    0x0045795c

                                                    APIs
                                                    • PostMessageA.USER32 ref: 00457611
                                                    • PostMessageA.USER32 ref: 00457638
                                                    • SetForegroundWindow.USER32(?,00000000,00457921,?,00000000,0045795D), ref: 00457649
                                                    • NtdllDefWindowProc_A.USER32(00000000,?,?,?,00000000,00457921,?,00000000,0045795D), ref: 0045790C
                                                    Strings
                                                    • Cannot evaluate variable because [Code] isn't running yet, xrefs: 0045778C
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: MessagePostWindow$ForegroundNtdllProc_
                                                    • String ID: Cannot evaluate variable because [Code] isn't running yet
                                                    • API String ID: 2236967946-3182603685
                                                    • Opcode ID: 21f43ac4e9fdf207978071d328cafa06cbcaad609ac2d283a9b81da77289ecc1
                                                    • Instruction ID: 2f5857e1df9ead339aa620d4c3f6a36f667527057927d99a91d4b86bc2c14e6e
                                                    • Opcode Fuzzy Hash: 21f43ac4e9fdf207978071d328cafa06cbcaad609ac2d283a9b81da77289ecc1
                                                    • Instruction Fuzzy Hash: 7891E134608204DFEB15CF59E951F5ABBF5EB8D304F2184BAED0497792C638AE05DB28
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00417CD0, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 76windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • IsIconic.USER32 ref: 00417D0F
                                                    • SetWindowPos.USER32(?,00000000,?,?,?,?,00000014,?), ref: 00417D2D
                                                    • GetWindowPlacement.USER32(?,0000002C), ref: 00417D63
                                                    • SetWindowPlacement.USER32(?,0000002C,?,0000002C), ref: 00417D8A
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Window$Placement$Iconic
                                                    • String ID: ,
                                                    • API String ID: 568898626-3772416878
                                                    • Opcode ID: c97a19e10a8a035096ba50bab8b979699742d4b68dace37a45aae527b270654f
                                                    • Instruction ID: e85585575f8c5a3e7823c55acc6b28d6d187d41511fbfc80546af44b70413e2d
                                                    • Opcode Fuzzy Hash: c97a19e10a8a035096ba50bab8b979699742d4b68dace37a45aae527b270654f
                                                    • Instruction Fuzzy Hash: 4C2112716042089BDF10EF69D8C1AEA77B8AF48314F05456AFD18DF346D678DD84CBA8
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00464158, Relevance: 7.6, APIs: 5, Instructions: 129fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetErrorMode.KERNEL32(00000001,00000000,0046433F), ref: 004641CD
                                                    • FindFirstFileA.KERNEL32(00000000,?,00000000,0046430A,?,00000001,00000000,0046433F), ref: 00464213
                                                    • FindNextFileA.KERNEL32(000000FF,?,00000000,004642EC,?,00000000,?,00000000,0046430A,?,00000001,00000000,0046433F), ref: 004642C8
                                                    • FindClose.KERNEL32(000000FF,004642F3,004642EC,?,00000000,?,00000000,0046430A,?,00000001,00000000,0046433F), ref: 004642E6
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Find$File$CloseErrorFirstModeNext
                                                    • String ID:
                                                    • API String ID: 4011626565-0
                                                    • Opcode ID: fe53deec0299ddf45d3126ab65bf8e77fd5868d0d83a6a96cfb3a8f4e9be1e44
                                                    • Instruction ID: 9d9184480f8630aada0b530c6bd54f2fc26159d28d851f3c8c43bf9f92f270d6
                                                    • Opcode Fuzzy Hash: fe53deec0299ddf45d3126ab65bf8e77fd5868d0d83a6a96cfb3a8f4e9be1e44
                                                    • Instruction Fuzzy Hash: 77418370A00A18DBCF10EFA5DC959DEB7B8EB88305F5044AAF804A7341E7789E448E59
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00463CDC, Relevance: 7.6, APIs: 5, Instructions: 129fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetErrorMode.KERNEL32(00000001,00000000,00463E99), ref: 00463D0D
                                                    • FindFirstFileA.KERNEL32(00000000,?,00000000,00463E6C,?,00000001,00000000,00463E99), ref: 00463D9C
                                                    • FindNextFileA.KERNEL32(000000FF,?,00000000,00463E4E,?,00000000,?,00000000,00463E6C,?,00000001,00000000,00463E99), ref: 00463E2E
                                                    • FindClose.KERNEL32(000000FF,00463E55,00463E4E,?,00000000,?,00000000,00463E6C,?,00000001,00000000,00463E99), ref: 00463E48
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Find$File$CloseErrorFirstModeNext
                                                    • String ID:
                                                    • API String ID: 4011626565-0
                                                    • Opcode ID: 68b7ed5896cbad3c6b087a1ab1bd9ced5ca8f59ad208d49b2cf3b3f13da962e9
                                                    • Instruction ID: 85e7d80bc36d7b3e80fea797042c039a90a2821ca6a16b1e557570abf42aa49f
                                                    • Opcode Fuzzy Hash: 68b7ed5896cbad3c6b087a1ab1bd9ced5ca8f59ad208d49b2cf3b3f13da962e9
                                                    • Instruction Fuzzy Hash: 3A41B770A00A589FCB11EF65CC45ADEB7B8EB88705F4044BAF404A7381E67D9F48CE59
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0042E934, Relevance: 7.6, APIs: 5, Instructions: 50fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileA.KERNEL32(00000000,C0000000,00000001,00000000,00000003,02000000,00000000,?,?,?,?,00452F3F,00000000,00452F60), ref: 0042E956
                                                    • DeviceIoControl.KERNEL32 ref: 0042E981
                                                    • GetLastError.KERNEL32(00000000,0009C040,?,00000002,00000000,00000000,?,00000000,00000000,C0000000,00000001,00000000,00000003,02000000,00000000), ref: 0042E98E
                                                    • CloseHandle.KERNEL32(00000000,00000000,0009C040,?,00000002,00000000,00000000,?,00000000,00000000,C0000000,00000001,00000000,00000003,02000000,00000000), ref: 0042E996
                                                    • SetLastError.KERNEL32(00000000,00000000,00000000,0009C040,?,00000002,00000000,00000000,?,00000000,00000000,C0000000,00000001,00000000,00000003,02000000), ref: 0042E99C
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: ErrorLast$CloseControlCreateDeviceFileHandle
                                                    • String ID:
                                                    • API String ID: 1177325624-0
                                                    • Opcode ID: ee59bea8a4aaf0f7d5082fffd9147f4968d42f177d0d423473c0ce8d554f826d
                                                    • Instruction ID: 013f2dc7f49162440c3438d6a7b95a09da9df1f91c5a42efe57d27a03fa2289a
                                                    • Opcode Fuzzy Hash: ee59bea8a4aaf0f7d5082fffd9147f4968d42f177d0d423473c0ce8d554f826d
                                                    • Instruction Fuzzy Hash: B3F06DB23916203AF620B17A5C86F6F418C8B89B68F10423BBA04FF1D1D5A89D0615AE
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00483D18, Relevance: 6.0, APIs: 4, Instructions: 47windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • IsIconic.USER32 ref: 00483D56
                                                    • GetWindowLongA.USER32 ref: 00483D74
                                                    • ShowWindow.USER32(00000000,00000005,00000000,000000F0,0049D0A8,00483232,00483266,00000000,00483286,?,?,?,0049D0A8), ref: 00483D96
                                                    • ShowWindow.USER32(00000000,00000000,00000000,000000F0,0049D0A8,00483232,00483266,00000000,00483286,?,?,?,0049D0A8), ref: 00483DAA
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Window$Show$IconicLong
                                                    • String ID:
                                                    • API String ID: 2754861897-0
                                                    • Opcode ID: 389f8ce0739bf852d84ac54ad69fa6dbb4ffb62abd6d9979117d70a3584cbf3c
                                                    • Instruction ID: 57b8ba767bb14856b53862c67dbaf1bd9829d4355129962855c6674791d41db7
                                                    • Opcode Fuzzy Hash: 389f8ce0739bf852d84ac54ad69fa6dbb4ffb62abd6d9979117d70a3584cbf3c
                                                    • Instruction Fuzzy Hash: D6012171A01200AFDB10BF258D4AB5A37C96B14749F48087BB8049F2A3CA6DDEC6871C
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00462750, Relevance: 4.6, APIs: 3, Instructions: 67fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • FindFirstFileA.KERNEL32(00000000,?,00000000,00462824), ref: 004627A8
                                                    • FindNextFileA.KERNEL32(000000FF,?,00000000,00462804,?,00000000,?,00000000,00462824), ref: 004627E4
                                                    • FindClose.KERNEL32(000000FF,0046280B,00462804,?,00000000,?,00000000,00462824), ref: 004627FE
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Find$File$CloseFirstNext
                                                    • String ID:
                                                    • API String ID: 3541575487-0
                                                    • Opcode ID: d188bb3d38afdee81782bf293e4d600490e584a3cc1e4d2a886f38cd26ee84d6
                                                    • Instruction ID: e6acefadc91213b77ea930f6be1f86c6134c8588622ee3d3acab995ed1c325b6
                                                    • Opcode Fuzzy Hash: d188bb3d38afdee81782bf293e4d600490e584a3cc1e4d2a886f38cd26ee84d6
                                                    • Instruction Fuzzy Hash: 87210831904B08BECB11EB65CC41ACEB7ACDB49304F5084B7E808E32A1F6789E44CE69
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004241DC, Relevance: 4.5, APIs: 3, Instructions: 32windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • IsIconic.USER32 ref: 004241E4
                                                    • SetActiveWindow.USER32(?,?,?,?,0046CDAB), ref: 004241F1
                                                      • Part of subcall function 0042364C: ShowWindow.USER32(00410460,00000009,?,00000000,0041EDA4,0042393A,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00000000), ref: 00423667
                                                      • Part of subcall function 00423B14: SetWindowPos.USER32(00000000,000000FF,00000000,00000000,00000000,00000000,00000013,?,021A2410,0042420A,?,?,?,?,0046CDAB), ref: 00423B4F
                                                    • SetFocus.USER32(00000000,?,?,?,?,0046CDAB), ref: 0042421E
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Window$ActiveFocusIconicShow
                                                    • String ID:
                                                    • API String ID: 649377781-0
                                                    • Opcode ID: 53192fbc2d376408b6a7592020268cf0f19ef0554392b866cb21d045f5b5e384
                                                    • Instruction ID: 6cf1072edfdcbdc10be5342105da43d08ebac29b83130216d88bebc3c0a9f649
                                                    • Opcode Fuzzy Hash: 53192fbc2d376408b6a7592020268cf0f19ef0554392b866cb21d045f5b5e384
                                                    • Instruction Fuzzy Hash: D0F030B170012097CB10BFAA98C5B9676A8AB48344F5500BBBD05DF357CA7CDC018778
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00417CCE, Relevance: 3.0, APIs: 2, Instructions: 49windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • IsIconic.USER32 ref: 00417D0F
                                                    • SetWindowPos.USER32(?,00000000,?,?,?,?,00000014,?), ref: 00417D2D
                                                    • GetWindowPlacement.USER32(?,0000002C), ref: 00417D63
                                                    • SetWindowPlacement.USER32(?,0000002C,?,0000002C), ref: 00417D8A
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Window$Placement$Iconic
                                                    • String ID:
                                                    • API String ID: 568898626-0
                                                    • Opcode ID: 9ef793f64476ba3670797da2b61b23caf71dafcf449f40e3f64fdc7b9d7188a5
                                                    • Instruction ID: d9358ea7cd183770b33139a8ac7b7a0a70302bd2c01e5fc8313c3e2814ac7f2c
                                                    • Opcode Fuzzy Hash: 9ef793f64476ba3670797da2b61b23caf71dafcf449f40e3f64fdc7b9d7188a5
                                                    • Instruction Fuzzy Hash: 33012C71204108ABDB10EE59D8C1EF673A8AF45724F154566FD19DF242D639ED8087A8
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00417598, Relevance: 3.0, APIs: 2, Instructions: 44windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CaptureIconic
                                                    • String ID:
                                                    • API String ID: 2277910766-0
                                                    • Opcode ID: 7fa27b407c95a580b40b80c825161d04fdb91ada3891ed934125e399eda476fd
                                                    • Instruction ID: 8aba3c17a51676f3c591df3a769934e6fada85f5983ed2975779da0f1d736f23
                                                    • Opcode Fuzzy Hash: 7fa27b407c95a580b40b80c825161d04fdb91ada3891ed934125e399eda476fd
                                                    • Instruction Fuzzy Hash: 95F0A4723056425BD730AB2EC884AA762F69F84314B14403BE419CBFA1EA3CDCC08798
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00424194, Relevance: 3.0, APIs: 2, Instructions: 22windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • IsIconic.USER32 ref: 0042419B
                                                      • Part of subcall function 00423A84: EnumWindows.USER32(00423A1C), ref: 00423AA8
                                                      • Part of subcall function 00423A84: GetWindow.USER32(?,00000003), ref: 00423ABD
                                                      • Part of subcall function 00423A84: GetWindowLongA.USER32 ref: 00423ACC
                                                      • Part of subcall function 00423A84: SetWindowPos.USER32(00000000,\AB,00000000,00000000,00000000,00000000,00000013,?,000000EC,?,?,?,004241AB,?,?,00423D73), ref: 00423B02
                                                    • SetActiveWindow.USER32(?,?,?,00423D73,00000000,0042415C), ref: 004241AF
                                                      • Part of subcall function 0042364C: ShowWindow.USER32(00410460,00000009,?,00000000,0041EDA4,0042393A,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00000000), ref: 00423667
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Window$ActiveEnumIconicLongShowWindows
                                                    • String ID:
                                                    • API String ID: 2671590913-0
                                                    • Opcode ID: b2ff140757208bd7b7cc33ac29151dbeb423d1cdddd3b288bc041a56f1810338
                                                    • Instruction ID: ce5d4440ec1c13bcfda566247f28ea27228b22b89c70f7a48f218b5e8bc86154
                                                    • Opcode Fuzzy Hash: b2ff140757208bd7b7cc33ac29151dbeb423d1cdddd3b288bc041a56f1810338
                                                    • Instruction Fuzzy Hash: 55E01AA070011087DB10AFAADCC8B9632A9BB48304F55017ABD49CF35BD63CC8608724
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004125D8, Relevance: 1.7, APIs: 1, Instructions: 188nativeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • NtdllDefWindowProc_A.USER32(?,?,?,?,00000000,004127D5), ref: 004127C3
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: NtdllProc_Window
                                                    • String ID:
                                                    • API String ID: 4255912815-0
                                                    • Opcode ID: 128bb4b92800594a1459087a1f0d5ef86ddf6eeaadcc19829f9fce1bd56f17a0
                                                    • Instruction ID: d615f29355be4e01b6e220915eca320fe799af87d388166cc169c2c15004e021
                                                    • Opcode Fuzzy Hash: 128bb4b92800594a1459087a1f0d5ef86ddf6eeaadcc19829f9fce1bd56f17a0
                                                    • Instruction Fuzzy Hash: 7B5102357082048FD710DB6ADA80A9BF3E5EF98314B2082BBD814C77A1D7B8AD91C75C
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00478E54, Relevance: 1.6, APIs: 1, Instructions: 107nativeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • NtdllDefWindowProc_A.USER32(?,?,?,?), ref: 00478FA2
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: NtdllProc_Window
                                                    • String ID:
                                                    • API String ID: 4255912815-0
                                                    • Opcode ID: 9f4bc2859a77e0b3395063e10eed87cd9d0c87c041aac7c656590464d038292f
                                                    • Instruction ID: 812dc23779c06e4c9e492650aad51c0d53e2f15d0cf78477df5b2a81f8941c1c
                                                    • Opcode Fuzzy Hash: 9f4bc2859a77e0b3395063e10eed87cd9d0c87c041aac7c656590464d038292f
                                                    • Instruction Fuzzy Hash: 7A416975604105DFCB10CF99C6888AAB7F6FB48310B24C99AE80CEB701D738EE41DB59
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0044B658, Relevance: 166.5, APIs: 48, Strings: 47, Instructions: 252libraryloaderCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E0044B658() {
				signed int _t3;

				 *0x49c768 =  *0x49c768 + 1;
				if( *0x49c764 == 0) {
					_t3 = E0044B604();
					if(_t3 != 0) {
						_t3 = LoadLibraryA("uxtheme.dll");
						 *0x49c764 = _t3;
						if( *0x49c764 != 0) {
							 *0x49c6a8 = GetProcAddress( *0x49c764, "OpenThemeData");
							 *0x49c6ac = GetProcAddress( *0x49c764, "CloseThemeData");
							 *0x49c6b0 = GetProcAddress( *0x49c764, "DrawThemeBackground");
							 *0x49c6b4 = GetProcAddress( *0x49c764, "DrawThemeText");
							 *0x49c6b8 = GetProcAddress( *0x49c764, "GetThemeBackgroundContentRect");
							 *0x49c6bc = GetProcAddress( *0x49c764, "GetThemeBackgroundContentRect");
							 *0x49c6c0 = GetProcAddress( *0x49c764, "GetThemePartSize");
							 *0x49c6c4 = GetProcAddress( *0x49c764, "GetThemeTextExtent");
							 *0x49c6c8 = GetProcAddress( *0x49c764, "GetThemeTextMetrics");
							 *0x49c6cc = GetProcAddress( *0x49c764, "GetThemeBackgroundRegion");
							 *0x49c6d0 = GetProcAddress( *0x49c764, "HitTestThemeBackground");
							 *0x49c6d4 = GetProcAddress( *0x49c764, "DrawThemeEdge");
							 *0x49c6d8 = GetProcAddress( *0x49c764, "DrawThemeIcon");
							 *0x49c6dc = GetProcAddress( *0x49c764, "IsThemePartDefined");
							 *0x49c6e0 = GetProcAddress( *0x49c764, "IsThemeBackgroundPartiallyTransparent");
							 *0x49c6e4 = GetProcAddress( *0x49c764, "GetThemeColor");
							 *0x49c6e8 = GetProcAddress( *0x49c764, "GetThemeMetric");
							 *0x49c6ec = GetProcAddress( *0x49c764, "GetThemeString");
							 *0x49c6f0 = GetProcAddress( *0x49c764, "GetThemeBool");
							 *0x49c6f4 = GetProcAddress( *0x49c764, "GetThemeInt");
							 *0x49c6f8 = GetProcAddress( *0x49c764, "GetThemeEnumValue");
							 *0x49c6fc = GetProcAddress( *0x49c764, "GetThemePosition");
							 *0x49c700 = GetProcAddress( *0x49c764, "GetThemeFont");
							 *0x49c704 = GetProcAddress( *0x49c764, "GetThemeRect");
							 *0x49c708 = GetProcAddress( *0x49c764, "GetThemeMargins");
							 *0x49c70c = GetProcAddress( *0x49c764, "GetThemeIntList");
							 *0x49c710 = GetProcAddress( *0x49c764, "GetThemePropertyOrigin");
							 *0x49c714 = GetProcAddress( *0x49c764, "SetWindowTheme");
							 *0x49c718 = GetProcAddress( *0x49c764, "GetThemeFilename");
							 *0x49c71c = GetProcAddress( *0x49c764, "GetThemeSysColor");
							 *0x49c720 = GetProcAddress( *0x49c764, "GetThemeSysColorBrush");
							 *0x49c724 = GetProcAddress( *0x49c764, "GetThemeSysBool");
							 *0x49c728 = GetProcAddress( *0x49c764, "GetThemeSysSize");
							 *0x49c72c = GetProcAddress( *0x49c764, "GetThemeSysFont");
							 *0x49c730 = GetProcAddress( *0x49c764, "GetThemeSysString");
							 *0x49c734 = GetProcAddress( *0x49c764, "GetThemeSysInt");
							 *0x49c738 = GetProcAddress( *0x49c764, "IsThemeActive");
							 *0x49c73c = GetProcAddress( *0x49c764, "IsAppThemed");
							 *0x49c740 = GetProcAddress( *0x49c764, "GetWindowTheme");
							 *0x49c744 = GetProcAddress( *0x49c764, "EnableThemeDialogTexture");
							 *0x49c748 = GetProcAddress( *0x49c764, "IsThemeDialogTextureEnabled");
							 *0x49c74c = GetProcAddress( *0x49c764, "GetThemeAppProperties");
							 *0x49c750 = GetProcAddress( *0x49c764, "SetThemeAppProperties");
							 *0x49c754 = GetProcAddress( *0x49c764, "GetCurrentThemeName");
							 *0x49c758 = GetProcAddress( *0x49c764, "GetThemeDocumentationProperty");
							 *0x49c75c = GetProcAddress( *0x49c764, "DrawThemeParentBackground");
							_t3 = GetProcAddress( *0x49c764, "EnableTheming");
							 *0x49c760 = _t3;
						}
					}
				}
				return _t3 & 0xffffff00 |  *0x49c764 != 0x00000000;
			}




                                                    0x0044b65e
                                                    0x0044b667
                                                    0x0044b66d
                                                    0x0044b674
                                                    0x0044b67f
                                                    0x0044b684
                                                    0x0044b689
                                                    0x0044b69c
                                                    0x0044b6ae
                                                    0x0044b6c0
                                                    0x0044b6d2
                                                    0x0044b6e4
                                                    0x0044b6f6
                                                    0x0044b708
                                                    0x0044b71a
                                                    0x0044b72c
                                                    0x0044b73e
                                                    0x0044b750
                                                    0x0044b762
                                                    0x0044b774
                                                    0x0044b786
                                                    0x0044b798
                                                    0x0044b7aa
                                                    0x0044b7bc
                                                    0x0044b7ce
                                                    0x0044b7e0
                                                    0x0044b7f2
                                                    0x0044b804
                                                    0x0044b816
                                                    0x0044b828
                                                    0x0044b83a
                                                    0x0044b84c
                                                    0x0044b85e
                                                    0x0044b870
                                                    0x0044b882
                                                    0x0044b894
                                                    0x0044b8a6
                                                    0x0044b8b8
                                                    0x0044b8ca
                                                    0x0044b8dc
                                                    0x0044b8ee
                                                    0x0044b900
                                                    0x0044b912
                                                    0x0044b924
                                                    0x0044b936
                                                    0x0044b948
                                                    0x0044b95a
                                                    0x0044b96c
                                                    0x0044b97e
                                                    0x0044b990
                                                    0x0044b9a2
                                                    0x0044b9b4
                                                    0x0044b9c6
                                                    0x0044b9d3
                                                    0x0044b9d8
                                                    0x0044b9d8
                                                    0x0044b689
                                                    0x0044b674
                                                    0x0044b9e4

                                                    APIs
                                                      • Part of subcall function 0044B604: GetVersionExA.KERNEL32(00000094), ref: 0044B621
                                                    • LoadLibraryA.KERNEL32(uxtheme.dll,?,0044F775,00499132), ref: 0044B67F
                                                    • GetProcAddress.KERNEL32(00000000,OpenThemeData), ref: 0044B697
                                                    • GetProcAddress.KERNEL32(00000000,CloseThemeData), ref: 0044B6A9
                                                    • GetProcAddress.KERNEL32(00000000,DrawThemeBackground), ref: 0044B6BB
                                                    • GetProcAddress.KERNEL32(00000000,DrawThemeText), ref: 0044B6CD
                                                    • GetProcAddress.KERNEL32(00000000,GetThemeBackgroundContentRect), ref: 0044B6DF
                                                    • GetProcAddress.KERNEL32(00000000,GetThemeBackgroundContentRect), ref: 0044B6F1
                                                    • GetProcAddress.KERNEL32(00000000,GetThemePartSize), ref: 0044B703
                                                    • GetProcAddress.KERNEL32(00000000,GetThemeTextExtent), ref: 0044B715
                                                    • GetProcAddress.KERNEL32(00000000,GetThemeTextMetrics), ref: 0044B727
                                                    • GetProcAddress.KERNEL32(00000000,GetThemeBackgroundRegion), ref: 0044B739
                                                    • GetProcAddress.KERNEL32(00000000,HitTestThemeBackground), ref: 0044B74B
                                                    • GetProcAddress.KERNEL32(00000000,DrawThemeEdge), ref: 0044B75D
                                                    • GetProcAddress.KERNEL32(00000000,DrawThemeIcon), ref: 0044B76F
                                                    • GetProcAddress.KERNEL32(00000000,IsThemePartDefined), ref: 0044B781
                                                    • GetProcAddress.KERNEL32(00000000,IsThemeBackgroundPartiallyTransparent), ref: 0044B793
                                                    • GetProcAddress.KERNEL32(00000000,GetThemeColor), ref: 0044B7A5
                                                    • GetProcAddress.KERNEL32(00000000,GetThemeMetric), ref: 0044B7B7
                                                    • GetProcAddress.KERNEL32(00000000,GetThemeString), ref: 0044B7C9
                                                    • GetProcAddress.KERNEL32(00000000,GetThemeBool), ref: 0044B7DB
                                                    • GetProcAddress.KERNEL32(00000000,GetThemeInt), ref: 0044B7ED
                                                    • GetProcAddress.KERNEL32(00000000,GetThemeEnumValue), ref: 0044B7FF
                                                    • GetProcAddress.KERNEL32(00000000,GetThemePosition), ref: 0044B811
                                                    • GetProcAddress.KERNEL32(00000000,GetThemeFont), ref: 0044B823
                                                    • GetProcAddress.KERNEL32(00000000,GetThemeRect), ref: 0044B835
                                                    • GetProcAddress.KERNEL32(00000000,GetThemeMargins), ref: 0044B847
                                                    • GetProcAddress.KERNEL32(00000000,GetThemeIntList), ref: 0044B859
                                                    • GetProcAddress.KERNEL32(00000000,GetThemePropertyOrigin), ref: 0044B86B
                                                    • GetProcAddress.KERNEL32(00000000,SetWindowTheme), ref: 0044B87D
                                                    • GetProcAddress.KERNEL32(00000000,GetThemeFilename), ref: 0044B88F
                                                    • GetProcAddress.KERNEL32(00000000,GetThemeSysColor), ref: 0044B8A1
                                                    • GetProcAddress.KERNEL32(00000000,GetThemeSysColorBrush), ref: 0044B8B3
                                                    • GetProcAddress.KERNEL32(00000000,GetThemeSysBool), ref: 0044B8C5
                                                    • GetProcAddress.KERNEL32(00000000,GetThemeSysSize), ref: 0044B8D7
                                                    • GetProcAddress.KERNEL32(00000000,GetThemeSysFont), ref: 0044B8E9
                                                    • GetProcAddress.KERNEL32(00000000,GetThemeSysString), ref: 0044B8FB
                                                    • GetProcAddress.KERNEL32(00000000,GetThemeSysInt), ref: 0044B90D
                                                    • GetProcAddress.KERNEL32(00000000,IsThemeActive), ref: 0044B91F
                                                    • GetProcAddress.KERNEL32(00000000,IsAppThemed), ref: 0044B931
                                                    • GetProcAddress.KERNEL32(00000000,GetWindowTheme), ref: 0044B943
                                                    • GetProcAddress.KERNEL32(00000000,EnableThemeDialogTexture), ref: 0044B955
                                                    • GetProcAddress.KERNEL32(00000000,IsThemeDialogTextureEnabled), ref: 0044B967
                                                    • GetProcAddress.KERNEL32(00000000,GetThemeAppProperties), ref: 0044B979
                                                    • GetProcAddress.KERNEL32(00000000,SetThemeAppProperties), ref: 0044B98B
                                                    • GetProcAddress.KERNEL32(00000000,GetCurrentThemeName), ref: 0044B99D
                                                    • GetProcAddress.KERNEL32(00000000,GetThemeDocumentationProperty), ref: 0044B9AF
                                                    • GetProcAddress.KERNEL32(00000000,DrawThemeParentBackground), ref: 0044B9C1
                                                    • GetProcAddress.KERNEL32(00000000,EnableTheming), ref: 0044B9D3
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: AddressProc$LibraryLoadVersion
                                                    • String ID: CloseThemeData$DrawThemeBackground$DrawThemeEdge$DrawThemeIcon$DrawThemeParentBackground$DrawThemeText$EnableThemeDialogTexture$EnableTheming$GetCurrentThemeName$GetThemeAppProperties$GetThemeBackgroundContentRect$GetThemeBackgroundRegion$GetThemeBool$GetThemeColor$GetThemeDocumentationProperty$GetThemeEnumValue$GetThemeFilename$GetThemeFont$GetThemeInt$GetThemeIntList$GetThemeMargins$GetThemeMetric$GetThemePartSize$GetThemePosition$GetThemePropertyOrigin$GetThemeRect$GetThemeString$GetThemeSysBool$GetThemeSysColor$GetThemeSysColorBrush$GetThemeSysFont$GetThemeSysInt$GetThemeSysSize$GetThemeSysString$GetThemeTextExtent$GetThemeTextMetrics$GetWindowTheme$HitTestThemeBackground$IsAppThemed$IsThemeActive$IsThemeBackgroundPartiallyTransparent$IsThemeDialogTextureEnabled$IsThemePartDefined$OpenThemeData$SetThemeAppProperties$SetWindowTheme$uxtheme.dll
                                                    • API String ID: 1968650500-2910565190
                                                    • Opcode ID: b3b629e164e0bcbb2f4f21ab717bcbf6f1bf226c725e79d5b94aea17d5e0faf4
                                                    • Instruction ID: d8631715d28996979fdae4650c7d0794c4595fe18b81985758329e998cd54f82
                                                    • Opcode Fuzzy Hash: b3b629e164e0bcbb2f4f21ab717bcbf6f1bf226c725e79d5b94aea17d5e0faf4
                                                    • Instruction Fuzzy Hash: 8D91A3F0A40B51ABEB00EFB598D6A2A3BA8EB1571431005BBB454EF295D778DC108F9D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00492C54, Relevance: 56.4, APIs: 16, Strings: 16, Instructions: 431sleepCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 83%
                                                    			E00492C54(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __fp0, intOrPtr _a4) {
				char _v5;
				char _v12;
				char _v16;
				long _t81;
				long _t90;
				signed int _t103;
				CHAR* _t109;
				long _t128;
				long _t136;
				int _t138;
				signed int _t141;
				long _t145;
				int _t147;
				signed int _t150;
				long _t154;
				int _t156;
				long _t170;
				int _t172;
				int _t174;
				signed int _t177;
				long _t181;
				int _t183;
				int _t185;
				signed int _t188;
				long _t192;
				int _t194;
				int _t196;
				void* _t220;
				intOrPtr _t276;
				intOrPtr* _t368;
				intOrPtr* _t369;
				void* _t372;
				intOrPtr _t375;

				_t378 = __fp0;
				_t220 = __ecx;
				_t374 = _t375;
				_push(0);
				_push(0);
				_push(0);
				_push(__ebx);
				_t219 = _a4;
				_push(_t375);
				_push(0x493149);
				_push( *[fs:eax]);
				 *[fs:eax] = _t375;
				_t372 =  *((intOrPtr*)(_a4 + 0xc)) - 1;
				_v5 = 1;
				E00403684( *((intOrPtr*)(__edx + 0x10)), 0x493164);
				if(_t372 != 0) {
					E00403684( *((intOrPtr*)(__edx + 0x10)), "FINDWINDOWBYCLASSNAME");
					if(__eflags != 0) {
						E00403684( *((intOrPtr*)(__edx + 0x10)), "FINDWINDOWBYWINDOWNAME");
						if(__eflags != 0) {
							E00403684( *((intOrPtr*)(__edx + 0x10)), "SENDMESSAGE");
							if(__eflags != 0) {
								E00403684( *((intOrPtr*)(__edx + 0x10)), "POSTMESSAGE");
								if(__eflags != 0) {
									E00403684( *((intOrPtr*)(__edx + 0x10)), "SENDNOTIFYMESSAGE");
									if(__eflags != 0) {
										E00403684( *((intOrPtr*)(__edx + 0x10)), "REGISTERWINDOWMESSAGE");
										if(__eflags != 0) {
											E00403684( *((intOrPtr*)(__edx + 0x10)), "SENDBROADCASTMESSAGE");
											if(__eflags != 0) {
												E00403684( *((intOrPtr*)(__edx + 0x10)), "POSTBROADCASTMESSAGE");
												if(__eflags != 0) {
													E00403684( *((intOrPtr*)(__edx + 0x10)), "SENDBROADCASTNOTIFYMESSAGE");
													if(__eflags != 0) {
														E00403684( *((intOrPtr*)(__edx + 0x10)), "LOADDLL");
														if(__eflags != 0) {
															E00403684( *((intOrPtr*)(__edx + 0x10)), "CALLDLLPROC");
															if(__eflags != 0) {
																E00403684( *((intOrPtr*)(__edx + 0x10)), "FREEDLL");
																if(__eflags != 0) {
																	E00403684( *((intOrPtr*)(__edx + 0x10)), "CREATEMUTEX");
																	if(__eflags != 0) {
																		E00403684( *((intOrPtr*)(__edx + 0x10)), "OEMTOCHARBUFF");
																		if(__eflags != 0) {
																			E00403684( *((intOrPtr*)(__edx + 0x10)), "CHARTOOEMBUFF");
																			if(__eflags != 0) {
																				_v5 = 0;
																			} else {
																				E0048D0D4(_t219,  &_v12, _t372);
																				_t81 = E00403574(_v12);
																				CharToOemBuffA(E00403738(_v12), _t83, _t81);
																				E0048D0EC();
																			}
																		} else {
																			E0048D0D4(_t219,  &_v12, _t372);
																			_t90 = E00403574(_v12);
																			OemToCharBuffA(E00403738(_v12), _t92, _t90);
																			E0048D0EC();
																		}
																	} else {
																		E00446FF8(_t219,  &_v16, _t372, __edx);
																		CreateMutexA(0, 0, E00403738(_v16));
																	}
																} else {
																	_t103 = FreeLibrary(E00446F9C(_t219, _t220, _t372 - 1, __fp0));
																	asm("sbb ecx, ecx");
																	E004470D0(_t219,  ~( ~_t103), _t372, _t374, __fp0);
																}
															} else {
																E00446FF8(_t219,  &_v16, _t372 - 2, __edx);
																_t109 = E00403738(_v16);
																_t368 = GetProcAddress(E00446F9C(_t219,  &_v16, _t372 - 1, __fp0), _t109);
																__eflags = _t368;
																if(_t368 == 0) {
																	E004470D0(_t219, 0, _t372, _t374, __fp0);
																} else {
																	E00447278(_t219,  *_t368(E00446F9C(_t219,  &_v16, _t372 - 3, __fp0), E00446F9C(_t219,  &_v16, _t372 - 4, __fp0)), _t372 - 5, _t374, __fp0);
																	E004470D0(_t219, 1, _t372, _t374, __fp0);
																}
															}
														} else {
															E00446FF8(_t219,  &_v16, _t372 - 1, __edx);
															_t369 = E0042E394(_v16, _t219, 0x8000);
															__eflags = _t369;
															if(_t369 == 0) {
																_t128 = GetLastError();
																__eflags = _t372 - 2;
																E00447278(_t219, _t128, _t372 - 2, _t374, __fp0);
															} else {
																E00447278(_t219, 0, _t372 - 2, _t374, __fp0);
															}
															E00447278(_t219, _t369, _t372, _t374, _t378);
														}
													} else {
														_t136 = E00446F9C(_t219, _t220, _t372 - 3, __fp0);
														_t138 = E00446F9C(_t219, _t220, _t372 - 2, __fp0);
														_t141 = SendNotifyMessageA(0xffff, E00446F9C(_t219, _t220, _t372 - 1, __fp0), _t138, _t136);
														asm("sbb ecx, ecx");
														E004470D0(_t219,  ~( ~_t141), _t372, _t374, __fp0);
													}
												} else {
													_t145 = E00446F9C(_t219, _t220, _t372 - 3, __fp0);
													_t147 = E00446F9C(_t219, _t220, _t372 - 2, __fp0);
													_t150 = PostMessageA(0xffff, E00446F9C(_t219, _t220, _t372 - 1, __fp0), _t147, _t145);
													asm("sbb ecx, ecx");
													E004470D0(_t219,  ~( ~_t150), _t372, _t374, __fp0);
												}
											} else {
												_t154 = E00446F9C(_t219, _t220, _t372 - 3, __fp0);
												_t156 = E00446F9C(_t219, _t220, _t372 - 2, __fp0);
												E00447278(_t219, SendMessageA(0xffff, E00446F9C(_t219, _t220, _t372 - 1, __fp0), _t156, _t154), _t372, _t374, __fp0);
											}
										} else {
											E00446FF8(_t219,  &_v16, _t372 - 1, __edx);
											E00447278(_t219, RegisterClipboardFormatA(E00403738(_v16)), _t372, _t374, __fp0);
										}
									} else {
										_t170 = E00446F9C(_t219, _t220, _t372 - 4, __fp0);
										_t172 = E00446F9C(_t219, _t220, _t372 - 3, __fp0);
										_t174 = E00446F9C(_t219, _t220, _t372 - 2, __fp0);
										_t177 = SendNotifyMessageA(E00446F9C(_t219, _t220, _t372 - 1, __fp0), _t174, _t172, _t170);
										asm("sbb ecx, ecx");
										E004470D0(_t219,  ~( ~_t177), _t372, _t374, __fp0);
									}
								} else {
									_t181 = E00446F9C(_t219, _t220, _t372 - 4, __fp0);
									_t183 = E00446F9C(_t219, _t220, _t372 - 3, __fp0);
									_t185 = E00446F9C(_t219, _t220, _t372 - 2, __fp0);
									_t188 = PostMessageA(E00446F9C(_t219, _t220, _t372 - 1, __fp0), _t185, _t183, _t181);
									asm("sbb ecx, ecx");
									E004470D0(_t219,  ~( ~_t188), _t372, _t374, __fp0);
								}
							} else {
								_t192 = E00446F9C(_t219, _t220, _t372 - 4, __fp0);
								_t194 = E00446F9C(_t219, _t220, _t372 - 3, __fp0);
								_t196 = E00446F9C(_t219, _t220, _t372 - 2, __fp0);
								E00447278(_t219, SendMessageA(E00446F9C(_t219, _t220, _t372 - 1, __fp0), _t196, _t194, _t192), _t372, _t374, __fp0);
							}
						} else {
							E00446FF8(_t219,  &_v16, _t372 - 1, __edx);
							E00447278(_t219, FindWindowA(0, E00403738(_v16)), _t372, _t374, __fp0);
						}
					} else {
						E00446FF8(_t219,  &_v16, _t372 - 1, __edx);
						E00447278(_t219, FindWindowA(E00403738(_v16), 0), _t372, _t374, __fp0);
					}
				} else {
					Sleep(E00446F9C(_t219, _t220, _t372, __fp0));
				}
				_pop(_t276);
				 *[fs:eax] = _t276;
				_push(0x493150);
				return E00403420( &_v16, 2);
			}




































                                                    0x00492c54
                                                    0x00492c54
                                                    0x00492c55
                                                    0x00492c57
                                                    0x00492c59
                                                    0x00492c5b
                                                    0x00492c5d
                                                    0x00492c62
                                                    0x00492c67
                                                    0x00492c68
                                                    0x00492c6d
                                                    0x00492c70
                                                    0x00492c76
                                                    0x00492c77
                                                    0x00492c83
                                                    0x00492c88
                                                    0x00492ca6
                                                    0x00492cab
                                                    0x00492ce2
                                                    0x00492ce7
                                                    0x00492d1e
                                                    0x00492d23
                                                    0x00492d74
                                                    0x00492d79
                                                    0x00492dd0
                                                    0x00492dd5
                                                    0x00492e2c
                                                    0x00492e31
                                                    0x00492e66
                                                    0x00492e6b
                                                    0x00492eb4
                                                    0x00492eb9
                                                    0x00492f08
                                                    0x00492f0d
                                                    0x00492f5c
                                                    0x00492f61
                                                    0x00492fbe
                                                    0x00492fc3
                                                    0x00493045
                                                    0x0049304a
                                                    0x0049307a
                                                    0x0049307f
                                                    0x004930ac
                                                    0x004930b1
                                                    0x004930ef
                                                    0x004930f4
                                                    0x0049312a
                                                    0x004930f6
                                                    0x004930fd
                                                    0x00493105
                                                    0x00493117
                                                    0x00493123
                                                    0x00493123
                                                    0x004930b3
                                                    0x004930ba
                                                    0x004930c2
                                                    0x004930d4
                                                    0x004930e0
                                                    0x004930e0
                                                    0x00493081
                                                    0x00493088
                                                    0x0049309a
                                                    0x0049309a
                                                    0x0049304c
                                                    0x00493057
                                                    0x00493060
                                                    0x00493068
                                                    0x00493068
                                                    0x00492fc5
                                                    0x00492fcf
                                                    0x00492fd7
                                                    0x00492fed
                                                    0x00492fef
                                                    0x00492ff1
                                                    0x00493033
                                                    0x00492ff3
                                                    0x00493018
                                                    0x00493023
                                                    0x00493023
                                                    0x00492ff1
                                                    0x00492f63
                                                    0x00492f6b
                                                    0x00492f7d
                                                    0x00492f7f
                                                    0x00492f81
                                                    0x00492f93
                                                    0x00492f9c
                                                    0x00492fa1
                                                    0x00492f83
                                                    0x00492f8c
                                                    0x00492f8c
                                                    0x00492fac
                                                    0x00492fac
                                                    0x00492f0f
                                                    0x00492f16
                                                    0x00492f23
                                                    0x00492f39
                                                    0x00492f42
                                                    0x00492f4a
                                                    0x00492f4a
                                                    0x00492ebb
                                                    0x00492ec2
                                                    0x00492ecf
                                                    0x00492ee5
                                                    0x00492eee
                                                    0x00492ef6
                                                    0x00492ef6
                                                    0x00492e6d
                                                    0x00492e74
                                                    0x00492e81
                                                    0x00492ea2
                                                    0x00492ea2
                                                    0x00492e33
                                                    0x00492e3b
                                                    0x00492e54
                                                    0x00492e54
                                                    0x00492dd7
                                                    0x00492dde
                                                    0x00492deb
                                                    0x00492df8
                                                    0x00492e09
                                                    0x00492e12
                                                    0x00492e1a
                                                    0x00492e1a
                                                    0x00492d7b
                                                    0x00492d82
                                                    0x00492d8f
                                                    0x00492d9c
                                                    0x00492dad
                                                    0x00492db6
                                                    0x00492dbe
                                                    0x00492dbe
                                                    0x00492d25
                                                    0x00492d2c
                                                    0x00492d39
                                                    0x00492d46
                                                    0x00492d62
                                                    0x00492d62
                                                    0x00492ce9
                                                    0x00492cf1
                                                    0x00492d0c
                                                    0x00492d0c
                                                    0x00492cad
                                                    0x00492cb7
                                                    0x00492cd0
                                                    0x00492cd0
                                                    0x00492c8a
                                                    0x00492c94
                                                    0x00492c94
                                                    0x00493130
                                                    0x00493133
                                                    0x00493136
                                                    0x00493148

                                                    APIs
                                                    • Sleep.KERNEL32(00000000,00000000,00493149,?,?,?,?,00000000,00000000,00000000), ref: 00492C94
                                                    • FindWindowA.USER32 ref: 00492CC5
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: FindSleepWindow
                                                    • String ID: CALLDLLPROC$CHARTOOEMBUFF$CREATEMUTEX$FINDWINDOWBYCLASSNAME$FINDWINDOWBYWINDOWNAME$FREEDLL$LOADDLL$OEMTOCHARBUFF$POSTBROADCASTMESSAGE$POSTMESSAGE$REGISTERWINDOWMESSAGE$SENDBROADCASTMESSAGE$SENDBROADCASTNOTIFYMESSAGE$SENDMESSAGE$SENDNOTIFYMESSAGE$SLEEP
                                                    • API String ID: 3078808852-3310373309
                                                    • Opcode ID: ebc9c9049d60084fa1855ae145ac5e68c3e520d640755ff3d1aa583becfa05e5
                                                    • Instruction ID: 859a33d1fca16724c105442f7365beb0e22e3e48fafdb4d5e2e24ed56419331c
                                                    • Opcode Fuzzy Hash: ebc9c9049d60084fa1855ae145ac5e68c3e520d640755ff3d1aa583becfa05e5
                                                    • Instruction Fuzzy Hash: 4CC172A0B042006BDF14BF3E9C4251F59AA9B85709B11D93FB446EB38BCE7DED0A4359
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0041CA0C, Relevance: 33.2, APIs: 22, Instructions: 213windowCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 72%
                                                    			E0041CA0C(void* __eax, int __ecx, struct HPALETTE__* __edx, char _a4, intOrPtr _a8, int _a12) {
				void* _v8;
				struct HPALETTE__* _v12;
				struct HBITMAP__* _v16;
				void* _v20;
				void* _v24;
				struct HDC__* _v28;
				struct HDC__* _v32;
				struct HDC__* _v36;
				struct tagRECT _v52;
				struct HBRUSH__* _t115;
				intOrPtr _t136;
				intOrPtr _t147;
				intOrPtr _t148;
				intOrPtr _t149;
				int _t152;
				int _t155;
				void* _t158;
				void* _t160;
				intOrPtr _t161;

				_t158 = _t160;
				_t161 = _t160 + 0xffffffd0;
				_t155 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				_t136 = _a8;
				_t152 = _a12;
				_v16 = 0;
				if(_v8 != 0 || __ecx != 0 && _t152 != 0) {
					_v28 = GetDC(0);
					_v32 = CreateCompatibleDC(_v28);
					_push(_t158);
					_push(0x41cc62);
					_push( *[fs:eax]);
					 *[fs:eax] = _t161;
					if(_a4 == 0) {
						_v16 = CreateCompatibleBitmap(_v28, _t155, _t152);
					} else {
						_v16 = CreateBitmap(_t155, _t152, 1, 1, 0);
					}
					if(_v16 == 0) {
						E0041B394();
					}
					_v24 = SelectObject(_v32, _v16);
					_push(_t158);
					_push(0x41cc1b);
					_push( *[fs:eax]);
					 *[fs:eax] = _t161;
					if(_t136 == 0) {
						PatBlt(_v32, 0, 0, _t155, _t152, 0xff0062);
					} else {
						_t115 = E0041A6E0( *((intOrPtr*)(_t136 + 0x14)));
						E0040AA48(0, _t155, 0,  &_v52, _t152);
						FillRect(_v32,  &_v52, _t115);
						SetTextColor(_v32, E0041A058( *((intOrPtr*)( *((intOrPtr*)(_t136 + 0xc)) + 0x10))));
						SetBkColor(_v32, E0041A058(E0041A6A4( *((intOrPtr*)(_t136 + 0x14)))));
					}
					if(_v8 == 0) {
						_pop(_t147);
						 *[fs:eax] = _t147;
						_pop(_t148);
						 *[fs:eax] = _t148;
						_push(0x41cc69);
						DeleteDC(_v32);
						return ReleaseDC(0, _v28);
					} else {
						_v36 = CreateCompatibleDC(_v28);
						if(_v36 == 0) {
							E0041B394();
						}
						_push(_t158);
						_push(0x41cc0a);
						_push( *[fs:eax]);
						 *[fs:eax] = _t161;
						E0041C838(_v8);
						_v20 = SelectObject(_v36, _v8);
						if(_v12 != 0) {
							SelectPalette(_v36, _v12, 1);
							RealizePalette(_v36);
							SelectPalette(_v32, _v12, 1);
							RealizePalette(_v32);
						}
						if(_t136 != 0) {
							SetTextColor(_v36, E0041A058( *((intOrPtr*)( *((intOrPtr*)(_t136 + 0xc)) + 0x10))));
							SetBkColor(_v36, E0041A058(E0041A6A4( *((intOrPtr*)(_t136 + 0x14)))));
						}
						BitBlt(_v32, 0, 0, _t155, _t152, _v36, 0, 0, 0xcc0020);
						SelectObject(_v36, _v20);
						_pop(_t149);
						 *[fs:eax] = _t149;
						_push(0x41cc11);
						return DeleteDC(_v36);
					}
				} else {
					return _v16;
				}
			}






















                                                    0x0041ca0d
                                                    0x0041ca0f
                                                    0x0041ca15
                                                    0x0041ca17
                                                    0x0041ca1a
                                                    0x0041ca1d
                                                    0x0041ca20
                                                    0x0041ca25
                                                    0x0041ca2c
                                                    0x0041ca45
                                                    0x0041ca51
                                                    0x0041ca56
                                                    0x0041ca57
                                                    0x0041ca5c
                                                    0x0041ca5f
                                                    0x0041ca66
                                                    0x0041ca85
                                                    0x0041ca68
                                                    0x0041ca75
                                                    0x0041ca75
                                                    0x0041ca8c
                                                    0x0041ca8e
                                                    0x0041ca8e
                                                    0x0041caa0
                                                    0x0041caa5
                                                    0x0041caa6
                                                    0x0041caab
                                                    0x0041caae
                                                    0x0041cab3
                                                    0x0041cb18
                                                    0x0041cab5
                                                    0x0041cab8
                                                    0x0041cac9
                                                    0x0041cad6
                                                    0x0041caeb
                                                    0x0041cb02
                                                    0x0041cb02
                                                    0x0041cb21
                                                    0x0041cc13
                                                    0x0041cc16
                                                    0x0041cc42
                                                    0x0041cc45
                                                    0x0041cc48
                                                    0x0041cc51
                                                    0x0041cc61
                                                    0x0041cb27
                                                    0x0041cb30
                                                    0x0041cb37
                                                    0x0041cb39
                                                    0x0041cb39
                                                    0x0041cb40
                                                    0x0041cb41
                                                    0x0041cb46
                                                    0x0041cb49
                                                    0x0041cb4f
                                                    0x0041cb61
                                                    0x0041cb68
                                                    0x0041cb74
                                                    0x0041cb7d
                                                    0x0041cb8c
                                                    0x0041cb95
                                                    0x0041cb95
                                                    0x0041cb9c
                                                    0x0041cbae
                                                    0x0041cbc5
                                                    0x0041cbc5
                                                    0x0041cbe1
                                                    0x0041cbee
                                                    0x0041cbf5
                                                    0x0041cbf8
                                                    0x0041cbfb
                                                    0x0041cc09
                                                    0x0041cc09
                                                    0x0041cc69
                                                    0x0041cc72
                                                    0x0041cc72

                                                    APIs
                                                    • GetDC.USER32(00000000), ref: 0041CA40
                                                    • CreateCompatibleDC.GDI32(?), ref: 0041CA4C
                                                    • CreateBitmap.GDI32(0041A944,?,00000001,00000001,00000000), ref: 0041CA70
                                                    • CreateCompatibleBitmap.GDI32(?,0041A944,?), ref: 0041CA80
                                                    • SelectObject.GDI32(0041CE3C,00000000), ref: 0041CA9B
                                                    • FillRect.USER32 ref: 0041CAD6
                                                    • SetTextColor.GDI32(0041CE3C,00000000), ref: 0041CAEB
                                                    • SetBkColor.GDI32(0041CE3C,00000000), ref: 0041CB02
                                                    • PatBlt.GDI32(0041CE3C,00000000,00000000,0041A944,?,00FF0062), ref: 0041CB18
                                                    • CreateCompatibleDC.GDI32(?), ref: 0041CB2B
                                                    • SelectObject.GDI32(00000000,00000000), ref: 0041CB5C
                                                    • SelectPalette.GDI32(00000000,00000000,00000001), ref: 0041CB74
                                                    • RealizePalette.GDI32(00000000), ref: 0041CB7D
                                                    • SelectPalette.GDI32(0041CE3C,00000000,00000001), ref: 0041CB8C
                                                    • RealizePalette.GDI32(0041CE3C), ref: 0041CB95
                                                    • SetTextColor.GDI32(00000000,00000000), ref: 0041CBAE
                                                    • SetBkColor.GDI32(00000000,00000000), ref: 0041CBC5
                                                    • BitBlt.GDI32(0041CE3C,00000000,00000000,0041A944,?,00000000,00000000,00000000,00CC0020), ref: 0041CBE1
                                                    • SelectObject.GDI32(00000000,?), ref: 0041CBEE
                                                    • DeleteDC.GDI32(00000000), ref: 0041CC04
                                                      • Part of subcall function 0041A058: GetSysColor.USER32(?), ref: 0041A062
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: ColorSelect$CreatePalette$CompatibleObject$BitmapRealizeText$DeleteFillRect
                                                    • String ID:
                                                    • API String ID: 269503290-0
                                                    • Opcode ID: b1a77ee72b466d7e805cf3b902d200046335a56e1df857dfbdb0577e6a302f53
                                                    • Instruction ID: 91afdf38925dfcc0a19aef53af63d8b93a06df8cfedaf367688fa0d34ebdb442
                                                    • Opcode Fuzzy Hash: b1a77ee72b466d7e805cf3b902d200046335a56e1df857dfbdb0577e6a302f53
                                                    • Instruction Fuzzy Hash: 01610071A44648AFDF10EBE9DC86FDFB7B8EB48704F10446AB504E7281D67CA940CB68
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00498910, Relevance: 23.0, APIs: 7, Strings: 6, Instructions: 251synchronizationCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 70%
                                                    			E00498910(void* __ebx, void* __edi, void* __esi) {
				char _v5;
				char _v6;
				void* _v12;
				intOrPtr _v16;
				char _v20;
				char _v24;
				void* _v28;
				char _v32;
				char _v36;
				char _v44;
				char _t63;
				void* _t119;
				intOrPtr _t121;
				intOrPtr _t125;
				char _t126;
				char _t130;
				char _t135;
				char _t138;
				long _t151;
				int _t155;
				intOrPtr _t177;
				intOrPtr _t184;
				intOrPtr _t185;
				intOrPtr _t187;
				intOrPtr _t190;
				intOrPtr _t193;
				intOrPtr _t199;
				intOrPtr _t200;

				_t197 = __esi;
				_t196 = __edi;
				_t199 = _t200;
				_t155 = 5;
				do {
					_push(0);
					_push(0);
					_t155 = _t155 - 1;
				} while (_t155 != 0);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_push(_t199);
				_push(0x498ca8);
				_push( *[fs:eax]);
				 *[fs:eax] = _t200;
				E0042D44C(1, 0x49c628,  &_v36, __edi, __esi);
				if(E00406AC4(_v36, 0x498cc0) != 0) {
					E0042D44C(1, 0x49c628,  &_v36, __edi, __esi);
					_t63 = E00406AC4(_v36, 0x498cd0);
					__eflags = _t63;
					if(_t63 != 0) {
						__eflags = 0;
						_pop(_t177);
						 *[fs:eax] = _t177;
						_push(E00498CAF);
						return E00403420( &_v44, 7);
					} else {
						_v5 = 0;
						goto L6;
					}
				} else {
					_v5 = 1;
					L6:
					E004242C4( *0x49c628, 0x498ce0, _t196);
					ShowWindow( *( *0x49c628 + 0x20), 5);
					E0047F6E8();
					_v12 = CreateMutexA(0, 0, "Inno-Setup-RegSvr-Mutex");
					ShowWindow( *( *0x49c628 + 0x20), 0);
					if(_v12 != 0) {
						do {
							E004244AC( *0x49c628);
							_t151 = MsgWaitForMultipleObjects(1,  &_v12, 0, 0xffffffff, 0xff);
							_t204 = _t151 == 1;
						} while (_t151 == 1);
					}
					ShowWindow( *( *0x49c628 + 0x20), 5);
					_push(_t199);
					_push(0x498c86);
					_push( *[fs:eax]);
					 *[fs:eax] = _t200;
					E0042D44C(0, 0x49c628,  &_v36, _t196, _t197);
					E0042C4F8(_v36, 0x49c628,  &_v20, 0x498d08, _t196, _t197, _t204);
					E0042D44C(0, 0x49c628,  &_v36, _t196, _t197);
					E0042C4F8(_v36, 0x49c628,  &_v24, 0x498d18, _t196, _t197, _t204);
					if(E0042CD24(_v24) == 0) {
						E00406F50(_v24);
						E00406F50(_v20);
						_push(_t199);
						_push( *[fs:eax]);
						 *[fs:eax] = _t200;
						E0049886C(0x49c628,  &_v24, _t196, _t197, __eflags);
						_pop(_t184);
						 *[fs:eax] = _t184;
						_t185 = 0x498c56;
						 *[fs:eax] = _t185;
						_push(E00498C8D);
						__eflags = _v12;
						if(_v12 != 0) {
							ReleaseMutex(_v12);
							return CloseHandle(_v12);
						}
						return 0;
					} else {
						E0042F120(E004515B0(_v20, 0x49c628, 1, 0, _t196, _t197) & 0xffffff00 | ( *0x49cff0 & 0x00000001) != 0x00000000);
						_t187 =  *0x49cec4; // 0x0
						E004242C4( *0x49c628, _t187, _t196);
						_push(_t199);
						_push(0x498c22);
						_push( *[fs:eax]);
						 *[fs:eax] = _t200;
						E0047CF70(0x49c628, _t187, _t196, _t197);
						_v16 = E0045072C(1, 1, 0, 2);
						_push(_t199);
						_push(0x498c08);
						_push( *[fs:eax]);
						 *[fs:eax] = _t200;
						while(E004509C0(_v16) == 0) {
							E004509D0(_v16,  &_v28);
							_t119 = E00403574(_v28);
							__eflags = _t119 - 4;
							if(_t119 > 4) {
								__eflags =  *_v28 - 0x5b;
								if( *_v28 == 0x5b) {
									_t121 = _v28;
									__eflags =  *((char*)(_t121 + 3)) - 0x5d;
									if( *((char*)(_t121 + 3)) == 0x5d) {
										E00403778(_v28, 0x7fffffff, 5,  &_v32);
										_t125 = _v28;
										__eflags =  *((char*)(_t125 + 2)) - 0x71;
										if( *((char*)(_t125 + 2)) == 0x71) {
											L17:
											_t126 = 1;
										} else {
											__eflags = _v5;
											if(_v5 == 0) {
												L16:
												_t126 = 0;
											} else {
												__eflags =  *0x49d440;
												if( *0x49d440 == 0) {
													goto L17;
												} else {
													goto L16;
												}
											}
										}
										_v6 = _t126;
										_push(_t199);
										_push(0x498b78);
										_push( *[fs:eax]);
										 *[fs:eax] = _t200;
										_t130 =  *((intOrPtr*)(_v28 + 1)) - 0x53;
										__eflags = _t130;
										if(_t130 == 0) {
											_push(_v6);
											E00458320(0, 0x49c628, _v32, 1, _t196, _t197);
										} else {
											_t135 = _t130 - 1;
											__eflags = _t135;
											if(_t135 == 0) {
												__eflags = 0;
												E00458494(0, 0x49c628, _v32, _t196, _t197, 0);
											} else {
												_t138 = _t135 - 0x1f;
												__eflags = _t138;
												if(_t138 == 0) {
													_push(_v6);
													E00458320(0, 0x49c628, _v32, 0, _t196, _t197);
												} else {
													__eflags = _t138 == 1;
													if(_t138 == 1) {
														E00456BFC(_v32, 0x49c628, _t196, _t197);
													}
												}
											}
										}
										_pop(_t193);
										 *[fs:eax] = _t193;
									}
								}
							}
						}
						_pop(_t190);
						 *[fs:eax] = _t190;
						_push(E00498C0F);
						return E00402B58(_v16);
					}
				}
			}































                                                    0x00498910
                                                    0x00498910
                                                    0x00498911
                                                    0x00498913
                                                    0x00498918
                                                    0x00498918
                                                    0x0049891a
                                                    0x0049891c
                                                    0x0049891c
                                                    0x0049891f
                                                    0x00498920
                                                    0x00498921
                                                    0x00498929
                                                    0x0049892a
                                                    0x0049892f
                                                    0x00498932
                                                    0x0049893d
                                                    0x00498951
                                                    0x00498961
                                                    0x0049896e
                                                    0x00498973
                                                    0x00498975
                                                    0x00498c8d
                                                    0x00498c8f
                                                    0x00498c92
                                                    0x00498c95
                                                    0x00498ca7
                                                    0x0049897b
                                                    0x0049897b
                                                    0x00000000
                                                    0x0049897b
                                                    0x00498953
                                                    0x00498953
                                                    0x0049897f
                                                    0x00498986
                                                    0x00498993
                                                    0x00498998
                                                    0x004989ab
                                                    0x004989b6
                                                    0x004989bf
                                                    0x004989c1
                                                    0x004989c3
                                                    0x004989d7
                                                    0x004989dc
                                                    0x004989dc
                                                    0x004989c1
                                                    0x004989e7
                                                    0x004989ee
                                                    0x004989ef
                                                    0x004989f4
                                                    0x004989f7
                                                    0x004989ff
                                                    0x00498a0f
                                                    0x00498a19
                                                    0x00498a29
                                                    0x00498a38
                                                    0x00498c2c
                                                    0x00498c34
                                                    0x00498c3b
                                                    0x00498c41
                                                    0x00498c44
                                                    0x00498c47
                                                    0x00498c4e
                                                    0x00498c51
                                                    0x00498c62
                                                    0x00498c65
                                                    0x00498c68
                                                    0x00498c6d
                                                    0x00498c71
                                                    0x00498c77
                                                    0x00000000
                                                    0x00498c80
                                                    0x00498c85
                                                    0x00498a3e
                                                    0x00498a54
                                                    0x00498a59
                                                    0x00498a61
                                                    0x00498a68
                                                    0x00498a69
                                                    0x00498a6e
                                                    0x00498a71
                                                    0x00498a74
                                                    0x00498a8e
                                                    0x00498a93
                                                    0x00498a94
                                                    0x00498a99
                                                    0x00498a9c
                                                    0x00498be2
                                                    0x00498aaa
                                                    0x00498ab2
                                                    0x00498ab7
                                                    0x00498aba
                                                    0x00498ac3
                                                    0x00498ac6
                                                    0x00498acc
                                                    0x00498acf
                                                    0x00498ad3
                                                    0x00498aea
                                                    0x00498aef
                                                    0x00498af2
                                                    0x00498af6
                                                    0x00498b0b
                                                    0x00498b0b
                                                    0x00498af8
                                                    0x00498af8
                                                    0x00498afc
                                                    0x00498b07
                                                    0x00498b07
                                                    0x00498afe
                                                    0x00498afe
                                                    0x00498b05
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00498b05
                                                    0x00498afc
                                                    0x00498b0d
                                                    0x00498b12
                                                    0x00498b13
                                                    0x00498b18
                                                    0x00498b1b
                                                    0x00498b24
                                                    0x00498b24
                                                    0x00498b26
                                                    0x00498b4b
                                                    0x00498b53
                                                    0x00498b28
                                                    0x00498b28
                                                    0x00498b28
                                                    0x00498b2a
                                                    0x00498b67
                                                    0x00498b69
                                                    0x00498b2c
                                                    0x00498b2c
                                                    0x00498b2c
                                                    0x00498b2e
                                                    0x00498b39
                                                    0x00498b41
                                                    0x00498b30
                                                    0x00498b30
                                                    0x00498b32
                                                    0x00498b5d
                                                    0x00498b5d
                                                    0x00498b32
                                                    0x00498b2e
                                                    0x00498b2a
                                                    0x00498b70
                                                    0x00498b73
                                                    0x00498b73
                                                    0x00498ad3
                                                    0x00498ac6
                                                    0x00498aba
                                                    0x00498bf4
                                                    0x00498bf7
                                                    0x00498bfa
                                                    0x00498c07
                                                    0x00498c07
                                                    0x00498a38

                                                    APIs
                                                    • ShowWindow.USER32(?,00000005,00000000,00498CA8,?,?,00000000,?,00000000,00000000,?,0049905F,00000000,00499069,?,00000000), ref: 00498993
                                                    • CreateMutexA.KERNEL32(00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,00498CA8,?,?,00000000,?,00000000,00000000,?,0049905F,00000000), ref: 004989A6
                                                    • ShowWindow.USER32(?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,00498CA8,?,?,00000000,?,00000000,00000000), ref: 004989B6
                                                    • MsgWaitForMultipleObjects.USER32 ref: 004989D7
                                                    • ShowWindow.USER32(?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,00498CA8,?,?,00000000,?,00000000), ref: 004989E7
                                                      • Part of subcall function 0042D44C: GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,0042D4DA,?,?,?,00000001,?,0045607E,00000000,004560E6), ref: 0042D481
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: ShowWindow$CreateFileModuleMultipleMutexNameObjectsWait
                                                    • String ID: .lst$.msg$/REG$/REGU$Inno-Setup-RegSvr-Mutex$Setup
                                                    • API String ID: 2000705611-3672972446
                                                    • Opcode ID: 0ee30b030a223bb986c1424f6ab252984ba86cb58e5f345b355ebf9cee720eb9
                                                    • Instruction ID: 0f540f509e6931216bdbe5ecc0cea1e8f213896d66e56a8b70982051fc109662
                                                    • Opcode Fuzzy Hash: 0ee30b030a223bb986c1424f6ab252984ba86cb58e5f345b355ebf9cee720eb9
                                                    • Instruction Fuzzy Hash: 9691A470A042049FDF11EB69C856BAE7BA4EB4A704F55447BF500AB6D2CA7CAC05CB2D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0045A6D8, Relevance: 23.0, APIs: 2, Strings: 11, Instructions: 209COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 84%
                                                    			E0045A6D8(char __eax, void* __ebx, char __ecx, void* __edx, void* __edi, void* __esi, void* __eflags, char _a4, char _a8, intOrPtr _a12) {
				char _v5;
				char _v6;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				void* _t61;
				void* _t69;
				void* _t113;
				void* _t137;
				intOrPtr _t164;
				intOrPtr _t176;
				void* _t186;
				signed int _t187;
				char _t189;
				void* _t191;
				void* _t192;
				intOrPtr _t193;

				_t185 = __edi;
				_t138 = __ecx;
				_t191 = _t192;
				_t193 = _t192 + 0xffffffec;
				_push(__edi);
				_v12 = 0;
				_v24 = 0;
				_v5 = __ecx;
				_t137 = __edx;
				_t189 = __eax;
				_push(_t191);
				_push(0x45a994);
				_push( *[fs:eax]);
				 *[fs:eax] = _t193;
				_v6 = 1;
				E0042C8FC(__eax, __ecx,  &_v12, __eflags);
				_t61 = E00406AC4(_v12, 0x45a9b0);
				_t195 = _t61;
				if(_t61 != 0) {
					E0042C8FC(_t189, _t138,  &_v12, __eflags);
					__eflags = E00406AC4(_v12, 0x45a9e0);
					if(__eflags == 0) {
						E0042C4F8(_t189, _t137,  &_v12, 0x45a9f0, __edi, _t189, __eflags);
						__eflags = 0;
						E0045A6D8(_v12, _t137, 0, _t137, __edi, _t189, 0, 0, 0, _a12);
						_pop(_t138);
					}
				} else {
					E0042C4F8(_t189, _t137,  &_v12, 0x45a9c0, __edi, _t189, _t195);
					E0045A6D8(_v12, _t137, 0, _t137, __edi, _t189, _t195, 0, 0, _a12);
					E0042C4F8(_t189, _t137,  &_v12, 0x45a9d0, __edi, _t189, _t195);
					E0045A6D8(_v12, _t137, 0, _t137, _t185, _t189, _t195, 0, 0, _a12);
					_pop(_t138);
				}
				E0042C8FC(_t189, _t138,  &_v12, _t195);
				_t69 = E00406AC4(_v12, 0x45aa00);
				_t196 = _t69;
				if(_t69 == 0) {
					E00456F20(_t189, _t137, _t185, _t189);
				}
				if(E00452DA0(_t137, _t189, _t196) == 0) {
					L23:
					_pop(_t164);
					 *[fs:eax] = _t164;
					_push(E0045A99B);
					E00403400( &_v24);
					return E00403400( &_v12);
				} else {
					_v20 = _t189;
					_v16 = 0xb;
					_t141 = 0;
					E00457F1C("Deleting file: %s", _t137, 0,  &_v20, _t185, _t189);
					_t198 = _a4;
					if(_a4 != 0) {
						_t187 = E00452AE0(_t137, _t189, _t198);
						if(_t187 != 0xffffffff) {
							_t200 = _t187 & 0x00000001;
							if((_t187 & 0x00000001) != 0) {
								_t141 = _t187 & 0xfffffffe;
								_t113 = E00452E88(_t137, _t187 & 0xfffffffe, _t189, _t200);
								_t201 = _t113;
								if(_t113 == 0) {
									E00457D10("Failed to strip read-only attribute.", _t137, _t141, _t187, _t189);
								} else {
									E00457D10("Stripped read-only attribute.", _t137, _t141, _t187, _t189);
								}
							}
						}
					}
					if(E00452908(_t137, _t189, _t201) != 0) {
						__eflags = _v5;
						if(_v5 != 0) {
							SHChangeNotify(4, 1, E00403738(_t189), 0);
							E0042C8A4(_t189, _t141,  &_v12);
							E00456318( *((intOrPtr*)(_a12 - 0x14)), _t141, _v12);
						}
						goto L23;
					} else {
						_t186 = GetLastError();
						if(_a8 == 0 ||  *((char*)(_a12 - 1)) == 0) {
							L20:
							_v20 = _t186;
							_v16 = 0;
							E00457F1C("Failed to delete the file; it may be in use (%d).", _t137, 0,  &_v20, _t186, _t189);
							_v6 = 0;
							goto L23;
						} else {
							if(_t186 == 5) {
								L18:
								if((E00452AE0(_t137, _t189, _t206) & 0x00000001) != 0) {
									goto L20;
								}
								_v20 = _t186;
								_v16 = 0;
								E00457F1C("The file appears to be in use (%d). Will delete on restart.", _t137, 0,  &_v20, _t186, _t189);
								_push(_t191);
								_push(0x45a8f1);
								_push( *[fs:eax]);
								 *[fs:eax] = _t193;
								E00453D30(_t137, _t137, _t189, _t186, _t189);
								 *((char*)( *((intOrPtr*)(_a12 - 8)) + 0x1c)) = 1;
								E0042C804(_t189,  &_v24);
								E0042C8A4(_v24, 0,  &_v12);
								E00456318( *((intOrPtr*)(_a12 + 0xfffffffffffffff0)), _a12, _v12);
								_pop(_t176);
								 *[fs:eax] = _t176;
								goto L23;
							}
							_t206 = _t186 - 0x20;
							if(_t186 != 0x20) {
								goto L20;
							}
							goto L18;
						}
					}
				}
			}





















                                                    0x0045a6d8
                                                    0x0045a6d8
                                                    0x0045a6d9
                                                    0x0045a6db
                                                    0x0045a6e0
                                                    0x0045a6e3
                                                    0x0045a6e6
                                                    0x0045a6e9
                                                    0x0045a6ec
                                                    0x0045a6ee
                                                    0x0045a6f2
                                                    0x0045a6f3
                                                    0x0045a6f8
                                                    0x0045a6fb
                                                    0x0045a6fe
                                                    0x0045a707
                                                    0x0045a714
                                                    0x0045a719
                                                    0x0045a71b
                                                    0x0045a76c
                                                    0x0045a77e
                                                    0x0045a780
                                                    0x0045a794
                                                    0x0045a79c
                                                    0x0045a7a0
                                                    0x0045a7a5
                                                    0x0045a7a5
                                                    0x0045a71d
                                                    0x0045a72f
                                                    0x0045a73b
                                                    0x0045a753
                                                    0x0045a75f
                                                    0x0045a764
                                                    0x0045a764
                                                    0x0045a7ab
                                                    0x0045a7b8
                                                    0x0045a7bd
                                                    0x0045a7bf
                                                    0x0045a7c3
                                                    0x0045a7c3
                                                    0x0045a7d3
                                                    0x0045a976
                                                    0x0045a978
                                                    0x0045a97b
                                                    0x0045a97e
                                                    0x0045a986
                                                    0x0045a993
                                                    0x0045a7d9
                                                    0x0045a7d9
                                                    0x0045a7dc
                                                    0x0045a7e3
                                                    0x0045a7ea
                                                    0x0045a7ef
                                                    0x0045a7f3
                                                    0x0045a7fe
                                                    0x0045a803
                                                    0x0045a805
                                                    0x0045a80b
                                                    0x0045a80f
                                                    0x0045a816
                                                    0x0045a81b
                                                    0x0045a81d
                                                    0x0045a830
                                                    0x0045a81f
                                                    0x0045a824
                                                    0x0045a824
                                                    0x0045a81d
                                                    0x0045a80b
                                                    0x0045a803
                                                    0x0045a840
                                                    0x0045a945
                                                    0x0045a949
                                                    0x0045a959
                                                    0x0045a963
                                                    0x0045a971
                                                    0x0045a971
                                                    0x00000000
                                                    0x0045a846
                                                    0x0045a84b
                                                    0x0045a851
                                                    0x0045a929
                                                    0x0045a929
                                                    0x0045a92c
                                                    0x0045a93a
                                                    0x0045a93f
                                                    0x00000000
                                                    0x0045a864
                                                    0x0045a867
                                                    0x0045a872
                                                    0x0045a87d
                                                    0x00000000
                                                    0x00000000
                                                    0x0045a883
                                                    0x0045a886
                                                    0x0045a894
                                                    0x0045a89b
                                                    0x0045a89c
                                                    0x0045a8a1
                                                    0x0045a8a4
                                                    0x0045a8ad
                                                    0x0045a8b8
                                                    0x0045a8c1
                                                    0x0045a8cc
                                                    0x0045a8df
                                                    0x0045a8e6
                                                    0x0045a8e9
                                                    0x00000000
                                                    0x0045a8e9
                                                    0x0045a869
                                                    0x0045a86c
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x0045a86c
                                                    0x0045a851
                                                    0x0045a840

                                                    APIs
                                                    • GetLastError.KERNEL32(00000000,0045A994,?,?,?,?,?,00000006,?,00000000,00497D9D,?,00000000,00497E40), ref: 0045A846
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: ErrorLast
                                                    • String ID: .chm$.chw$.fts$.gid$.hlp$.lnk$Deleting file: %s$Failed to delete the file; it may be in use (%d).$Failed to strip read-only attribute.$Stripped read-only attribute.$The file appears to be in use (%d). Will delete on restart.
                                                    • API String ID: 1452528299-3112430753
                                                    • Opcode ID: 34628ea38c02848f5839f56948f4d130ccd67ebfd0c4bb16ccb032bd8a2064e0
                                                    • Instruction ID: 43962401d403c06de7b31dde6fd87328655f81364e16ca473e433d379c6e1912
                                                    • Opcode Fuzzy Hash: 34628ea38c02848f5839f56948f4d130ccd67ebfd0c4bb16ccb032bd8a2064e0
                                                    • Instruction Fuzzy Hash: EC719070B002545BCB00EB6998417AE77A49F4931AF91896BFC01AB383DB7C9E1DC75E
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0045CBC0, Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 182libraryloadermemoryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 36%
                                                    			E0045CBC0(intOrPtr __eax, struct _SID_IDENTIFIER_AUTHORITY* __ecx, void* __edx, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				struct _SID_IDENTIFIER_AUTHORITY* _v12;
				long _v16;
				_Unknown_base(*)()* _v20;
				_Unknown_base(*)()* _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				void* _v40;
				int _v44;
				void* _v48;
				void* __edi;
				int _t106;
				signed int _t108;
				void* _t114;
				signed int _t116;
				intOrPtr _t128;
				int _t137;
				int _t139;
				int _t140;
				struct HINSTANCE__* _t143;
				struct _SID_IDENTIFIER_AUTHORITY* _t144;
				void* _t146;
				void* _t148;
				intOrPtr _t149;

				_t125 = __edx;
				_t146 = _t148;
				_t149 = _t148 + 0xffffffd4;
				_v12 = __ecx;
				_t114 = __edx;
				_v8 = __eax;
				if( *0x49a0dc != 2 || (GetVersion() & 0x000000ff) < 5) {
					_v16 = 1;
					goto L19;
				} else {
					_t143 = GetModuleHandleA("advapi32.dll");
					_t137 = GetProcAddress(_t143, "GetNamedSecurityInfoW");
					_v20 = GetProcAddress(_t143, "SetNamedSecurityInfoW");
					_v24 = GetProcAddress(_t143, "SetEntriesInAclW");
					__eflags = _t137;
					if(_t137 == 0) {
						L6:
						_v16 = 0x7f;
						goto L19;
					} else {
						__eflags = _v20;
						if(_v20 == 0) {
							goto L6;
						} else {
							__eflags = _v24;
							if(_v24 != 0) {
								_v28 = E0045CAC8(_t114, _t125);
								 *[fs:edx] = _t149;
								_v44 = 0;
								_v16 =  *_t137(_v28, _v8, 4, 0, 0,  &_v36, 0,  &_v32,  *[fs:edx], 0x45ce32, _t146);
								__eflags = _v16;
								if(__eflags == 0) {
									_push(_t146);
									_push(0x45ce15);
									_push( *[fs:edx]);
									 *[fs:edx] = _t149;
									_v44 = E004069DC(_a8 << 5, 0, _t137, __eflags);
									_t144 = _v12;
									_t139 = _a8 - 1;
									__eflags = _t139;
									if(_t139 < 0) {
										L16:
										_v16 = _v24(_a8, _v44, _v36,  &_v40);
										__eflags = _v16;
										if(_v16 == 0) {
											 *[fs:eax] = _t149;
											_v16 = _v20(_v28, _v8, 4, 0, 0, _v40, 0,  *[fs:eax], 0x45cdbc, _t146);
											__eflags = 0;
											_pop(_t128);
											 *[fs:eax] = _t128;
											_push(0x45cdc3);
											return LocalFree(_v40);
										} else {
											E004031BC();
											E004031BC();
											goto L19;
										}
									} else {
										_t140 = _t139 + 1;
										_t116 = 0;
										__eflags = 0;
										while(1) {
											_t106 = AllocateAndInitializeSid(_t144,  *(_t144 + 6),  *(_t144 + 8),  *(_t144 + 0xc), 0, 0, 0, 0, 0, 0,  &_v48);
											__eflags = _t106;
											if(_t106 == 0) {
												break;
											}
											_t108 = _t116 << 2;
											 *((intOrPtr*)(_v44 + _t108 * 8)) =  *((intOrPtr*)(_t144 + 0x10));
											 *((intOrPtr*)(_v44 + 4 + _t108 * 8)) = 1;
											 *((intOrPtr*)(_v44 + 8 + _t108 * 8)) = _a4;
											 *((intOrPtr*)(_v44 + 0x14 + _t108 * 8)) = 0;
											 *((intOrPtr*)(_v44 + 0x18 + _t108 * 8)) = 0;
											 *((intOrPtr*)(_v44 + 0x1c + _t108 * 8)) = _v48;
											_t144 = _t144 + 0x14;
											_t116 = _t116 + 1;
											_t140 = _t140 - 1;
											__eflags = _t140;
											if(_t140 != 0) {
												continue;
											} else {
												goto L16;
											}
											goto L20;
										}
										_v16 = GetLastError();
										__eflags = _v16;
										if(_v16 == 0) {
											_v16 = 0x57;
										}
										E004031BC();
										E004031BC();
										goto L19;
									}
								} else {
									E004031BC();
									L19:
									return _v16;
								}
							} else {
								goto L6;
							}
						}
					}
				}
				L20:
			}




























                                                    0x0045cbc0
                                                    0x0045cbc1
                                                    0x0045cbc3
                                                    0x0045cbc9
                                                    0x0045cbcc
                                                    0x0045cbce
                                                    0x0045cbd8
                                                    0x0045cbe9
                                                    0x00000000
                                                    0x0045cbf5
                                                    0x0045cbff
                                                    0x0045cc0c
                                                    0x0045cc19
                                                    0x0045cc27
                                                    0x0045cc2a
                                                    0x0045cc2c
                                                    0x0045cc3a
                                                    0x0045cc3a
                                                    0x00000000
                                                    0x0045cc2e
                                                    0x0045cc2e
                                                    0x0045cc32
                                                    0x00000000
                                                    0x0045cc34
                                                    0x0045cc34
                                                    0x0045cc38
                                                    0x0045cc4d
                                                    0x0045cc5b
                                                    0x0045cc60
                                                    0x0045cc7d
                                                    0x0045cc80
                                                    0x0045cc84
                                                    0x0045cc92
                                                    0x0045cc93
                                                    0x0045cc98
                                                    0x0045cc9b
                                                    0x0045cca9
                                                    0x0045ccac
                                                    0x0045ccb2
                                                    0x0045ccb3
                                                    0x0045ccb5
                                                    0x0045cd52
                                                    0x0045cd65
                                                    0x0045cd68
                                                    0x0045cd6c
                                                    0x0045cd88
                                                    0x0045cda2
                                                    0x0045cda5
                                                    0x0045cda7
                                                    0x0045cdaa
                                                    0x0045cdad
                                                    0x0045cdbb
                                                    0x0045cd6e
                                                    0x0045cd6e
                                                    0x0045cd73
                                                    0x00000000
                                                    0x0045cd73
                                                    0x0045ccbb
                                                    0x0045ccbb
                                                    0x0045ccbc
                                                    0x0045ccbc
                                                    0x0045ccbe
                                                    0x0045ccdb
                                                    0x0045cce0
                                                    0x0045cce2
                                                    0x00000000
                                                    0x00000000
                                                    0x0045cd0a
                                                    0x0045cd13
                                                    0x0045cd19
                                                    0x0045cd27
                                                    0x0045cd30
                                                    0x0045cd39
                                                    0x0045cd43
                                                    0x0045cd47
                                                    0x0045cd4a
                                                    0x0045cd4b
                                                    0x0045cd4b
                                                    0x0045cd4c
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x0045cd4c
                                                    0x0045cce9
                                                    0x0045ccec
                                                    0x0045ccf0
                                                    0x0045ccf2
                                                    0x0045ccf2
                                                    0x0045ccf9
                                                    0x0045ccfe
                                                    0x00000000
                                                    0x0045ccfe
                                                    0x0045cc86
                                                    0x0045cc86
                                                    0x0045ce39
                                                    0x0045ce42
                                                    0x0045ce42
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x0045cc38
                                                    0x0045cc32
                                                    0x0045cc2c
                                                    0x00000000

                                                    APIs
                                                    • GetVersion.KERNEL32 ref: 0045CBDA
                                                    • GetModuleHandleA.KERNEL32(advapi32.dll), ref: 0045CBFA
                                                    • GetProcAddress.KERNEL32(00000000,GetNamedSecurityInfoW), ref: 0045CC07
                                                    • GetProcAddress.KERNEL32(00000000,SetNamedSecurityInfoW), ref: 0045CC14
                                                    • GetProcAddress.KERNEL32(00000000,SetEntriesInAclW), ref: 0045CC22
                                                      • Part of subcall function 0045CAC8: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,0045CB67,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0045CB41
                                                    • AllocateAndInitializeSid.ADVAPI32(?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,0045CE15,?,?,00000000), ref: 0045CCDB
                                                    • GetLastError.KERNEL32(?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,0045CE15,?,?,00000000), ref: 0045CCE4
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: AddressProc$AllocateByteCharErrorHandleInitializeLastModuleMultiVersionWide
                                                    • String ID: GetNamedSecurityInfoW$SetEntriesInAclW$SetNamedSecurityInfoW$W$advapi32.dll
                                                    • API String ID: 59345061-4263478283
                                                    • Opcode ID: e3c8f610604f8d1a61e317c05f23941b5211fd13382de67720a36eb0bbeb7958
                                                    • Instruction ID: 5051393f708b4b79d3e4214e138d4444fa461422948ec18671ed0486df3430fb
                                                    • Opcode Fuzzy Hash: e3c8f610604f8d1a61e317c05f23941b5211fd13382de67720a36eb0bbeb7958
                                                    • Instruction Fuzzy Hash: 45517471900308EFDB10DF99C881BEEBBB8EB49715F14806AF905E7241D678A945CFA9
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0041B3AC, Relevance: 21.1, APIs: 14, Instructions: 126windowCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 75%
                                                    			E0041B3AC(void* __eax, void* __ecx, void* __edx) {
				void* _v8;
				int _v12;
				int _v16;
				struct HBITMAP__* _v20;
				struct HDC__* _v24;
				struct HDC__* _v28;
				struct HDC__* _v32;
				int _v48;
				int _v52;
				void _v56;
				void* _t79;
				intOrPtr _t84;
				void* _t91;
				void* _t93;
				void* _t95;
				intOrPtr _t96;

				_t93 = _t95;
				_t96 = _t95 + 0xffffffcc;
				asm("movsd");
				asm("movsd");
				_v8 = __eax;
				_v28 = CreateCompatibleDC(0);
				_v32 = CreateCompatibleDC(0);
				GetObjectA(_v8, 0x18,  &_v56);
				if(__ecx == 0) {
					_v24 = GetDC(0);
					if(_v24 == 0) {
						E0041B394();
					}
					_push(_t93);
					_push(0x41b45b);
					_push( *[fs:eax]);
					 *[fs:eax] = _t96;
					_v20 = CreateCompatibleBitmap(_v24, _v16, _v12);
					if(_v20 == 0) {
						E0041B394();
					}
					_pop(_t84);
					 *[fs:eax] = _t84;
					_push(E0041B462);
					return ReleaseDC(0, _v24);
				} else {
					_v20 = CreateBitmap(_v16, _v12, 1, 1, 0);
					if(_v20 != 0) {
						_t79 = SelectObject(_v28, _v8);
						_t91 = SelectObject(_v32, _v20);
						StretchBlt(_v32, 0, 0, _v16, _v12, _v28, 0, 0, _v52, _v48, 0xcc0020);
						if(_t79 != 0) {
							SelectObject(_v28, _t79);
						}
						if(_t91 != 0) {
							SelectObject(_v32, _t91);
						}
					}
					DeleteDC(_v28);
					DeleteDC(_v32);
					return _v20;
				}
			}



















                                                    0x0041b3ad
                                                    0x0041b3af
                                                    0x0041b3ba
                                                    0x0041b3bb
                                                    0x0041b3be
                                                    0x0041b3c8
                                                    0x0041b3d2
                                                    0x0041b3df
                                                    0x0041b3e6
                                                    0x0041b407
                                                    0x0041b40e
                                                    0x0041b410
                                                    0x0041b410
                                                    0x0041b417
                                                    0x0041b418
                                                    0x0041b41d
                                                    0x0041b420
                                                    0x0041b434
                                                    0x0041b43b
                                                    0x0041b43d
                                                    0x0041b43d
                                                    0x0041b444
                                                    0x0041b447
                                                    0x0041b44a
                                                    0x0041b45a
                                                    0x0041b3e8
                                                    0x0041b3fb
                                                    0x0041b466
                                                    0x0041b475
                                                    0x0041b484
                                                    0x0041b4ab
                                                    0x0041b4b2
                                                    0x0041b4b9
                                                    0x0041b4b9
                                                    0x0041b4c0
                                                    0x0041b4c7
                                                    0x0041b4c7
                                                    0x0041b4c0
                                                    0x0041b4d0
                                                    0x0041b4d9
                                                    0x0041b4e7
                                                    0x0041b4e7

                                                    APIs
                                                    • CreateCompatibleDC.GDI32(00000000), ref: 0041B3C3
                                                    • CreateCompatibleDC.GDI32(00000000), ref: 0041B3CD
                                                    • GetObjectA.GDI32(?,00000018,00000004), ref: 0041B3DF
                                                    • CreateBitmap.GDI32(0000000B,?,00000001,00000001,00000000), ref: 0041B3F6
                                                    • GetDC.USER32(00000000), ref: 0041B402
                                                    • CreateCompatibleBitmap.GDI32(00000000,0000000B,?), ref: 0041B42F
                                                    • ReleaseDC.USER32 ref: 0041B455
                                                    • SelectObject.GDI32(00000000,?), ref: 0041B470
                                                    • SelectObject.GDI32(?,00000000), ref: 0041B47F
                                                    • StretchBlt.GDI32(?,00000000,00000000,0000000B,?,00000000,00000000,00000000,?,?,00CC0020), ref: 0041B4AB
                                                    • SelectObject.GDI32(00000000,00000000), ref: 0041B4B9
                                                    • SelectObject.GDI32(?,00000000), ref: 0041B4C7
                                                    • DeleteDC.GDI32(00000000), ref: 0041B4D0
                                                    • DeleteDC.GDI32(?), ref: 0041B4D9
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Object$CreateSelect$Compatible$BitmapDelete$ReleaseStretch
                                                    • String ID:
                                                    • API String ID: 644427674-0
                                                    • Opcode ID: 9212dc48eb065078ffd6e64a0fe4b3e7e755c3ed7e1f96497366cc94fc87ddf9
                                                    • Instruction ID: 0f3e5998203d07172116f12fa3fedaa120d09cd030f2870c51d139f455c41937
                                                    • Opcode Fuzzy Hash: 9212dc48eb065078ffd6e64a0fe4b3e7e755c3ed7e1f96497366cc94fc87ddf9
                                                    • Instruction Fuzzy Hash: E941AD71E44619AFDB10DAE9C846FEFB7BCEB08704F104466B614F7281D6786D408BA8
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00454874, Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 244registryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 70%
                                                    			E00454874(void* __ebx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _v8;
				char _v9;
				void* _v16;
				char _v17;
				char _v24;
				int _v28;
				int _v32;
				char _v36;
				char _v40;
				char* _v44;
				char _v48;
				char _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				char* _v64;
				char _v68;
				char _v72;
				void* _t75;
				void* _t94;
				void* _t99;
				void* _t103;
				char* _t106;
				void* _t129;
				void* _t164;
				void* _t169;
				intOrPtr _t187;
				intOrPtr _t191;
				intOrPtr _t193;
				void* _t205;
				void* _t206;
				intOrPtr _t207;

				_t205 = _t206;
				_t207 = _t206 + 0xffffffbc;
				_v40 = 0;
				_v52 = 0;
				_v68 = 0;
				_v72 = 0;
				_v36 = 0;
				_v8 = __edx;
				_push(_t205);
				_push(0x454b44);
				_push( *[fs:edx]);
				 *[fs:edx] = _t207;
				_v9 = 0;
				_t169 = E0042DE1C(_t75, "Software\\Microsoft\\Windows\\CurrentVersion\\SharedDLLs", 0x80000002,  &_v16, 3, 0);
				if(_t169 == 2) {
					L28:
					_pop(_t187);
					 *[fs:eax] = _t187;
					_push(E00454B4B);
					E00403420( &_v72, 2);
					E00403400( &_v52);
					return E00403420( &_v40, 2);
				} else {
					if(_t169 != 0) {
						E004535B0(0x80000002,  &_v52);
						_v48 = _v52;
						_v44 = "Software\\Microsoft\\Windows\\CurrentVersion\\SharedDLLs";
						E00451428(0x44, 1,  &_v48,  &_v40);
						E0040357C( &_v40, 0x454bd8);
						_push( &_v40);
						_v64 = "RegOpenKeyEx";
						E00406D68(_t169,  &_v68);
						_v60 = _v68;
						E0042E8C8(_t169,  &_v72);
						_v56 = _v72;
						E00451428(0x3b, 2,  &_v64,  &_v52);
						_pop(_t164);
						E0040357C(_t164, _v52);
						E00408C0C(_v40, 1);
						E0040311C();
					}
					_push(_t205);
					_push(0x454b0d);
					_push( *[fs:eax]);
					 *[fs:eax] = _t207;
					if(RegQueryValueExA(_v16, E00403738(_v8), 0,  &_v28, 0,  &_v32) == 0) {
						_v17 = 0;
						_v24 = 0;
						_push(_t205);
						_push(0x454a57);
						_push( *[fs:eax]);
						 *[fs:eax] = _t207;
						_t94 = _v28 - 1;
						if(_t94 == 0) {
							if(E0042DD4C() != 0) {
								_v24 = E00406D98(_v36,  &_v36);
								_v17 = 1;
							}
						} else {
							_t129 = _t94 - 2;
							if(_t129 == 0) {
								if(_v32 >= 1 && _v32 <= 4 && RegQueryValueExA(_v16, E00403738(_v8), 0, 0,  &_v24,  &_v32) == 0) {
									_v17 = 1;
								}
							} else {
								if(_t129 == 1) {
									_v32 = 4;
									if(RegQueryValueExA(_v16, E00403738(_v8), 0, 0,  &_v24,  &_v32) == 0) {
										_v17 = 1;
									}
								}
							}
						}
						_pop(_t191);
						 *[fs:eax] = _t191;
						if(_v17 != 0) {
							_v24 = _v24 - 1;
							if(_v24 > 0) {
								_t99 = _v28 - 1;
								if(_t99 == 0) {
									E00406D68(_v24,  &_v36);
									_t103 = E00403574(_v36);
									_t106 = E00403738(_v36);
									RegSetValueExA(_v16, E00403738(_v8), 0, 1, _t106, _t103 + 1);
								} else {
									if(_t99 + 0xfffffffe - 2 < 0) {
										RegSetValueExA(_v16, E00403738(_v8), 0, _v28,  &_v24, 4);
									}
								}
							} else {
								_v9 = 1;
								RegDeleteValueA(_v16, E00403738(_v8));
							}
							_pop(_t193);
							 *[fs:eax] = _t193;
							_push(E00454B14);
							return RegCloseKey(_v16);
						} else {
							E004031BC();
							goto L28;
						}
					} else {
						E004031BC();
						goto L28;
					}
				}
			}


































                                                    0x00454875
                                                    0x00454877
                                                    0x0045487f
                                                    0x00454882
                                                    0x00454885
                                                    0x00454888
                                                    0x0045488b
                                                    0x0045488e
                                                    0x00454893
                                                    0x00454894
                                                    0x00454899
                                                    0x0045489c
                                                    0x0045489f
                                                    0x004548ba
                                                    0x004548bf
                                                    0x00454b14
                                                    0x00454b16
                                                    0x00454b19
                                                    0x00454b1c
                                                    0x00454b29
                                                    0x00454b31
                                                    0x00454b43
                                                    0x004548c5
                                                    0x004548c7
                                                    0x004548d9
                                                    0x004548e1
                                                    0x004548e9
                                                    0x004548f6
                                                    0x00454903
                                                    0x0045490b
                                                    0x00454915
                                                    0x0045491d
                                                    0x00454925
                                                    0x0045492d
                                                    0x00454935
                                                    0x00454942
                                                    0x0045494a
                                                    0x0045494b
                                                    0x0045495a
                                                    0x0045495f
                                                    0x0045495f
                                                    0x00454966
                                                    0x00454967
                                                    0x0045496c
                                                    0x0045496f
                                                    0x00454994
                                                    0x004549a0
                                                    0x004549a6
                                                    0x004549ab
                                                    0x004549ac
                                                    0x004549b1
                                                    0x004549b4
                                                    0x004549ba
                                                    0x004549bb
                                                    0x004549d9
                                                    0x004549e3
                                                    0x004549e6
                                                    0x004549e6
                                                    0x004549bd
                                                    0x004549bd
                                                    0x004549c0
                                                    0x004549f0
                                                    0x00454a1a
                                                    0x00454a1a
                                                    0x004549c2
                                                    0x004549c3
                                                    0x00454a20
                                                    0x00454a47
                                                    0x00454a49
                                                    0x00454a49
                                                    0x00454a47
                                                    0x004549c3
                                                    0x004549c0
                                                    0x00454a4f
                                                    0x00454a52
                                                    0x00454a65
                                                    0x00454a71
                                                    0x00454a78
                                                    0x00454a95
                                                    0x00454a96
                                                    0x00454aa8
                                                    0x00454ab0
                                                    0x00454aba
                                                    0x00454ad1
                                                    0x00454a98
                                                    0x00454a9e
                                                    0x00454af1
                                                    0x00454af1
                                                    0x00454a9e
                                                    0x00454a7a
                                                    0x00454a7a
                                                    0x00454a8b
                                                    0x00454a8b
                                                    0x00454af8
                                                    0x00454afb
                                                    0x00454afe
                                                    0x00454b0c
                                                    0x00454a67
                                                    0x00454a67
                                                    0x00000000
                                                    0x00454a67
                                                    0x00454996
                                                    0x00454996
                                                    0x00000000
                                                    0x00454996
                                                    0x00454994

                                                    APIs
                                                      • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,00483FBF,?,00000001,?,?,00483FBF,?,00000001,00000000), ref: 0042DE38
                                                    • RegQueryValueExA.ADVAPI32(0045AB6A,00000000,00000000,?,00000000,?,00000000,00454B0D,?,0045AB6A,00000003,00000000,00000000,00454B44), ref: 0045498D
                                                      • Part of subcall function 0042E8C8: FormatMessageA.KERNEL32(00003200,00000000,4C783AFB,00000000,?,00000400,00000000,?,00453273,00000000,kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000), ref: 0042E8E7
                                                    • RegQueryValueExA.ADVAPI32(0045AB6A,00000000,00000000,00000000,?,00000004,00000000,00454A57,?,0045AB6A,00000000,00000000,?,00000000,?,00000000), ref: 00454A11
                                                    • RegQueryValueExA.ADVAPI32(0045AB6A,00000000,00000000,00000000,?,00000004,00000000,00454A57,?,0045AB6A,00000000,00000000,?,00000000,?,00000000), ref: 00454A40
                                                    Strings
                                                    • Software\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 004548E4
                                                    • RegOpenKeyEx, xrefs: 00454910
                                                    • , xrefs: 004548FE
                                                    • Software\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 004548AB
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: QueryValue$FormatMessageOpen
                                                    • String ID: $RegOpenKeyEx$Software\Microsoft\Windows\CurrentVersion\SharedDLLs$Software\Microsoft\Windows\CurrentVersion\SharedDLLs
                                                    • API String ID: 2812809588-1577016196
                                                    • Opcode ID: 668c5bf04f4d44590b14c867ac8e93b405d616439cb9e49677fe94bad0050756
                                                    • Instruction ID: 3b35aed17da8244e85d272d2923899a44a2159637523a8fd9e70e85f8d21f96a
                                                    • Opcode Fuzzy Hash: 668c5bf04f4d44590b14c867ac8e93b405d616439cb9e49677fe94bad0050756
                                                    • Instruction Fuzzy Hash: 23914871E44148ABDB10DF95C842BDEB7FCEB49309F50406BF900FB282D6789E458B69
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00459458, Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 165registryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 90%
                                                    			E00459458(signed int __eax, void* __ebx, void* __ecx, signed int __edx, void* __edi, void* __esi) {
				signed int _v5;
				void* _v12;
				char _v16;
				char _v20;
				char _v24;
				signed int _t79;
				signed int _t82;
				signed int _t83;
				signed int _t130;
				intOrPtr _t162;
				signed int _t175;
				signed int _t177;
				void* _t183;
				void* _t186;

				_t185 = _t186;
				_v16 = 0;
				_t183 = __ecx;
				_v5 = __edx;
				_t130 = __eax;
				_push(_t186);
				_push(0x459659);
				_push( *[fs:eax]);
				 *[fs:eax] = _t186 + 0xffffffec;
				if( *0x0049D04C != 0) {
					L16:
					E00403494(_t183,  *((intOrPtr*)(0x49d04c)));
					_pop(_t162);
					 *[fs:eax] = _t162;
					_push(E00459660);
					return E00403400( &_v16);
				}
				E00459364(__eax, __ecx,  &_v16, _t185);
				if(_v5 + 0xfe - 2 >= 0 || E0042DE1C(_t130, "SOFTWARE\\Microsoft\\.NETFramework\\Policy\\v4.0", 0x80000002,  &_v12, 1, 0) != 0) {
					_t79 = _v5 - 1;
					__eflags = _t79;
					if(_t79 == 0) {
						L6:
						_t82 = E0042DE1C(_t130, "SOFTWARE\\Microsoft\\.NETFramework\\Policy\\v2.0", 0x80000002,  &_v12, 1, 0);
						__eflags = _t82;
						if(_t82 != 0) {
							L8:
							_t83 = _v5;
							__eflags = _t83;
							if(_t83 == 0) {
								L10:
								__eflags = E0042DE1C(_t130, "SOFTWARE\\Microsoft\\.NETFramework\\Policy\\v1.1", 0x80000002,  &_v12, 1, 0);
								if(__eflags == 0) {
									_t177 = _t130 & 0x0000007f;
									E0042C3FC( *((intOrPtr*)(0x49d040 + _t177 * 4)),  &_v16);
									_t142 = _t177 + _t177;
									__eflags = _t177 + _t177;
									E004035C0(0x49d04c + _t142 * 8, "v1.1.4322", _v16);
									RegCloseKey(_v12);
								}
								goto L12;
							}
							__eflags = _t83 - 3;
							if(__eflags != 0) {
								goto L12;
							}
							goto L10;
						} else {
							_t179 = _t130 & 0x0000007f;
							E0042C3FC( *((intOrPtr*)(0x49d040 + (_t130 & 0x0000007f) * 4)),  &_v16);
							E004035C0(0x49d04c + (_t179 + _t179) * 8, "v2.0.50727", _v16);
							RegCloseKey(_v12);
							goto L12;
						}
					}
					__eflags = _t79 != 2;
					if(_t79 != 2) {
						goto L8;
					}
					goto L6;
				} else {
					_t181 = _t130 & 0x0000007f;
					E0042C3FC( *((intOrPtr*)(0x49d040 + (_t130 & 0x0000007f) * 4)),  &_v16);
					E004035C0(0x49d04c + (_t181 + _t181) * 8, "v4.0.30319", _v16);
					RegCloseKey(_v12);
					L12:
					_t175 = _v5 & 0x000000ff;
					if( *((intOrPtr*)(0x49d04c + _t175 * 4)) == 0) {
						_t192 = _v5 - 3;
						if(_v5 == 3) {
							E00453344(".NET Framework not found", _t130, _t175, _t183, __eflags);
						} else {
							_v24 =  *((intOrPtr*)(0x49ab3c + _t175 * 4));
							_v20 = 0xb;
							E004078F4(".NET Framework version %s not found", 0,  &_v24,  &_v16);
							E00453344(_v16, _t130, _t175, _t183, _t192);
						}
					}
					goto L16;
				}
			}

















                                                    0x00459459
                                                    0x00459463
                                                    0x00459466
                                                    0x00459468
                                                    0x0045946b
                                                    0x0045946f
                                                    0x00459470
                                                    0x00459475
                                                    0x00459478
                                                    0x00459491
                                                    0x00459627
                                                    0x0045963e
                                                    0x00459645
                                                    0x00459648
                                                    0x0045964b
                                                    0x00459658
                                                    0x00459658
                                                    0x0045949c
                                                    0x004594a8
                                                    0x0045950c
                                                    0x0045950c
                                                    0x0045950e
                                                    0x00459514
                                                    0x00459528
                                                    0x0045952d
                                                    0x0045952f
                                                    0x00459570
                                                    0x00459570
                                                    0x00459573
                                                    0x00459575
                                                    0x0045957b
                                                    0x00459594
                                                    0x00459596
                                                    0x0045959d
                                                    0x004595a7
                                                    0x004595b6
                                                    0x004595b6
                                                    0x004595c7
                                                    0x004595d0
                                                    0x004595d0
                                                    0x00000000
                                                    0x00459596
                                                    0x00459577
                                                    0x00459579
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00459531
                                                    0x00459536
                                                    0x00459540
                                                    0x00459560
                                                    0x00459569
                                                    0x00000000
                                                    0x00459569
                                                    0x0045952f
                                                    0x00459510
                                                    0x00459512
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x004594c7
                                                    0x004594cc
                                                    0x004594d6
                                                    0x004594f6
                                                    0x004594ff
                                                    0x004595d5
                                                    0x004595d5
                                                    0x004595ea
                                                    0x004595ec
                                                    0x004595f0
                                                    0x00459622
                                                    0x004595f2
                                                    0x004595fd
                                                    0x00459600
                                                    0x0045960e
                                                    0x00459616
                                                    0x00459616
                                                    0x004595f0
                                                    0x00000000
                                                    0x004595ea

                                                    APIs
                                                      • Part of subcall function 00459364: RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,?,00000000,?,00000002,004594A1,00000000,00459659,?,00000000,00000000,00000000), ref: 004593B1
                                                    • RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,00000000,00459659,?,00000000,00000000,00000000), ref: 004594FF
                                                    • RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,00000000,00459659,?,00000000,00000000,00000000), ref: 00459569
                                                      • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,00483FBF,?,00000001,?,?,00483FBF,?,00000001,00000000), ref: 0042DE38
                                                    • RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,00000000,00000001,00000000,00000000,00459659,?,00000000,00000000,00000000), ref: 004595D0
                                                    Strings
                                                    • v2.0.50727, xrefs: 0045955B
                                                    • SOFTWARE\Microsoft\.NETFramework\Policy\v2.0, xrefs: 0045951C
                                                    • .NET Framework version %s not found, xrefs: 00459609
                                                    • v1.1.4322, xrefs: 004595C2
                                                    • SOFTWARE\Microsoft\.NETFramework\Policy\v4.0, xrefs: 004594B2
                                                    • v4.0.30319, xrefs: 004594F1
                                                    • SOFTWARE\Microsoft\.NETFramework\Policy\v1.1, xrefs: 00459583
                                                    • .NET Framework not found, xrefs: 0045961D
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Close$Open
                                                    • String ID: .NET Framework not found$.NET Framework version %s not found$SOFTWARE\Microsoft\.NETFramework\Policy\v1.1$SOFTWARE\Microsoft\.NETFramework\Policy\v2.0$SOFTWARE\Microsoft\.NETFramework\Policy\v4.0$v1.1.4322$v2.0.50727$v4.0.30319
                                                    • API String ID: 2976201327-446240816
                                                    • Opcode ID: ff2b6af7e5c086a855278264fd341eab3723ad98b019ff3e6db88a5e0e65c9b5
                                                    • Instruction ID: 81ee8c6a45b9b23f46d813c67303bebc6eb40883e83401b15e0d015f99a83bd9
                                                    • Opcode Fuzzy Hash: ff2b6af7e5c086a855278264fd341eab3723ad98b019ff3e6db88a5e0e65c9b5
                                                    • Instruction Fuzzy Hash: EB51A131A04148EBCB01DF64C861BEE77A6DB59305F54447BA801EB353EA3DAE1ECB19
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00458A44, Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 70sleepsynchronizationCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00458A44(intOrPtr __eax, void* __edx) {
				long _v12;
				long _v16;
				void* __ebx;
				void* __esi;
				void* _t44;
				void* _t50;
				intOrPtr _t51;
				DWORD* _t52;

				_t19 = __eax;
				_t52 =  &_v12;
				_t44 = __edx;
				_t51 = __eax;
				if( *((char*)(__eax + 4)) == 0) {
					L11:
					return _t19;
				}
				 *((char*)(__eax + 5)) = 1;
				_v16 =  *((intOrPtr*)(__eax + 0x10));
				_v12 = 0;
				E00457F1C("Stopping 64-bit helper process. (PID: %u)", __edx, 0,  &_v16, _t50, __eax);
				CloseHandle( *(_t51 + 0xc));
				 *(_t51 + 0xc) = 0;
				while(WaitForSingleObject( *(_t51 + 8), 0x2710) == 0x102) {
					E00457D10("Helper isn\'t responding; killing it.", _t44, 0, _t50, _t51);
					TerminateProcess( *(_t51 + 8), 1);
				}
				if(GetExitCodeProcess( *(_t51 + 8), _t52) == 0) {
					E00457D10("Helper process exited, but failed to get exit code.", _t44, 0, _t50, _t51);
				} else {
					if( *_t52 != 0) {
						_v16 =  *_t52;
						_v12 = 0;
						E00457F1C("Helper process exited with failure code: 0x%x", _t44, 0,  &_v16, _t50, _t51);
					} else {
						E00457D10("Helper process exited.", _t44, 0, _t50, _t51);
					}
				}
				CloseHandle( *(_t51 + 8));
				 *(_t51 + 8) = 0;
				_t19 = 0;
				 *((intOrPtr*)(_t51 + 0x10)) = 0;
				 *((char*)(_t51 + 4)) = 0;
				if(_t44 == 0) {
					goto L11;
				} else {
					Sleep(0xfa);
					return 0;
				}
			}











                                                    0x00458a44
                                                    0x00458a46
                                                    0x00458a49
                                                    0x00458a4b
                                                    0x00458a51
                                                    0x00458b23
                                                    0x00458b23
                                                    0x00458b23
                                                    0x00458a57
                                                    0x00458a5e
                                                    0x00458a62
                                                    0x00458a72
                                                    0x00458a7b
                                                    0x00458a82
                                                    0x00458a9c
                                                    0x00458a8c
                                                    0x00458a97
                                                    0x00458a97
                                                    0x00458abd
                                                    0x00458af4
                                                    0x00458abf
                                                    0x00458ac3
                                                    0x00458ad4
                                                    0x00458ad8
                                                    0x00458ae8
                                                    0x00458ac5
                                                    0x00458aca
                                                    0x00458aca
                                                    0x00458ac3
                                                    0x00458afd
                                                    0x00458b04
                                                    0x00458b07
                                                    0x00458b09
                                                    0x00458b0c
                                                    0x00458b12
                                                    0x00000000
                                                    0x00458b14
                                                    0x00458b19
                                                    0x00000000
                                                    0x00458b19

                                                    APIs
                                                    • CloseHandle.KERNEL32(?), ref: 00458A7B
                                                    • TerminateProcess.KERNEL32(?,00000001,?,00002710,?), ref: 00458A97
                                                    • WaitForSingleObject.KERNEL32(?,00002710,?), ref: 00458AA5
                                                    • GetExitCodeProcess.KERNEL32 ref: 00458AB6
                                                    • CloseHandle.KERNEL32(?,?,?,?,00002710,?,00000001,?,00002710,?), ref: 00458AFD
                                                    • Sleep.KERNEL32(000000FA,?,?,?,?,00002710,?,00000001,?,00002710,?), ref: 00458B19
                                                    Strings
                                                    • Helper isn't responding; killing it., xrefs: 00458A87
                                                    • Stopping 64-bit helper process. (PID: %u), xrefs: 00458A6D
                                                    • Helper process exited, but failed to get exit code., xrefs: 00458AEF
                                                    • Helper process exited., xrefs: 00458AC5
                                                    • Helper process exited with failure code: 0x%x, xrefs: 00458AE3
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CloseHandleProcess$CodeExitObjectSingleSleepTerminateWait
                                                    • String ID: Helper isn't responding; killing it.$Helper process exited with failure code: 0x%x$Helper process exited, but failed to get exit code.$Helper process exited.$Stopping 64-bit helper process. (PID: %u)
                                                    • API String ID: 3355656108-1243109208
                                                    • Opcode ID: 82a4a8b6a8cb783b8d50086b3e418d053ad70280f482195291431655f8ddd5cb
                                                    • Instruction ID: 3f2324d87e707cedf1d5c4e10b6e93e7b0b52df74c864805f1ac214018e434b5
                                                    • Opcode Fuzzy Hash: 82a4a8b6a8cb783b8d50086b3e418d053ad70280f482195291431655f8ddd5cb
                                                    • Instruction Fuzzy Hash: 2F2130706087409AD720E779C44575BB6D49F08345F04CC2FF99AEB283DF78E8488B2A
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00454528, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 228registryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 82%
                                                    			E00454528(void* __ebx, signed int __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _v5;
				void* _v12;
				char _v16;
				int _v20;
				char _v24;
				int _v28;
				int _v32;
				char _v36;
				char* _v40;
				char _v44;
				char* _v48;
				char _v52;
				char _v56;
				char _v60;
				intOrPtr _v64;
				char* _v68;
				char _v72;
				char _v76;
				void* _t81;
				void* _t82;
				signed int _t92;
				void* _t96;
				void* _t100;
				void* _t127;
				void* _t132;
				void* _t164;
				intOrPtr _t186;
				intOrPtr _t188;
				void* _t201;
				void* _t203;
				void* _t204;
				intOrPtr _t205;

				_t203 = _t204;
				_t205 = _t204 + 0xffffffb8;
				_v44 = 0;
				_v56 = 0;
				_v72 = 0;
				_v76 = 0;
				_v36 = 0;
				_v5 = __ecx;
				_t201 = __edx;
				_push(_t203);
				_push(0x4547c3);
				_push( *[fs:edx]);
				 *[fs:edx] = _t205;
				_t82 = E0042DDE4(_t81, "Software\\Microsoft\\Windows\\CurrentVersion\\SharedDLLs", 0x80000002,  &_v16,  &_v12, 0, 3, 0, 0, 0);
				_t170 = _t82;
				if(_t82 != 0) {
					E004535B0(0x80000002,  &_v56);
					_v52 = _v56;
					_v48 = "Software\\Microsoft\\Windows\\CurrentVersion\\SharedDLLs";
					E00451428(0x44, 1,  &_v52,  &_v44);
					E0040357C( &_v44, 0x454854);
					_push( &_v44);
					_v68 = "RegCreateKeyEx";
					E00406D68(_t170,  &_v72);
					_v64 = _v72;
					E0042E8C8(_t170,  &_v76);
					_v60 = _v76;
					E00451428(0x3b, 2,  &_v68,  &_v56);
					_pop(_t164);
					E0040357C(_t164, _v56);
					E00408C0C(_v44, 1);
					E0040311C();
				}
				_v40 = E00403738(_t201);
				_v24 = 0;
				_v32 = 4;
				_push(_t203);
				_push(0x4546ff);
				_push( *[fs:eax]);
				 *[fs:eax] = _t205;
				if(RegQueryValueExA(_v12, _v40, 0,  &_v28, 0,  &_v20) == 0) {
					_t127 = _v28 - 1;
					if(_t127 == 0) {
						if(E0042DD4C() != 0) {
							_v24 = E00406D98(_v36,  &_v36);
							_v32 = 1;
						}
					} else {
						_t132 = _t127 - 2;
						if(_t132 == 0) {
							if(_v20 >= 1 && _v20 <= 4) {
								if(RegQueryValueExA(_v12, _v40, 0, 0,  &_v24,  &_v20) != 0) {
									E00408BE0();
								}
								_v32 = 3;
							}
						} else {
							if(_t132 == 1) {
								_v20 = 4;
								if(RegQueryValueExA(_v12, _v40, 0, 0,  &_v24,  &_v20) != 0) {
									E00408BE0();
								}
							}
						}
					}
				}
				_t92 = 0;
				_pop(_t186);
				 *[fs:eax] = _t186;
				if(_v24 < 0) {
					_t92 = 0;
					_v24 = 0;
				}
				if(((_t92 & 0xffffff00 | _v24 == 0x00000000) & _v5) != 0) {
					_v24 = _v24 + 1;
				}
				_v24 = _v24 + 1;
				_t96 = _v32 - 1;
				if(_t96 == 0) {
					E00406D68(_v24,  &_v36);
					_t100 = E00403574(_v36);
					RegSetValueExA(_v12, _v40, 0, _v32, E00403738(_v36), _t100 + 1);
				} else {
					if(_t96 + 0xfffffffe - 2 < 0) {
						RegSetValueExA(_v12, _v40, 0, _v32,  &_v24, 4);
					}
				}
				RegCloseKey(_v12);
				_pop(_t188);
				 *[fs:eax] = _t188;
				_push(0x4547ca);
				E00403420( &_v76, 2);
				E00403400( &_v56);
				E00403400( &_v44);
				return E00403400( &_v36);
			}



































                                                    0x00454529
                                                    0x0045452b
                                                    0x00454533
                                                    0x00454536
                                                    0x00454539
                                                    0x0045453c
                                                    0x0045453f
                                                    0x00454542
                                                    0x00454545
                                                    0x00454549
                                                    0x0045454a
                                                    0x0045454f
                                                    0x00454552
                                                    0x00454571
                                                    0x00454576
                                                    0x0045457a
                                                    0x0045458c
                                                    0x00454594
                                                    0x0045459c
                                                    0x004545a9
                                                    0x004545b6
                                                    0x004545be
                                                    0x004545c8
                                                    0x004545d0
                                                    0x004545d8
                                                    0x004545e0
                                                    0x004545e8
                                                    0x004545f5
                                                    0x004545fd
                                                    0x004545fe
                                                    0x0045460d
                                                    0x00454612
                                                    0x00454612
                                                    0x0045461e
                                                    0x00454623
                                                    0x00454626
                                                    0x0045462f
                                                    0x00454630
                                                    0x00454635
                                                    0x00454638
                                                    0x00454656
                                                    0x0045465f
                                                    0x00454660
                                                    0x0045467f
                                                    0x00454689
                                                    0x0045468c
                                                    0x0045468c
                                                    0x00454662
                                                    0x00454662
                                                    0x00454665
                                                    0x00454699
                                                    0x004546bc
                                                    0x004546be
                                                    0x004546be
                                                    0x004546c3
                                                    0x004546c3
                                                    0x00454667
                                                    0x00454668
                                                    0x004546cc
                                                    0x004546ee
                                                    0x004546f0
                                                    0x004546f0
                                                    0x004546ee
                                                    0x00454668
                                                    0x00454665
                                                    0x00454660
                                                    0x004546f5
                                                    0x004546f7
                                                    0x004546fa
                                                    0x00454712
                                                    0x00454714
                                                    0x00454716
                                                    0x00454716
                                                    0x00454723
                                                    0x00454725
                                                    0x00454725
                                                    0x00454728
                                                    0x0045472e
                                                    0x0045472f
                                                    0x00454741
                                                    0x00454749
                                                    0x00454767
                                                    0x00454731
                                                    0x00454737
                                                    0x00454782
                                                    0x00454782
                                                    0x00454737
                                                    0x0045478b
                                                    0x00454792
                                                    0x00454795
                                                    0x00454798
                                                    0x004547a5
                                                    0x004547ad
                                                    0x004547b5
                                                    0x004547c2

                                                    APIs
                                                      • Part of subcall function 0042DDE4: RegCreateKeyExA.ADVAPI32(?,?,?,?,?,?,?,?,?), ref: 0042DE10
                                                    • RegQueryValueExA.ADVAPI32(?,?,00000000,?,00000000,?,00000000,004546FF,?,00000000,004547C3), ref: 0045464F
                                                    • RegCloseKey.ADVAPI32(?,?,?,00000000,00000004,00000000,00000001,?,00000000,?,00000000,004546FF,?,00000000,004547C3), ref: 0045478B
                                                      • Part of subcall function 0042E8C8: FormatMessageA.KERNEL32(00003200,00000000,4C783AFB,00000000,?,00000400,00000000,?,00453273,00000000,kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000), ref: 0042E8E7
                                                    Strings
                                                    • , xrefs: 004545B1
                                                    • Software\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 00454597
                                                    • Software\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 00454567
                                                    • RegCreateKeyEx, xrefs: 004545C3
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CloseCreateFormatMessageQueryValue
                                                    • String ID: $RegCreateKeyEx$Software\Microsoft\Windows\CurrentVersion\SharedDLLs$Software\Microsoft\Windows\CurrentVersion\SharedDLLs
                                                    • API String ID: 2481121983-1280779767
                                                    • Opcode ID: ef2270dc116ac719d3bc81623da7b3fdde5fe7a6d7b9fa3a83de35bc0377b375
                                                    • Instruction ID: 93c55a0ab54dbcba353dd8d7ef9dbdddde8d62e860aeeeeaccb8ee2ace91ec52
                                                    • Opcode Fuzzy Hash: ef2270dc116ac719d3bc81623da7b3fdde5fe7a6d7b9fa3a83de35bc0377b375
                                                    • Instruction Fuzzy Hash: 49810F75A00209AFDB00DFD5C981BDEB7B8EB49309F10452AF900FB282D7789E45CB69
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00497190, Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 141fileCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 66%
                                                    			E00497190(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				char _v8;
				struct HWND__* _v12;
				void* _v16;
				char _v20;
				char _v24;
				struct HWND__* _v28;
				char _v32;
				char _v36;
				char _v40;
				CHAR* _t38;
				intOrPtr _t39;
				int _t41;
				struct HINSTANCE__* _t45;
				intOrPtr _t50;
				void* _t63;
				intOrPtr _t76;
				intOrPtr _t95;
				intOrPtr _t97;
				void* _t101;
				void* _t102;
				intOrPtr _t103;

				_t99 = __esi;
				_t98 = __edi;
				_t83 = __ecx;
				_t82 = __ebx;
				_t101 = _t102;
				_t103 = _t102 + 0xffffffdc;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v20 = 0;
				_v40 = 0;
				_v8 = 0;
				_push(_t101);
				_push(0x497361);
				_push( *[fs:eax]);
				 *[fs:eax] = _t103;
				E0042DA18( &_v20, __ebx, __ecx, __edi, __esi);
				if(E004538BC(_v20, _t82,  &_v8, _t98, _t99) == 0) {
					_push(_t101);
					_push( *[fs:eax]);
					 *[fs:eax] = _t103;
					E00453D30(0, _t82, _v8, _t98, _t99);
					_pop(_t97);
					_t83 = 0x4971ed;
					 *[fs:eax] = _t97;
				}
				_t38 = E00403738(_v8);
				_t39 =  *0x49d538; // 0x0
				_t41 = CopyFileA(E00403738(_t39), _t38, 0);
				_t106 = _t41;
				if(_t41 == 0) {
					_t76 =  *0x49cdf4; // 0x0
					E00496838(_t76, _t82, _t83, _t98, _t99, _t106);
				}
				SetFileAttributesA(E00403738(_v8), 0x80);
				_t45 =  *0x49c014; // 0x400000
				_v12 = CreateWindowExA(0, "STATIC", 0x497370, 0, 0, 0, 0, 0, 0, 0, _t45, 0);
				 *0x49d564 = SetWindowLongA(_v12, 0xfffffffc, E004969E8);
				_push(_t101);
				_push(0x497334);
				_push( *[fs:eax]);
				 *[fs:eax] = _t103;
				_t50 =  *0x49c628; // 0x21a2410
				SetWindowPos( *(_t50 + 0x20), 0, 0, 0, 0, 0, 0x97);
				E0042D44C(0, _t82,  &_v40, _t98, _t99);
				_v36 = _v40;
				_v32 = 0xb;
				_v28 = _v12;
				_v24 = 0;
				E004078F4("/SECONDPHASE=\"%s\" /FIRSTPHASEWND=$%x ", 1,  &_v36,  &_v20);
				_push( &_v20);
				E0042D32C( &_v40, _t82, 1, _t98, _t99, 0);
				_pop(_t63);
				E0040357C(_t63, _v40);
				_v16 = E004968E0(_v8, _t82, _v20, _t98, _t99, 0);
				do {
				} while (E004969AC() == 0 && MsgWaitForMultipleObjects(1,  &_v16, 0, 0xffffffff, 0xff) == 1);
				CloseHandle(_v16);
				_pop(_t95);
				 *[fs:eax] = _t95;
				_push(E0049733B);
				return DestroyWindow(_v12);
			}
























                                                    0x00497190
                                                    0x00497190
                                                    0x00497190
                                                    0x00497190
                                                    0x00497191
                                                    0x00497193
                                                    0x00497196
                                                    0x00497197
                                                    0x00497198
                                                    0x0049719b
                                                    0x0049719e
                                                    0x004971a1
                                                    0x004971a6
                                                    0x004971a7
                                                    0x004971ac
                                                    0x004971af
                                                    0x004971b5
                                                    0x004971c7
                                                    0x004971cb
                                                    0x004971d1
                                                    0x004971d4
                                                    0x004971de
                                                    0x004971e5
                                                    0x004971e7
                                                    0x004971e8
                                                    0x004971e8
                                                    0x004971fc
                                                    0x00497202
                                                    0x0049720d
                                                    0x00497212
                                                    0x00497214
                                                    0x00497216
                                                    0x0049721b
                                                    0x0049721b
                                                    0x0049722e
                                                    0x00497235
                                                    0x0049725a
                                                    0x0049726d
                                                    0x00497274
                                                    0x00497275
                                                    0x0049727a
                                                    0x0049727d
                                                    0x0049728f
                                                    0x00497298
                                                    0x004972a6
                                                    0x004972ae
                                                    0x004972b1
                                                    0x004972b8
                                                    0x004972bb
                                                    0x004972cc
                                                    0x004972d4
                                                    0x004972d8
                                                    0x004972e0
                                                    0x004972e1
                                                    0x004972f1
                                                    0x004972f4
                                                    0x004972f9
                                                    0x00497318
                                                    0x0049731f
                                                    0x00497322
                                                    0x00497325
                                                    0x00497333

                                                    APIs
                                                      • Part of subcall function 004538BC: CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,asI,_iu,?,00000000,004539F6), ref: 004539AB
                                                      • Part of subcall function 004538BC: CloseHandle.KERNEL32(00000000,00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,asI,_iu,?,00000000,004539F6), ref: 004539BB
                                                    • CopyFileA.KERNEL32(00000000,00000000,00000000), ref: 0049720D
                                                    • SetFileAttributesA.KERNEL32(00000000,00000080,00000000,00497361), ref: 0049722E
                                                    • CreateWindowExA.USER32 ref: 00497255
                                                    • SetWindowLongA.USER32 ref: 00497268
                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000097,00000000,00497334,?,?,000000FC,004969E8,00000000,STATIC,00497370), ref: 00497298
                                                    • MsgWaitForMultipleObjects.USER32 ref: 0049730C
                                                    • CloseHandle.KERNEL32(?,?,?,00000000,00000000,00000000,00000000,00000000,00000097,00000000,00497334,?,?,000000FC,004969E8,00000000), ref: 00497318
                                                      • Part of subcall function 00453D30: WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00453E17
                                                    • DestroyWindow.USER32(?,0049733B,00000000,00000000,00000000,00000000,00000000,00000097,00000000,00497334,?,?,000000FC,004969E8,00000000,STATIC), ref: 0049732E
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Window$File$CloseCreateHandle$AttributesCopyDestroyLongMultipleObjectsPrivateProfileStringWaitWrite
                                                    • String ID: /SECONDPHASE="%s" /FIRSTPHASEWND=$%x $STATIC
                                                    • API String ID: 1549857992-2312673372
                                                    • Opcode ID: 638975be5a90d50e3b605b1e49b7eb2f5ed4f7d9641967e285dd575213b23448
                                                    • Instruction ID: cf08c6c0df85773511bd90435510a992162f62aa3bbe36377fb46bffd16b674f
                                                    • Opcode Fuzzy Hash: 638975be5a90d50e3b605b1e49b7eb2f5ed4f7d9641967e285dd575213b23448
                                                    • Instruction Fuzzy Hash: 4A413C70A54208AFDF10EBA5DC42F9E7BB8EB08704F51457AF900FB291D6799E00DB68
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0042E418, Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 86registrylibraryloaderCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 69%
                                                    			E0042E418(void* __ebx, void* __edi, void* __esi) {
				void* _v8;
				char _v12;
				char _v16;
				char _v20;
				intOrPtr* _t50;
				intOrPtr _t64;
				void* _t72;

				_v20 = 0;
				_v12 = 0;
				_push(_t72);
				_push(0x42e51d);
				_push( *[fs:eax]);
				 *[fs:eax] = _t72 + 0xfffffff0;
				_t50 = GetProcAddress(GetModuleHandleA("kernel32.dll"), "GetUserDefaultUILanguage");
				if(_t50 == 0) {
					if( *0x49a0dc != 2) {
						if(E0042DE1C(0, "Control Panel\\Desktop\\ResourceLocale", 0x80000001,  &_v8, 1, 0) == 0) {
							E0042DD4C();
							RegCloseKey(_v8);
						}
					} else {
						if(E0042DE1C(0, ".DEFAULT\\Control Panel\\International", 0x80000003,  &_v8, 1, 0) == 0) {
							E0042DD4C();
							RegCloseKey(_v8);
						}
					}
					_t11 =  &_v20; // 0x456151
					E00403494(_t11, 0x42e5c0);
					_t12 =  &_v20; // 0x456151
					E0040357C(_t12, _v12);
					_t14 =  &_v20; // 0x456151
					E004029D8( *_t14,  &_v16);
					if(_v16 != 0) {
					}
				} else {
					 *_t50();
				}
				_pop(_t64);
				 *[fs:eax] = _t64;
				_push(E0042E524);
				_t17 =  &_v20; // 0x456151
				E00403400(_t17);
				return E00403400( &_v12);
			}










                                                    0x0042e423
                                                    0x0042e426
                                                    0x0042e42b
                                                    0x0042e42c
                                                    0x0042e431
                                                    0x0042e434
                                                    0x0042e44c
                                                    0x0042e450
                                                    0x0042e462
                                                    0x0042e4b7
                                                    0x0042e4c4
                                                    0x0042e4cd
                                                    0x0042e4cd
                                                    0x0042e464
                                                    0x0042e47f
                                                    0x0042e48c
                                                    0x0042e495
                                                    0x0042e495
                                                    0x0042e47f
                                                    0x0042e4d7
                                                    0x0042e4da
                                                    0x0042e4df
                                                    0x0042e4e5
                                                    0x0042e4ea
                                                    0x0042e4f0
                                                    0x0042e4fb
                                                    0x0042e4fb
                                                    0x0042e452
                                                    0x0042e452
                                                    0x0042e454
                                                    0x0042e501
                                                    0x0042e504
                                                    0x0042e507
                                                    0x0042e50c
                                                    0x0042e50f
                                                    0x0042e51c

                                                    APIs
                                                    • GetModuleHandleA.KERNEL32(kernel32.dll,GetUserDefaultUILanguage,00000000,0042E51D,?,00000000,0047EAB8,00000000), ref: 0042E441
                                                    • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0042E447
                                                    • RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,0042E51D,?,00000000,0047EAB8,00000000), ref: 0042E495
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: AddressCloseHandleModuleProc
                                                    • String ID: .DEFAULT\Control Panel\International$Control Panel\Desktop\ResourceLocale$GetUserDefaultUILanguage$Locale$QaE$kernel32.dll
                                                    • API String ID: 4190037839-2312295185
                                                    • Opcode ID: 83570bd0ce43e78f261925d77abc78ba83d1fb8bd641887165153b6bed6d5ea9
                                                    • Instruction ID: dcbdb1b25fdf23572bf88c9a65674c04ba25a3dfd682240825f74d76f424645b
                                                    • Opcode Fuzzy Hash: 83570bd0ce43e78f261925d77abc78ba83d1fb8bd641887165153b6bed6d5ea9
                                                    • Instruction Fuzzy Hash: 68213230B10225BBDB10EAE6DC51B9E76B8EB44308F904477A504E7281E77CDE419B5C
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004629F0, Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 82libraryloaderCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetActiveWindow.USER32 ref: 004629FC
                                                    • GetModuleHandleA.KERNEL32(user32.dll), ref: 00462A10
                                                    • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 00462A1D
                                                    • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 00462A2A
                                                    • GetWindowRect.USER32 ref: 00462A76
                                                    • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,0000001D,?,00000000), ref: 00462AB4
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Window$AddressProc$ActiveHandleModuleRect
                                                    • String ID: ($GetMonitorInfoA$MonitorFromWindow$user32.dll
                                                    • API String ID: 2610873146-3407710046
                                                    • Opcode ID: e54ea61e7ff53ccb6155445239e3f4edb54d22f30a98655ad845b77929937b23
                                                    • Instruction ID: 9842ae50c22ead81fa156f5b7a64e1f536071a607b34688e3e3cbcd016f18cd1
                                                    • Opcode Fuzzy Hash: e54ea61e7ff53ccb6155445239e3f4edb54d22f30a98655ad845b77929937b23
                                                    • Instruction Fuzzy Hash: 15219576701B057BD610D6A88D85F3B36D8EB88715F094A2AF944DB3C1E6F8DC018B9A
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0042F188, Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 82libraryloaderCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetActiveWindow.USER32 ref: 0042F194
                                                    • GetModuleHandleA.KERNEL32(user32.dll), ref: 0042F1A8
                                                    • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 0042F1B5
                                                    • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 0042F1C2
                                                    • GetWindowRect.USER32 ref: 0042F20E
                                                    • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,0000001D,?,00000000), ref: 0042F24C
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Window$AddressProc$ActiveHandleModuleRect
                                                    • String ID: ($GetMonitorInfoA$MonitorFromWindow$user32.dll
                                                    • API String ID: 2610873146-3407710046
                                                    • Opcode ID: 4e0847af1d2ea56083bdd1c82c540be19fadf87330c2f71622929ccca62b1737
                                                    • Instruction ID: 78f5e3e222a42cc18cdbf1d154cf4d1e82dacf0ae8140000a22c19f5604f87d1
                                                    • Opcode Fuzzy Hash: 4e0847af1d2ea56083bdd1c82c540be19fadf87330c2f71622929ccca62b1737
                                                    • Instruction Fuzzy Hash: 0821F57A704710ABD300E664DC81F3B37A9DB89714F88457AF944DB381DA79EC044BA9
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00458C1C, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 127pipeCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 56%
                                                    			E00458C1C(intOrPtr __eax, void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, char _a4) {
				intOrPtr _v8;
				long _v12;
				void* _v16;
				struct _OVERLAPPED _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				long _t85;
				intOrPtr _t97;
				intOrPtr _t99;
				void* _t104;
				void* _t105;
				intOrPtr _t106;

				_t104 = _t105;
				_t106 = _t105 + 0xffffffd8;
				_v40 = 0;
				_v44 = 0;
				_v8 = __eax;
				_push(_t104);
				_push(0x458e5e);
				_push( *[fs:eax]);
				 *[fs:eax] = _t106;
				 *(_v8 + 0x14) =  *(_v8 + 0x14) + 1;
				 *(_v8 + 0x20) =  *(_v8 + 0x14);
				 *((intOrPtr*)(_v8 + 0x24)) = __edx;
				 *((intOrPtr*)(_v8 + 0x28)) = __ecx;
				_t85 = 0xc + __ecx;
				_push(_t104);
				_push(0x458dfb);
				_push( *[fs:edx]);
				 *[fs:edx] = _t106;
				_v16 = CreateEventA(0, 1, 0, 0);
				if(_v16 == 0) {
					E0045349C("CreateEvent");
				}
				_push(_t104);
				_push(0x458d90);
				_push( *[fs:edx]);
				 *[fs:edx] = _t106;
				E00402934( &_v36, 0x14);
				_v36.hEvent = _v16;
				if(TransactNamedPipe( *(_v8 + 0xc), _v8 + 0x20, _t85, _v8 + 0x4034, 0x14,  &_v12,  &_v36) != 0) {
					_pop(_t97);
					 *[fs:eax] = _t97;
					_push(E00458D97);
					return CloseHandle(_v16);
				} else {
					if(GetLastError() != 0x3e5) {
						E0045349C("TransactNamedPipe");
					}
					_push(_t104);
					_push(0x458d62);
					_push( *[fs:edx]);
					 *[fs:edx] = _t106;
					if(_a4 != 0 &&  *((short*)(_v8 + 0x1a)) != 0) {
						do {
							 *((intOrPtr*)(_v8 + 0x18))();
						} while (MsgWaitForMultipleObjects(1,  &_v16, 0, 0xffffffff, 0xff) == 1);
					}
					_pop(_t99);
					 *[fs:eax] = _t99;
					_push(E00458D69);
					GetOverlappedResult( *(_v8 + 0xc),  &_v36,  &_v12, 1);
					return GetLastError();
				}
			}















                                                    0x00458c1d
                                                    0x00458c1f
                                                    0x00458c27
                                                    0x00458c2a
                                                    0x00458c2d
                                                    0x00458c32
                                                    0x00458c33
                                                    0x00458c38
                                                    0x00458c3b
                                                    0x00458c41
                                                    0x00458c4d
                                                    0x00458c53
                                                    0x00458c59
                                                    0x00458c61
                                                    0x00458c65
                                                    0x00458c66
                                                    0x00458c6b
                                                    0x00458c6e
                                                    0x00458c7e
                                                    0x00458c85
                                                    0x00458c8c
                                                    0x00458c8c
                                                    0x00458c93
                                                    0x00458c94
                                                    0x00458c99
                                                    0x00458c9c
                                                    0x00458ca9
                                                    0x00458cb1
                                                    0x00458cdd
                                                    0x00458d7b
                                                    0x00458d7e
                                                    0x00458d81
                                                    0x00458d8f
                                                    0x00458ce3
                                                    0x00458ced
                                                    0x00458cf4
                                                    0x00458cf4
                                                    0x00458cfb
                                                    0x00458cfc
                                                    0x00458d01
                                                    0x00458d04
                                                    0x00458d0b
                                                    0x00458d17
                                                    0x00458d1d
                                                    0x00458d34
                                                    0x00458d17
                                                    0x00458d39
                                                    0x00458d3c
                                                    0x00458d3f
                                                    0x00458d55
                                                    0x00458d61
                                                    0x00458d61

                                                    APIs
                                                    • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00000000,00458DFB,?,00000000,00458E5E,?,?,00000000,00000000), ref: 00458C79
                                                    • TransactNamedPipe.KERNEL32(?,-00000020,0000000C,-00004034,00000014,00000000,?,00000000,00458D90,?,00000000,00000001,00000000,00000000,00000000,00458DFB), ref: 00458CD6
                                                    • GetLastError.KERNEL32(?,-00000020,0000000C,-00004034,00000014,00000000,?,00000000,00458D90,?,00000000,00000001,00000000,00000000,00000000,00458DFB), ref: 00458CE3
                                                    • MsgWaitForMultipleObjects.USER32 ref: 00458D2F
                                                    • GetOverlappedResult.KERNEL32(?,?,00000000,00000001,00458D69,?,-00000020,0000000C,-00004034,00000014,00000000,?,00000000,00458D90,?,00000000), ref: 00458D55
                                                    • GetLastError.KERNEL32(?,?,00000000,00000001,00458D69,?,-00000020,0000000C,-00004034,00000014,00000000,?,00000000,00458D90,?,00000000), ref: 00458D5C
                                                      • Part of subcall function 0045349C: GetLastError.KERNEL32(00000000,00454031,00000005,00000000,00454066,?,?,00000000,0049C628,00000004,00000000,00000000,00000000,?,004988E5,00000000), ref: 0045349F
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: ErrorLast$CreateEventMultipleNamedObjectsOverlappedPipeResultTransactWait
                                                    • String ID: CreateEvent$TransactNamedPipe
                                                    • API String ID: 2182916169-3012584893
                                                    • Opcode ID: ef16c20a6daf1f887f3bc2a9a4f4fdabf826d35dd2b72c43caf5f800eb3833ff
                                                    • Instruction ID: 06b5d05a5e38ae799b2edb69ba26f0faef77b18cb4ad173b91f5c3c95d125767
                                                    • Opcode Fuzzy Hash: ef16c20a6daf1f887f3bc2a9a4f4fdabf826d35dd2b72c43caf5f800eb3833ff
                                                    • Instruction Fuzzy Hash: EF418E75A00608AFDB15DF95C981F9EB7F8EB48714F1044AAF900F72D2DA789E44CA28
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00456D20, Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 99libraryloaderCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 64%
                                                    			E00456D20(void* __eax, void* __ebx, void* __edi, void* __esi) {
				intOrPtr _v8;
				void* _v12;
				char _v16;
				char _v20;
				intOrPtr _t28;
				intOrPtr* _t30;
				void* _t32;
				intOrPtr _t33;
				void* _t34;
				intOrPtr* _t37;
				intOrPtr* _t50;
				intOrPtr _t62;
				intOrPtr* _t67;
				void* _t69;
				void* _t71;
				void* _t72;
				intOrPtr _t73;

				_t71 = _t72;
				_t73 = _t72 + 0xfffffff0;
				_v20 = 0;
				_t69 = __eax;
				_push(_t71);
				_push(0x456e85);
				_push( *[fs:eax]);
				 *[fs:eax] = _t73;
				_t67 = GetProcAddress(GetModuleHandleA("OLEAUT32.DLL"), "UnRegisterTypeLib");
				_t50 = _t67;
				if(_t67 == 0) {
					E0045349C("GetProcAddress");
				}
				E0042C804(_t69,  &_v20);
				_v8 = E00403CA4(_v20);
				if(_v8 == 0) {
					E00408C00();
				}
				_push(_t71);
				_push(0x456e68);
				_push( *[fs:edx]);
				 *[fs:edx] = _t73;
				_push( &_v12);
				_t28 = _v8;
				_push(_t28);
				L0042CC64();
				_t76 = _t28;
				if(_t28 != 0) {
					E004534B0("LoadTypeLib", _t50, _t28, _t67, _t69, _t76);
				}
				 *[fs:edx] = _t73;
				_t30 = _v12;
				_t32 =  *((intOrPtr*)( *_t30 + 0x1c))(_t30,  &_v16,  *[fs:edx], 0x456e4a, _t71);
				_t77 = _t32;
				if(_t32 != 0) {
					E004534B0("ITypeLib::GetLibAttr", _t50, _t32, _t67, _t69, _t77);
				}
				 *[fs:edx] = _t73;
				_t33 = _v16;
				_t34 =  *_t50(_t33,  *((intOrPtr*)(_t33 + 0x18)),  *((intOrPtr*)(_t33 + 0x1a)),  *((intOrPtr*)(_t33 + 0x10)),  *((intOrPtr*)(_t33 + 0x14)),  *[fs:edx], 0x456e2c, _t71);
				_t78 = _t34;
				if(_t34 != 0) {
					E004534B0("UnRegisterTypeLib", _t50, _t34, _t67, _t69, _t78);
				}
				_pop(_t62);
				 *[fs:eax] = _t62;
				_t37 = _v12;
				return  *((intOrPtr*)( *_t37 + 0x30))(_t37, _v16, E00456E33);
			}




















                                                    0x00456d21
                                                    0x00456d23
                                                    0x00456d2b
                                                    0x00456d2e
                                                    0x00456d32
                                                    0x00456d33
                                                    0x00456d38
                                                    0x00456d3b
                                                    0x00456d53
                                                    0x00456d55
                                                    0x00456d59
                                                    0x00456d60
                                                    0x00456d60
                                                    0x00456d6a
                                                    0x00456d77
                                                    0x00456d7e
                                                    0x00456d80
                                                    0x00456d80
                                                    0x00456d87
                                                    0x00456d88
                                                    0x00456d8d
                                                    0x00456d90
                                                    0x00456d96
                                                    0x00456d97
                                                    0x00456d9a
                                                    0x00456d9b
                                                    0x00456da0
                                                    0x00456da2
                                                    0x00456dab
                                                    0x00456dab
                                                    0x00456dbb
                                                    0x00456dc2
                                                    0x00456dc8
                                                    0x00456dcb
                                                    0x00456dcd
                                                    0x00456dd6
                                                    0x00456dd6
                                                    0x00456de6
                                                    0x00456de9
                                                    0x00456dff
                                                    0x00456e01
                                                    0x00456e03
                                                    0x00456e0c
                                                    0x00456e0c
                                                    0x00456e13
                                                    0x00456e16
                                                    0x00456e22
                                                    0x00456e2b

                                                    APIs
                                                    • GetModuleHandleA.KERNEL32(OLEAUT32.DLL,UnRegisterTypeLib,00000000,00456E85,?,?,00000031,?), ref: 00456D48
                                                    • GetProcAddress.KERNEL32(00000000,OLEAUT32.DLL), ref: 00456D4E
                                                    • LoadTypeLib.OLEAUT32(00000000,?), ref: 00456D9B
                                                      • Part of subcall function 0045349C: GetLastError.KERNEL32(00000000,00454031,00000005,00000000,00454066,?,?,00000000,0049C628,00000004,00000000,00000000,00000000,?,004988E5,00000000), ref: 0045349F
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: AddressErrorHandleLastLoadModuleProcType
                                                    • String ID: GetProcAddress$ITypeLib::GetLibAttr$LoadTypeLib$OLEAUT32.DLL$UnRegisterTypeLib$UnRegisterTypeLib
                                                    • API String ID: 1914119943-2711329623
                                                    • Opcode ID: e2963ea3afedc97cdb575031c9274042e2bd1e61e6c3a56a36b999a051922bf2
                                                    • Instruction ID: d1bb8c6bfccdc0522a96f5e3020b18907c52df716e7671809b7eaf465cfb4023
                                                    • Opcode Fuzzy Hash: e2963ea3afedc97cdb575031c9274042e2bd1e61e6c3a56a36b999a051922bf2
                                                    • Instruction Fuzzy Hash: 6831A375A00604AFDB41EFAACC12D5BB7BDEB8970675244A6FD04D3352DB38DD08CA28
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00416D80, Relevance: 15.2, APIs: 10, Instructions: 167windowCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00416D80(void* __eax, void* __ecx, struct HDC__* __edx) {
				struct tagRECT _v44;
				struct tagRECT _v60;
				void* _v68;
				int _v80;
				int _t77;
				int _t130;
				void* _t131;
				void* _t152;
				void* _t153;
				void* _t154;
				struct HDC__* _t155;

				_v60.right = __ecx;
				_t155 = __edx;
				_t152 = __eax;
				_t76 =  *((intOrPtr*)(__eax + 0xb0));
				if( *((intOrPtr*)(__eax + 0xb0)) == 0) {
					L13:
					_t77 =  *(_t152 + 0xb4);
					if(_t77 == 0) {
						L23:
						return _t77;
					}
					_t77 =  *((intOrPtr*)(_t77 + 8)) - 1;
					if(_t77 < 0) {
						goto L23;
					}
					_v44.right = _t77 + 1;
					_t153 = 0;
					do {
						_t77 = E0040B24C( *(_t152 + 0xb4), _t153);
						_t130 = _t77;
						if( *((char*)(_t130 + 0xc5)) != 0 && ( *(_t130 + 0x34) & 0x00000010) != 0 && ( *((char*)(_t130 + 0x37)) != 0 || ( *(_t130 + 0x1c) & 0x00000010) != 0 && ( *(_t130 + 0x35) & 0x00000004) == 0)) {
							_v44.left = CreateSolidBrush(E0041A058(0x80000010));
							E0040AA48( *((intOrPtr*)(_t130 + 0x24)) - 1,  *((intOrPtr*)(_t130 + 0x24)) +  *((intOrPtr*)(_t130 + 0x2c)),  *((intOrPtr*)(_t130 + 0x28)) - 1,  &(_v44.right),  *((intOrPtr*)(_t130 + 0x28)) +  *((intOrPtr*)(_t130 + 0x30)));
							FrameRect(_t155,  &_v44, _v44);
							DeleteObject(_v60.right);
							_v60.left = CreateSolidBrush(E0041A058(0x80000014));
							E0040AA48( *((intOrPtr*)(_t130 + 0x24)),  *((intOrPtr*)(_t130 + 0x24)) +  *((intOrPtr*)(_t130 + 0x2c)) + 1,  *((intOrPtr*)(_t130 + 0x28)),  &(_v60.right),  *((intOrPtr*)(_t130 + 0x28)) +  *((intOrPtr*)(_t130 + 0x30)) + 1);
							FrameRect(_t155,  &_v60, _v60);
							_t77 = DeleteObject(_v68);
						}
						_t153 = _t153 + 1;
						_t73 =  &(_v44.right);
						 *_t73 = _v44.right - 1;
					} while ( *_t73 != 0);
					goto L23;
				}
				_t154 = 0;
				if(_v60.right != 0) {
					_t154 = E0040B294(_t76, _v60.right);
					if(_t154 < 0) {
						_t154 = 0;
					}
				}
				_v60.bottom =  *((intOrPtr*)( *((intOrPtr*)(_t152 + 0xb0)) + 8));
				if(_t154 >= _v60.bottom) {
					goto L13;
				} else {
					goto L5;
				}
				do {
					L5:
					_t131 = E0040B24C( *((intOrPtr*)(_t152 + 0xb0)), _t154);
					if( *((char*)(_t131 + 0x37)) != 0 || ( *(_t131 + 0x1c) & 0x00000010) != 0 && ( *(_t131 + 0x35) & 0x00000004) == 0) {
						E0040AA48( *((intOrPtr*)(_t131 + 0x24)),  *((intOrPtr*)(_t131 + 0x24)) +  *(_t131 + 0x2c),  *((intOrPtr*)(_t131 + 0x28)),  &(_v44.bottom),  *((intOrPtr*)(_t131 + 0x28)) +  *(_t131 + 0x30));
						if(RectVisible(_t155,  &(_v44.top)) != 0) {
							if(( *(_t152 + 0x36) & 0x00000080) != 0) {
								 *(_t131 + 0x36) =  *(_t131 + 0x36) | 0x00000080;
							}
							_v60.top = SaveDC(_t155);
							E004141B8(_t155,  *((intOrPtr*)(_t131 + 0x28)),  *((intOrPtr*)(_t131 + 0x24)));
							IntersectClipRect(_t155, 0, 0,  *(_t131 + 0x2c),  *(_t131 + 0x30));
							E00415240(_t131, _t155, 0xf, 0);
							RestoreDC(_t155, _v80);
							 *(_t131 + 0x36) =  *(_t131 + 0x36) & 0x0000007f;
						}
					}
					_t154 = _t154 + 1;
				} while (_t154 < _v60.top);
				goto L13;
			}














                                                    0x00416d87
                                                    0x00416d8a
                                                    0x00416d8c
                                                    0x00416d8e
                                                    0x00416d96
                                                    0x00416e79
                                                    0x00416e79
                                                    0x00416e81
                                                    0x00416f86
                                                    0x00416f86
                                                    0x00416f86
                                                    0x00416e8a
                                                    0x00416e8d
                                                    0x00000000
                                                    0x00000000
                                                    0x00416e94
                                                    0x00416e98
                                                    0x00416e9a
                                                    0x00416ea2
                                                    0x00416ea7
                                                    0x00416eb0
                                                    0x00416eea
                                                    0x00416f0d
                                                    0x00416f18
                                                    0x00416f22
                                                    0x00416f37
                                                    0x00416f5a
                                                    0x00416f65
                                                    0x00416f6f
                                                    0x00416f6f
                                                    0x00416f74
                                                    0x00416f75
                                                    0x00416f75
                                                    0x00416f75
                                                    0x00000000
                                                    0x00416e9a
                                                    0x00416d9c
                                                    0x00416da2
                                                    0x00416dac
                                                    0x00416db0
                                                    0x00416db2
                                                    0x00416db2
                                                    0x00416db0
                                                    0x00416dbd
                                                    0x00416dc5
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00416dcb
                                                    0x00416dcb
                                                    0x00416dd8
                                                    0x00416dde
                                                    0x00416e08
                                                    0x00416e1a
                                                    0x00416e20
                                                    0x00416e22
                                                    0x00416e22
                                                    0x00416e2c
                                                    0x00416e38
                                                    0x00416e4a
                                                    0x00416e5a
                                                    0x00416e65
                                                    0x00416e6a
                                                    0x00416e6a
                                                    0x00416e1a
                                                    0x00416e6e
                                                    0x00416e6f
                                                    0x00000000

                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Rect$BrushCreateDeleteFrameObjectSolid$ClipIntersectRestoreSaveVisible
                                                    • String ID:
                                                    • API String ID: 375863564-0
                                                    • Opcode ID: c0e852fad3f8100a43f66ba4c7f0a8b2961b499ee907491dc16e69cd98bdc1bc
                                                    • Instruction ID: c082a38e55a2621cff38c0036c5e412d4739722926df34ebe37a7eff5f7859fc
                                                    • Opcode Fuzzy Hash: c0e852fad3f8100a43f66ba4c7f0a8b2961b499ee907491dc16e69cd98bdc1bc
                                                    • Instruction Fuzzy Hash: 70515A712086459FDB50EF69C8C4B9B77E8AF48314F15466AFD488B286C738EC81CB99
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00404ABF, Relevance: 15.1, APIs: 10, Instructions: 122fileCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 91%
                                                    			E00404ABF(void** __eax) {
				void* _t25;
				long _t26;
				void* _t27;
				long _t30;
				void* _t34;
				void* _t36;
				long _t37;
				int _t40;
				void* _t42;
				void* _t48;
				void* _t49;
				long _t50;
				long _t51;
				void* _t54;
				void** _t55;
				DWORD* _t56;

				_t55 = __eax;
				 *((intOrPtr*)(__eax + 0xc)) = 0;
				 *((intOrPtr*)(__eax + 0x10)) = 0;
				_t25 =  *((intOrPtr*)(__eax + 4)) - 0xd7b1;
				if(_t25 == 0) {
					_t26 = 0x80000000;
					_t51 = 2;
					_t50 = 3;
					 *((intOrPtr*)(__eax + 0x1c)) = E00404A50;
					L8:
					_t55[9] = 0x404aa7;
					_t55[8] = E00404A77;
					if(_t55[0x12] == 0) {
						_t55[9] = E00404A77;
						if(_t55[1] == 0xd7b2) {
							_push(0xfffffff5);
						} else {
							_push(0xfffffff6);
						}
						_t27 = GetStdHandle();
						if(_t27 == 0xffffffff) {
							L35:
							_t55[1] = 0xd7b0;
							return GetLastError();
						} else {
							 *_t55 = _t27;
							L28:
							if(_t55[1] == 0xd7b1) {
								L32:
								return 0;
							}
							_t30 = GetFileType( *_t55);
							if(_t30 == 0) {
								CloseHandle( *_t55);
								_t55[1] = 0xd7b0;
								return 0x69;
							}
							if(_t30 == 2) {
								_t55[8] = E00404A7A;
							}
							goto L32;
						}
					}
					_t34 = CreateFileA( &(_t55[0x12]), _t26, _t51, 0, _t50, 0x80, 0);
					if(_t34 == 0xffffffff) {
						goto L35;
					}
					 *_t55 = _t34;
					if(_t55[1] != 0xd7b3) {
						goto L28;
					}
					_t55[1] = _t55[1] - 1;
					_t36 = GetFileSize( *_t55, 0) + 1;
					if(_t36 == 0) {
						goto L35;
					}
					_t37 = _t36 - 0x81;
					if(_t37 < 0) {
						_t37 = 0;
					}
					if(SetFilePointer( *_t55, _t37, 0, 0) + 1 == 0) {
						goto L35;
					} else {
						_t40 = ReadFile( *_t55,  &(_t55[0x53]), 0x80, _t56, 0);
						_t54 = 0;
						if(_t40 != 1) {
							goto L35;
						}
						_t42 = 0;
						while(_t42 < _t54) {
							if( *((char*)(_t55 + _t42 + 0x14c)) == 0x1a) {
								if(SetFilePointer( *_t55, _t42 - _t54, 0, 2) + 1 == 0 || SetEndOfFile( *_t55) != 1) {
									goto L35;
								} else {
									goto L28;
								}
							}
							_t42 = _t42 + 1;
						}
						goto L28;
					}
				}
				_t48 = _t25 - 1;
				if(_t48 == 0) {
					_t26 = 0x40000000;
					_t51 = 1;
					_t50 = 2;
					L7:
					_t55[7] = E00404A7A;
					goto L8;
				}
				_t49 = _t48 - 1;
				if(_t49 == 0) {
					_t26 = 0xc0000000;
					_t51 = 1;
					_t50 = 3;
					goto L7;
				}
				return _t49;
			}



















                                                    0x00404ac0
                                                    0x00404ac4
                                                    0x00404ac7
                                                    0x00404acd
                                                    0x00404ad2
                                                    0x00404adf
                                                    0x00404ae4
                                                    0x00404ae9
                                                    0x00404aee
                                                    0x00404b1e
                                                    0x00404b1e
                                                    0x00404b25
                                                    0x00404b30
                                                    0x00404be4
                                                    0x00404bf2
                                                    0x00404bf8
                                                    0x00404bf4
                                                    0x00404bf4
                                                    0x00404bf4
                                                    0x00404bfa
                                                    0x00404c02
                                                    0x00404c3f
                                                    0x00404c3f
                                                    0x00000000
                                                    0x00404c04
                                                    0x00404c04
                                                    0x00404c06
                                                    0x00404c0d
                                                    0x00404c26
                                                    0x00000000
                                                    0x00404c26
                                                    0x00404c11
                                                    0x00404c18
                                                    0x00404c2c
                                                    0x00404c31
                                                    0x00000000
                                                    0x00404c38
                                                    0x00404c1d
                                                    0x00404c1f
                                                    0x00404c1f
                                                    0x00000000
                                                    0x00404c1d
                                                    0x00404c02
                                                    0x00404b46
                                                    0x00404b4e
                                                    0x00000000
                                                    0x00000000
                                                    0x00404b54
                                                    0x00404b5d
                                                    0x00000000
                                                    0x00000000
                                                    0x00404b63
                                                    0x00404b6f
                                                    0x00404b70
                                                    0x00000000
                                                    0x00000000
                                                    0x00404b76
                                                    0x00404b7b
                                                    0x00404b7d
                                                    0x00404b7d
                                                    0x00404b8c
                                                    0x00000000
                                                    0x00404b92
                                                    0x00404ba7
                                                    0x00404bac
                                                    0x00404bae
                                                    0x00000000
                                                    0x00000000
                                                    0x00404bb4
                                                    0x00404bb6
                                                    0x00404bc2
                                                    0x00404bd6
                                                    0x00000000
                                                    0x00404be2
                                                    0x00000000
                                                    0x00404be2
                                                    0x00404bd6
                                                    0x00404bc4
                                                    0x00404bc4
                                                    0x00000000
                                                    0x00404bb6
                                                    0x00404b8c
                                                    0x00404ad4
                                                    0x00404ad5
                                                    0x00404af7
                                                    0x00404afc
                                                    0x00404b01
                                                    0x00404b17
                                                    0x00404b17
                                                    0x00000000
                                                    0x00404b17
                                                    0x00404ad7
                                                    0x00404ad8
                                                    0x00404b08
                                                    0x00404b0d
                                                    0x00404b12
                                                    0x00000000
                                                    0x00404b12
                                                    0x00000000

                                                    APIs
                                                    • CreateFileA.KERNEL32(00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00404B46
                                                    • GetFileSize.KERNEL32(?,00000000,00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00404B6A
                                                    • SetFilePointer.KERNEL32(?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00404B86
                                                    • ReadFile.KERNEL32(?,?,00000080,?,00000000,00000000,?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000002,00000000), ref: 00404BA7
                                                    • SetFilePointer.KERNEL32(?,00000000,00000000,00000002), ref: 00404BD0
                                                    • SetEndOfFile.KERNEL32(?,?,00000000,00000000,00000002), ref: 00404BDA
                                                    • GetStdHandle.KERNEL32(000000F5), ref: 00404BFA
                                                    • GetFileType.KERNEL32(?,000000F5), ref: 00404C11
                                                    • CloseHandle.KERNEL32(?,?,000000F5), ref: 00404C2C
                                                    • GetLastError.KERNEL32(000000F5), ref: 00404C46
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: File$HandlePointer$CloseCreateErrorLastReadSizeType
                                                    • String ID:
                                                    • API String ID: 1694776339-0
                                                    • Opcode ID: 9f56c7289f94e04900e6d065ddfea074988f08e379b72121dafcd5ad7d79337d
                                                    • Instruction ID: 0555156f4d2a620bb114dc01d937536d57074fdea11cd86abdfeb4dd56d828b4
                                                    • Opcode Fuzzy Hash: 9f56c7289f94e04900e6d065ddfea074988f08e379b72121dafcd5ad7d79337d
                                                    • Instruction Fuzzy Hash: 3741B3F02093009AF7305E248905B2375E5EBC0755F208E3FE296BA6E0D7BDE8458B1D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004221E8, Relevance: 15.1, APIs: 10, Instructions: 74windowCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E004221E8(intOrPtr _a4) {
				intOrPtr _t27;
				struct HMENU__* _t48;

				_t27 =  *((intOrPtr*)(_a4 - 4));
				if( *((char*)(_t27 + 0x111)) != 0) {
					_t27 =  *((intOrPtr*)(_a4 - 4));
					if(( *(_t27 + 0x110) & 0x00000001) != 0) {
						_t27 =  *((intOrPtr*)(_a4 - 4));
						if( *((char*)(_t27 + 0x116)) != 1) {
							_t48 = GetSystemMenu(E004181E0( *((intOrPtr*)(_a4 - 4))), 0);
							if( *((char*)( *((intOrPtr*)(_a4 - 4)) + 0x111)) == 3) {
								DeleteMenu(_t48, 0xf130, 0);
								DeleteMenu(_t48, 7, 0x400);
								DeleteMenu(_t48, 5, 0x400);
								DeleteMenu(_t48, 0xf030, 0);
								DeleteMenu(_t48, 0xf020, 0);
								DeleteMenu(_t48, 0xf000, 0);
								return DeleteMenu(_t48, 0xf120, 0);
							}
							if(( *( *((intOrPtr*)(_a4 - 4)) + 0x110) & 0x00000002) == 0) {
								EnableMenuItem(_t48, 0xf020, 1);
							}
							_t27 =  *((intOrPtr*)(_a4 - 4));
							if(( *(_t27 + 0x110) & 0x00000004) == 0) {
								return EnableMenuItem(_t48, 0xf030, 1);
							}
						}
					}
				}
				return _t27;
			}





                                                    0x004221ef
                                                    0x004221f9
                                                    0x00422202
                                                    0x0042220c
                                                    0x00422215
                                                    0x0042221f
                                                    0x00422238
                                                    0x00422247
                                                    0x00422251
                                                    0x0042225e
                                                    0x0042226b
                                                    0x00422278
                                                    0x00422285
                                                    0x00422292
                                                    0x00000000
                                                    0x0042229f
                                                    0x004222b3
                                                    0x004222bd
                                                    0x004222bd
                                                    0x004222c5
                                                    0x004222cf
                                                    0x00000000
                                                    0x004222d9
                                                    0x004222cf
                                                    0x0042221f
                                                    0x0042220c
                                                    0x004222e0

                                                    APIs
                                                    • GetSystemMenu.USER32(00000000,00000000), ref: 00422233
                                                    • DeleteMenu.USER32(00000000,0000F130,00000000,00000000,00000000), ref: 00422251
                                                    • DeleteMenu.USER32(00000000,00000007,00000400,00000000,0000F130,00000000,00000000,00000000), ref: 0042225E
                                                    • DeleteMenu.USER32(00000000,00000005,00000400,00000000,00000007,00000400,00000000,0000F130,00000000,00000000,00000000), ref: 0042226B
                                                    • DeleteMenu.USER32(00000000,0000F030,00000000,00000000,00000005,00000400,00000000,00000007,00000400,00000000,0000F130,00000000,00000000,00000000), ref: 00422278
                                                    • DeleteMenu.USER32(00000000,0000F020,00000000,00000000,0000F030,00000000,00000000,00000005,00000400,00000000,00000007,00000400,00000000,0000F130,00000000,00000000), ref: 00422285
                                                    • DeleteMenu.USER32(00000000,0000F000,00000000,00000000,0000F020,00000000,00000000,0000F030,00000000,00000000,00000005,00000400,00000000,00000007,00000400,00000000), ref: 00422292
                                                    • DeleteMenu.USER32(00000000,0000F120,00000000,00000000,0000F000,00000000,00000000,0000F020,00000000,00000000,0000F030,00000000,00000000,00000005,00000400,00000000), ref: 0042229F
                                                    • EnableMenuItem.USER32 ref: 004222BD
                                                    • EnableMenuItem.USER32 ref: 004222D9
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Menu$Delete$EnableItem$System
                                                    • String ID:
                                                    • API String ID: 3985193851-0
                                                    • Opcode ID: 4d8bc361089dd12c5078b36f4c4993afe50deda9ff5b79e06e1db0131907f366
                                                    • Instruction ID: 662ae76830c3dbb110fd6952920e185112f137d20e740dc0dcce1beff7d7cd05
                                                    • Opcode Fuzzy Hash: 4d8bc361089dd12c5078b36f4c4993afe50deda9ff5b79e06e1db0131907f366
                                                    • Instruction Fuzzy Hash: AF2144703407047AE720E724CD8BF9BBBD89B04708F5451A5BA487F6D3C6F9AB804698
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0046168C, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 82COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 65%
                                                    			E0046168C(void* __eax, void* __ebx, struct _browseinfo __ecx, intOrPtr* __edx, void* __edi, void* __esi, void* __eflags, char _a4) {
				intOrPtr* _v8;
				char _v9;
				char _v16;
				char _v20;
				struct HWND__* _v24;
				intOrPtr _v28;
				struct _ITEMIDLIST* _v32;
				intOrPtr _v40;
				intOrPtr _v44;
				signed int _v48;
				intOrPtr _v52;
				char* _v56;
				struct _browseinfo _v64;
				char _v324;
				intOrPtr _t49;
				void* _t59;
				intOrPtr _t67;
				struct _browseinfo _t70;
				void* _t72;
				void* _t73;
				intOrPtr _t74;

				_t68 = __edi;
				_t72 = _t73;
				_t74 = _t73 + 0xfffffdbc;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v16 = 0;
				_t70 = __ecx;
				_v8 = __edx;
				_t59 = __eax;
				_push(_t72);
				_push(0x46181b);
				_push( *[fs:eax]);
				 *[fs:eax] = _t74;
				_v9 = 0;
				E0042CBC0( *_v8, __ecx,  &_v16, __eflags);
				_push( &_v20);
				L0042CCAC();
				if(E0042CC84( &_v20) != 0) {
					_v20 = 0;
				}
				E00402934( &_v64, 0x20);
				_v64 = _t70;
				_v56 =  &_v324;
				_v52 = E00403738(_t59);
				_v48 = 0x41;
				if(_a4 == 0) {
					_v48 = _v48 | 0x00000200;
				}
				_v44 = E00461628;
				if(_v16 != 0) {
					_v40 = E00403738(_v16);
				}
				_v24 = GetActiveWindow();
				_v28 = E0041EEA4(0, _t59, _t68, _t70);
				_push(0);
				L0042CC2C();
				_push(_t72);
				_push(0x461790);
				_push( *[fs:eax]);
				 *[fs:eax] = _t74;
				_v32 = SHBrowseForFolder( &_v64);
				_pop(_t67);
				 *[fs:eax] = _t67;
				_push(0x461797);
				L0042CC34();
				E0041EF58(_v28);
				_t49 =  *0x49c628; // 0x21a2410
				SetActiveWindow( *(_t49 + 0x20));
				return SetActiveWindow(_v24);
			}
























                                                    0x0046168c
                                                    0x0046168d
                                                    0x0046168f
                                                    0x00461695
                                                    0x00461696
                                                    0x00461697
                                                    0x0046169a
                                                    0x0046169d
                                                    0x0046169f
                                                    0x004616a2
                                                    0x004616a6
                                                    0x004616a7
                                                    0x004616ac
                                                    0x004616af
                                                    0x004616b2
                                                    0x004616be
                                                    0x004616c6
                                                    0x004616c7
                                                    0x004616d3
                                                    0x004616d7
                                                    0x004616d7
                                                    0x004616e4
                                                    0x004616e9
                                                    0x004616f2
                                                    0x004616fc
                                                    0x004616ff
                                                    0x0046170a
                                                    0x0046170c
                                                    0x0046170c
                                                    0x00461713
                                                    0x0046171e
                                                    0x00461728
                                                    0x00461728
                                                    0x00461730
                                                    0x0046173a
                                                    0x0046173d
                                                    0x0046173f
                                                    0x00461746
                                                    0x00461747
                                                    0x0046174c
                                                    0x0046174f
                                                    0x0046175b
                                                    0x00461760
                                                    0x00461763
                                                    0x00461766
                                                    0x0046176b
                                                    0x00461773
                                                    0x00461778
                                                    0x00461781
                                                    0x0046178f

                                                    APIs
                                                    • SHGetMalloc.SHELL32(?), ref: 004616C7
                                                    • GetActiveWindow.USER32 ref: 0046172B
                                                    • CoInitialize.OLE32(00000000), ref: 0046173F
                                                    • SHBrowseForFolder.SHELL32(?), ref: 00461756
                                                    • 753BF460.OLE32(00461797,00000000,?,?,?,?,?,00000000,0046181B), ref: 0046176B
                                                    • SetActiveWindow.USER32(?,00461797,00000000,?,?,?,?,?,00000000,0046181B), ref: 00461781
                                                    • SetActiveWindow.USER32(?,?,00461797,00000000,?,?,?,?,?,00000000,0046181B), ref: 0046178A
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: ActiveWindow$BrowseF460FolderInitializeMalloc
                                                    • String ID: A
                                                    • API String ID: 2191611128-3554254475
                                                    • Opcode ID: 5603a2cb31405411be66734efc370ddb963b83ed3a096b7d96b6f585c2116f38
                                                    • Instruction ID: d2afb22326a53bedce378f8eb5644f44213a7745cdf118f233388cc01fcefbab
                                                    • Opcode Fuzzy Hash: 5603a2cb31405411be66734efc370ddb963b83ed3a096b7d96b6f585c2116f38
                                                    • Instruction Fuzzy Hash: 08313071E00348AFDB10EFA6D885A9EBBF8EB09304F55847AF404E7251E7785A04CF59
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0045D2B4, Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 41libraryloaderCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E0045D2B4(struct HINSTANCE__* __eax) {
				intOrPtr _t6;
				struct HINSTANCE__* _t7;

				_t7 = __eax;
				 *0x49d088 = GetProcAddress(__eax, "inflateInit_");
				 *0x49d08c = GetProcAddress(_t7, "inflate");
				 *0x49d090 = GetProcAddress(_t7, "inflateEnd");
				 *0x49d094 = GetProcAddress(_t7, "inflateReset");
				if( *0x49d088 == 0 ||  *0x49d08c == 0 ||  *0x49d090 == 0 ||  *0x49d094 == 0) {
					_t6 = 0;
				} else {
					_t6 = 1;
				}
				if(_t6 == 0) {
					 *0x49d088 = 0;
					 *0x49d08c = 0;
					 *0x49d090 = 0;
					 *0x49d094 = 0;
					return _t6;
				}
				return _t6;
			}





                                                    0x0045d2b5
                                                    0x0045d2c2
                                                    0x0045d2d2
                                                    0x0045d2e2
                                                    0x0045d2f2
                                                    0x0045d2fe
                                                    0x0045d31b
                                                    0x0045d31f
                                                    0x0045d31f
                                                    0x0045d31f
                                                    0x0045d323
                                                    0x0045d327
                                                    0x0045d32f
                                                    0x0045d337
                                                    0x0045d33f
                                                    0x00000000
                                                    0x0045d33f
                                                    0x0045d346

                                                    APIs
                                                    • GetProcAddress.KERNEL32(00000000,inflateInit_), ref: 0045D2BD
                                                    • GetProcAddress.KERNEL32(00000000,inflate), ref: 0045D2CD
                                                    • GetProcAddress.KERNEL32(00000000,inflateEnd), ref: 0045D2DD
                                                    • GetProcAddress.KERNEL32(00000000,inflateReset), ref: 0045D2ED
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: AddressProc
                                                    • String ID: inflate$inflateEnd$inflateInit_$inflateReset
                                                    • API String ID: 190572456-3516654456
                                                    • Opcode ID: e8f2002ffeb0441f5c53312c1ad0b406bb5b9f8a302b1f9ae14f157040297e3c
                                                    • Instruction ID: f14a6f29d3d580ddf5395e5b7fc75b1b79391794d4065f69be09c6ed3bcb937a
                                                    • Opcode Fuzzy Hash: e8f2002ffeb0441f5c53312c1ad0b406bb5b9f8a302b1f9ae14f157040297e3c
                                                    • Instruction Fuzzy Hash: 470162B0D00701DAE324DF72AD4672637A5ABA430EF10803B9D09932A6D37D044ADF2E
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0041A8DC, Relevance: 13.7, APIs: 9, Instructions: 176windowCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E0041A8DC(intOrPtr* __eax, intOrPtr __ecx, int* __edx, intOrPtr _a4, int* _a8) {
				intOrPtr _v8;
				long _v12;
				int _v16;
				int _v20;
				void* __edi;
				void* __ebp;
				intOrPtr* _t66;
				intOrPtr* _t68;
				intOrPtr _t70;
				void* _t71;
				void* _t74;
				long _t77;
				void* _t85;
				intOrPtr _t89;
				long _t116;
				intOrPtr _t121;
				intOrPtr* _t139;
				intOrPtr* _t141;
				intOrPtr _t145;
				int* _t147;
				intOrPtr _t151;
				intOrPtr _t154;
				intOrPtr _t155;
				intOrPtr _t156;
				int* _t161;
				intOrPtr* _t163;

				_t148 = __ecx;
				_v8 = __ecx;
				_t147 = __edx;
				_t163 = __eax;
				_t161 = _a8;
				if(_v8 != 0) {
					 *((intOrPtr*)( *__eax + 0x10))();
					_v16 = _t161[2] -  *_t161;
					_v20 = _t161[3] - _t161[1];
					_t151 =  *0x41aad8; // 0x1
					E0041B168(__eax, __ecx, _t151, _t161);
					if( *0x49a53c == 0) {
						 *0x49a53c = E0041CD24(1);
						_t145 =  *0x49a53c; // 0x0
						E0041D864(_t145, 1);
					}
					_t66 =  *0x49a53c; // 0x0
					if( *((intOrPtr*)( *_t66 + 0x20))() < _v16) {
						_t141 =  *0x49a53c; // 0x0
						_t148 =  *_t141;
						 *((intOrPtr*)( *_t141 + 0x2c))();
					}
					_t68 =  *0x49a53c; // 0x0
					_t153 =  *_t68;
					if( *((intOrPtr*)( *_t68 + 0x1c))() < _v20) {
						_t153 = _v20;
						_t139 =  *0x49a53c; // 0x0
						_t148 =  *_t139;
						 *((intOrPtr*)( *_t139 + 0x28))();
					}
					_t70 =  *0x49a53c; // 0x0
					_t71 = E0041D0D0(_t70, _t148, _t153);
					_t154 =  *0x41aad8; // 0x1
					E0041B168(_t71, _t148, _t154, _t161);
					_t74 = E0041D0D0(_v8, _t148, _t154);
					_t155 =  *0x41aad8; // 0x1
					E0041B168(_t74, _t148, _t155, _t161);
					_t77 = E0041A058(_a4);
					_v12 = SetBkColor( *(E0041D0D0(_v8, _t148, _t155) + 4), _t77);
					_t85 = E0041D0D0(_v8, _t148, _t155);
					_t89 =  *0x49a53c; // 0x0
					BitBlt( *(E0041D0D0(_t89, _t148, _t155) + 4), 0, 0, _v16, _v20,  *(_t85 + 4),  *_t161, _t161[1], 0xcc0020);
					SetBkColor( *(E0041D0D0(_v8, _t148, _t155) + 4), _v12);
					_t156 =  *0x41aadc; // 0x9
					E0041B168(_t163, _t148, _t156, _t161);
					StretchBlt( *(_t163 + 4),  *_t147, _t147[1], _t147[2] -  *_t147, _t147[3] - _t147[1],  *(E0041D0D0(_v8, _t148, _t156) + 4),  *_t161, _t161[1], _v16, _v20, 0xcc0020);
					_t116 = SetTextColor( *(_t163 + 4), 0);
					_v12 = SetBkColor( *(_t163 + 4), 0xffffff);
					_t121 =  *0x49a53c; // 0x0
					StretchBlt( *(_t163 + 4),  *_t147, _t147[1], _t147[2] -  *_t147, _t147[3] - _t147[1],  *(E0041D0D0(_t121, _t148, _t156) + 4), 0, 0, _v16, _v20, 0xe20746);
					SetTextColor( *(_t163 + 4), _t116);
					SetBkColor( *(_t163 + 4), _v12);
					return  *((intOrPtr*)( *_t163 + 0xc))();
				}
				return __eax;
			}





























                                                    0x0041a8dc
                                                    0x0041a8e5
                                                    0x0041a8e8
                                                    0x0041a8ea
                                                    0x0041a8ec
                                                    0x0041a8f3
                                                    0x0041a8fd
                                                    0x0041a905
                                                    0x0041a90e
                                                    0x0041a911
                                                    0x0041a919
                                                    0x0041a925
                                                    0x0041a933
                                                    0x0041a93a
                                                    0x0041a93f
                                                    0x0041a93f
                                                    0x0041a944
                                                    0x0041a951
                                                    0x0041a956
                                                    0x0041a95b
                                                    0x0041a95d
                                                    0x0041a95d
                                                    0x0041a960
                                                    0x0041a965
                                                    0x0041a96d
                                                    0x0041a96f
                                                    0x0041a972
                                                    0x0041a977
                                                    0x0041a979
                                                    0x0041a979
                                                    0x0041a97c
                                                    0x0041a981
                                                    0x0041a986
                                                    0x0041a98c
                                                    0x0041a994
                                                    0x0041a999
                                                    0x0041a99f
                                                    0x0041a9a7
                                                    0x0041a9be
                                                    0x0041a9d0
                                                    0x0041a9e5
                                                    0x0041a9f3
                                                    0x0041aa08
                                                    0x0041aa0d
                                                    0x0041aa15
                                                    0x0041aa52
                                                    0x0041aa5d
                                                    0x0041aa72
                                                    0x0041aa86
                                                    0x0041aaac
                                                    0x0041aab6
                                                    0x0041aac3
                                                    0x00000000
                                                    0x0041aacc
                                                    0x0041aad5

                                                    APIs
                                                    • SetBkColor.GDI32(?,00000000), ref: 0041A9B9
                                                    • BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 0041A9F3
                                                    • SetBkColor.GDI32(?,?), ref: 0041AA08
                                                    • StretchBlt.GDI32(00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,00CC0020), ref: 0041AA52
                                                    • SetTextColor.GDI32(00000000,00000000), ref: 0041AA5D
                                                    • SetBkColor.GDI32(00000000,00FFFFFF), ref: 0041AA6D
                                                    • StretchBlt.GDI32(00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,00E20746), ref: 0041AAAC
                                                    • SetTextColor.GDI32(00000000,00000000), ref: 0041AAB6
                                                    • SetBkColor.GDI32(00000000,?), ref: 0041AAC3
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Color$StretchText
                                                    • String ID:
                                                    • API String ID: 2984075790-0
                                                    • Opcode ID: 8339573435af0571ac004b9edfe9888bf518b81d8e89d3dd49c7a051c1e5b4c2
                                                    • Instruction ID: e47558b52586b5da4299fc567d0e44b5417240ec4c6cf29b3c61b3fe783309fe
                                                    • Opcode Fuzzy Hash: 8339573435af0571ac004b9edfe9888bf518b81d8e89d3dd49c7a051c1e5b4c2
                                                    • Instruction Fuzzy Hash: 6961E6B5A00505AFCB40EFADD985E9AB7F8EF08314B108166F508DB262CB74ED40CF99
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004580C4, Relevance: 13.6, APIs: 1, Strings: 8, Instructions: 126COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 69%
                                                    			E004580C4(char __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi) {
				char _v5;
				char _v12;
				char _v16;
				char _v84;
				void* _v96;
				char _v100;
				char _v104;
				char _v108;
				char _v112;
				char _v116;
				void* _t57;
				void* _t92;
				char _t93;
				intOrPtr _t110;
				void* _t121;
				void* _t124;

				_t119 = __edi;
				_t94 = __ecx;
				_push(__edi);
				_v104 = 0;
				_v108 = 0;
				_v12 = 0;
				_v16 = 0;
				_t121 = __ecx;
				_t92 = __edx;
				_v5 = __eax;
				_push(_t124);
				_push(0x458260);
				_push( *[fs:eax]);
				 *[fs:eax] = _t124 + 0xffffff90;
				E0042D8C4( &_v12);
				_push(0x458278);
				E0042C3FC(_v12,  &_v104);
				_push(_v104);
				_push("regsvr32.exe\"");
				E00403634();
				if(_v5 != 0) {
					E0040357C( &_v16, 0x45829c);
				}
				_push(_v16);
				_push(" /s "");
				_push(_t121);
				_push(0x458278);
				E00403634();
				_t127 = _t92;
				if(_t92 == 0) {
					E00403494( &_v104, "Spawning 32-bit RegSvr32: ");
					E0040357C( &_v104, _v16);
					E00457D10(_v104, _t92, _t94, _t119, _t121);
				} else {
					E00403494( &_v104, "Spawning 64-bit RegSvr32: ");
					E0040357C( &_v104, _v16);
					E00457D10(_v104, _t92, _t94, _t119, _t121);
				}
				E00402934( &_v84, 0x44);
				_v84 = 0x44;
				_t57 = E00403738(_v12);
				if(E004527E8(_t92, E00403738(_v16), 0, _t127,  &_v100,  &_v84, _t57, 0, 0x4000000, 0, 0, 0) == 0) {
					E0045349C("CreateProcess");
				}
				CloseHandle(_v96);
				_t93 = E00457FF8( &_v100);
				if(_t93 != 0) {
					_v116 = _t93;
					_v112 = 0;
					E004078F4(0x458318, 0,  &_v116,  &_v108);
					E00451458(0x45,  &_v104, _v108);
					E00408C0C(_v104, 1);
					E0040311C();
				}
				_pop(_t110);
				 *[fs:eax] = _t110;
				_push(E00458267);
				E00403420( &_v108, 2);
				return E00403420( &_v16, 2);
			}



















                                                    0x004580c4
                                                    0x004580c4
                                                    0x004580cc
                                                    0x004580cf
                                                    0x004580d2
                                                    0x004580d5
                                                    0x004580d8
                                                    0x004580db
                                                    0x004580dd
                                                    0x004580df
                                                    0x004580e4
                                                    0x004580e5
                                                    0x004580ea
                                                    0x004580ed
                                                    0x004580f3
                                                    0x004580f8
                                                    0x00458103
                                                    0x00458108
                                                    0x0045810b
                                                    0x00458118
                                                    0x00458121
                                                    0x0045812b
                                                    0x0045812b
                                                    0x00458130
                                                    0x00458133
                                                    0x00458138
                                                    0x00458139
                                                    0x00458146
                                                    0x0045814b
                                                    0x0045814d
                                                    0x00458179
                                                    0x00458184
                                                    0x0045818c
                                                    0x0045814f
                                                    0x00458157
                                                    0x00458162
                                                    0x0045816a
                                                    0x0045816a
                                                    0x0045819b
                                                    0x004581a0
                                                    0x004581b7
                                                    0x004581da
                                                    0x004581e1
                                                    0x004581e1
                                                    0x004581ea
                                                    0x004581f7
                                                    0x004581fb
                                                    0x00458201
                                                    0x00458204
                                                    0x00458212
                                                    0x0045821f
                                                    0x0045822e
                                                    0x00458233
                                                    0x00458233
                                                    0x0045823a
                                                    0x0045823d
                                                    0x00458240
                                                    0x0045824d
                                                    0x0045825f

                                                    APIs
                                                      • Part of subcall function 0042D8C4: GetSystemDirectoryA.KERNEL32 ref: 0042D8D7
                                                    • CloseHandle.KERNEL32(?,?,00000044,00000000,00000000,04000000,00000000,00000000,00000000,00458278,?, /s ",?,regsvr32.exe",?,00458278), ref: 004581EA
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CloseDirectoryHandleSystem
                                                    • String ID: /s "$ /u$0x%x$CreateProcess$D$Spawning 32-bit RegSvr32: $Spawning 64-bit RegSvr32: $regsvr32.exe"
                                                    • API String ID: 2051275411-1862435767
                                                    • Opcode ID: 273894a50eb0074ef48da2fb742bcd465b439a2fe4c22764832b139c2e06b0fa
                                                    • Instruction ID: cda81b302c56d3c3b7af3d8ffa4af26d40175ae7a7c1cff7e24eee752c39b11a
                                                    • Opcode Fuzzy Hash: 273894a50eb0074ef48da2fb742bcd465b439a2fe4c22764832b139c2e06b0fa
                                                    • Instruction Fuzzy Hash: 21411670A047486BDB10EFD6D842B8DBBF9AF45305F50407FB904BB292DF789A098B19
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0044D178, Relevance: 13.6, APIs: 9, Instructions: 90COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E0044D178(void* __eax, int __ecx, struct tagRECT* __edx, char _a4, intOrPtr _a8) {
				int _t23;
				CHAR* _t25;
				long _t37;
				int _t44;
				CHAR* _t46;
				long _t53;
				int _t60;
				CHAR* _t62;
				void* _t68;

				_t72 = __ecx;
				_t73 = __edx;
				_t68 = __eax;
				_t74 = _a4;
				if(_a4 == 0) {
					_t23 = E00403574(__eax);
					_t25 = E00403738(_t68);
					return DrawTextA(E0041B094( *((intOrPtr*)( *((intOrPtr*)(_a8 - 4)) + 0x104))), _t25, _t23, __edx, __ecx);
				}
				E0041A764( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_a8 - 4)) + 0x104)) + 0x14)), 1, _t74);
				OffsetRect(_t73, 1, 1);
				_t37 = GetSysColor(0x14);
				SetTextColor(E0041B094( *((intOrPtr*)( *((intOrPtr*)(_a8 - 4)) + 0x104))), _t37);
				_t44 = E00403574(_t68);
				_t46 = E00403738(_t68);
				DrawTextA(E0041B094( *((intOrPtr*)( *((intOrPtr*)(_a8 - 4)) + 0x104))), _t46, _t44, _t73, _t72);
				OffsetRect(_t73, 0xffffffff, 0xffffffff);
				_t53 = GetSysColor(0x10);
				SetTextColor(E0041B094( *((intOrPtr*)( *((intOrPtr*)(_a8 - 4)) + 0x104))), _t53);
				_t60 = E00403574(_t68);
				_t62 = E00403738(_t68);
				return DrawTextA(E0041B094( *((intOrPtr*)( *((intOrPtr*)(_a8 - 4)) + 0x104))), _t62, _t60, _t73, _t72);
			}












                                                    0x0044d17e
                                                    0x0044d180
                                                    0x0044d182
                                                    0x0044d184
                                                    0x0044d188
                                                    0x0044d24e
                                                    0x0044d256
                                                    0x00000000
                                                    0x0044d26e
                                                    0x0044d19f
                                                    0x0044d1a9
                                                    0x0044d1b0
                                                    0x0044d1c8
                                                    0x0044d1d1
                                                    0x0044d1d9
                                                    0x0044d1f1
                                                    0x0044d1fb
                                                    0x0044d202
                                                    0x0044d21a
                                                    0x0044d223
                                                    0x0044d22b
                                                    0x00000000

                                                    APIs
                                                    • OffsetRect.USER32(?,00000001,00000001), ref: 0044D1A9
                                                    • GetSysColor.USER32(00000014), ref: 0044D1B0
                                                    • SetTextColor.GDI32(00000000,00000000), ref: 0044D1C8
                                                    • DrawTextA.USER32(00000000,00000000,00000000), ref: 0044D1F1
                                                    • OffsetRect.USER32(?,000000FF,000000FF), ref: 0044D1FB
                                                    • GetSysColor.USER32(00000010), ref: 0044D202
                                                    • SetTextColor.GDI32(00000000,00000000), ref: 0044D21A
                                                    • DrawTextA.USER32(00000000,00000000,00000000), ref: 0044D243
                                                    • DrawTextA.USER32(00000000,00000000,00000000), ref: 0044D26E
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Text$Color$Draw$OffsetRect
                                                    • String ID:
                                                    • API String ID: 1005981011-0
                                                    • Opcode ID: c06c2bb1661cabc99be4074b90a59bff72ed56e1745f0cb5f3e87312b67fa2d3
                                                    • Instruction ID: 8406a00effd73db105afccad7da3796984cf264811f0ddac3e5cace4e0ac1d2b
                                                    • Opcode Fuzzy Hash: c06c2bb1661cabc99be4074b90a59bff72ed56e1745f0cb5f3e87312b67fa2d3
                                                    • Instruction Fuzzy Hash: A021BDB42015047FC710FB2ACD8AE8B6BDCDF19319B05457AB958EB292C67CDD404668
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00496A34, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 90sleepsynchronizationthreadCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 93%
                                                    			E00496A34(void* __eflags) {
				long _v8;
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t7;
				intOrPtr _t9;
				intOrPtr _t14;
				intOrPtr _t16;
				intOrPtr _t21;
				struct HWND__* _t28;
				void* _t34;
				struct HWND__* _t35;
				void* _t36;
				intOrPtr _t42;
				void* _t43;
				void* _t44;
				intOrPtr _t46;

				E00457D10("Deleting Uninstall data files.", _t34, _t36, _t43, _t44);
				_push(0x496a73);
				_push( *[fs:eax]);
				 *[fs:eax] = _t46;
				_t7 =  *0x49d544; // 0x0
				E004506F0(_t7, 0);
				_t9 =  *0x49d544; // 0x0
				E0045092C(_t9);
				 *[fs:eax] = 0;
				E0042E384(0x49d544);
				_t14 =  *0x49d53c; // 0x0
				E00406F50(_t14);
				_t16 =  *0x49d540; // 0x0
				E00406F50(_t16);
				if( *0x49d55c != 0) {
					if( *0x49d558 == 0) {
						_t35 =  *0x49d55c; // 0x0
					} else {
						_t35 =  *0x49d558; // 0x0
					}
					_v8 = 0;
					if(GetWindowThreadProcessId(_t35,  &_v8) == 0) {
						_t34 = 0;
						__eflags = 0;
					} else {
						_t34 = OpenProcess(0x100000, 0, _v8);
					}
					_t28 =  *0x49d55c; // 0x0
					SendNotifyMessageA(_t28, 0x54d, 0, 0);
					if(_t34 != 0) {
						WaitForSingleObject(_t34, 0xffffffff);
						CloseHandle(_t34);
					}
					if( *0x49d00c == 0) {
						Sleep(0x1f4);
					}
				}
				 *0x49b0ec = 0;
				_t42 =  *0x49d538; // 0x0
				E00455674(0, _t42, 0xfa, 0x32);
				if( *0x49d00c != 0) {
					E00457520(0, _t34, _t43, _t44, 0);
				}
				_t21 =  *0x49c628; // 0x21a2410
				return E00424240(_t21);
			}






















                                                    0x00496a40
                                                    0x00496a48
                                                    0x00496a4d
                                                    0x00496a50
                                                    0x00496a55
                                                    0x00496a5a
                                                    0x00496a5f
                                                    0x00496a64
                                                    0x00496a6e
                                                    0x00496a82
                                                    0x00496a87
                                                    0x00496a8c
                                                    0x00496a91
                                                    0x00496a96
                                                    0x00496aa2
                                                    0x00496aab
                                                    0x00496ab5
                                                    0x00496aad
                                                    0x00496aad
                                                    0x00496aad
                                                    0x00496abd
                                                    0x00496acc
                                                    0x00496ae2
                                                    0x00496ae2
                                                    0x00496ace
                                                    0x00496ade
                                                    0x00496ade
                                                    0x00496aed
                                                    0x00496af3
                                                    0x00496afa
                                                    0x00496aff
                                                    0x00496b05
                                                    0x00496b05
                                                    0x00496b11
                                                    0x00496b18
                                                    0x00496b18
                                                    0x00496b11
                                                    0x00496b1f
                                                    0x00496b30
                                                    0x00496b38
                                                    0x00496b44
                                                    0x00496b48
                                                    0x00496b48
                                                    0x00496b4d
                                                    0x00496b5c

                                                    APIs
                                                      • Part of subcall function 0045092C: SetEndOfFile.KERNEL32(?,?,0045C342,00000000,0045C4CD,?,00000000,00000002,00000002), ref: 00450933
                                                      • Part of subcall function 00406F50: DeleteFileA.KERNEL32(00000000,0049C628,00498C31,00000000,00498C86,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000), ref: 00406F5B
                                                    • GetWindowThreadProcessId.USER32(00000000,?), ref: 00496AC5
                                                    • OpenProcess.KERNEL32(00100000,00000000,?,00000000,?), ref: 00496AD9
                                                    • SendNotifyMessageA.USER32(00000000,0000054D,00000000,00000000), ref: 00496AF3
                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,0000054D,00000000,00000000,00000000,?), ref: 00496AFF
                                                    • CloseHandle.KERNEL32(00000000,00000000,000000FF,00000000,0000054D,00000000,00000000,00000000,?), ref: 00496B05
                                                    • Sleep.KERNEL32(000001F4,00000000,0000054D,00000000,00000000,00000000,?), ref: 00496B18
                                                    Strings
                                                    • Deleting Uninstall data files., xrefs: 00496A3B
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: FileProcess$CloseDeleteHandleMessageNotifyObjectOpenSendSingleSleepThreadWaitWindow
                                                    • String ID: Deleting Uninstall data files.
                                                    • API String ID: 1570157960-2568741658
                                                    • Opcode ID: eba98680a5b5d835c96334c8e3c2c26ce864e5226ac3704a2cdb361a903f3cfe
                                                    • Instruction ID: c7fdef5db47779181808cd77ece5851621b80ba90656bd45fa302bbeaa1d0a37
                                                    • Opcode Fuzzy Hash: eba98680a5b5d835c96334c8e3c2c26ce864e5226ac3704a2cdb361a903f3cfe
                                                    • Instruction Fuzzy Hash: 39214171B44240BEEB11EB7AEC86B2677A8D75532CF12843BB50596292D6789C00CF2D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0047034C, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 89registrywindowCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 63%
                                                    			E0047034C(void* __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _v8;
				char _v12;
				char _v16;
				void* _t31;
				void* _t34;
				char* _t37;
				void* _t47;
				intOrPtr _t55;
				intOrPtr _t59;
				void* _t63;
				intOrPtr _t66;

				_push(0);
				_push(0);
				_push(0);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t47 = __ecx;
				_t61 = __edx;
				_t63 = __eax;
				_push(_t66);
				_push(0x470449);
				_push( *[fs:eax]);
				 *[fs:eax] = _t66;
				_t49 =  *0x0049ABE0;
				if(E0042DE1C(0,  *0x0049ABE0, 0x80000002,  &_v8, 2, 0) != 0) {
					E00457D10("Failed to open Fonts registry key.", __ecx, _t49, __edx, _t63);
				} else {
					_t34 = E00403574(_t63);
					_t37 = E00403738(_t63);
					if(RegSetValueExA(_v8, E00403738(__edx), 0, 1, _t37, _t34 + 1) != 0) {
						E00457D10("Failed to set value in Fonts registry key.", _t47, _t49, _t61, _t63);
					}
					RegCloseKey(_v8);
				}
				if(_t47 != 0) {
					while(AddFontResourceA(E00403738(_t63)) == 0) {
						_t52 =  &_v16;
						E00451458(0x3a,  &_v16, "AddFontResource");
						E0042E6AC(_v16,  &_v16,  &_v12);
						_t59 =  *0x49cd18; // 0x0
						_t31 = E0046E670(_v12, _t47, _t52, _t59, _t61, _t63, __eflags);
						__eflags = _t31;
						if(_t31 == 0) {
							continue;
						}
						goto L9;
					}
					SendNotifyMessageA(0xffff, 0x1d, 0, 0);
				}
				L9:
				_pop(_t55);
				 *[fs:eax] = _t55;
				_push(0x470450);
				return E00403420( &_v16, 2);
			}














                                                    0x0047034f
                                                    0x00470351
                                                    0x00470353
                                                    0x00470355
                                                    0x00470356
                                                    0x00470357
                                                    0x00470358
                                                    0x0047035a
                                                    0x0047035c
                                                    0x00470360
                                                    0x00470361
                                                    0x00470366
                                                    0x00470369
                                                    0x0047037b
                                                    0x00470390
                                                    0x004703d6
                                                    0x00470392
                                                    0x00470394
                                                    0x0047039d
                                                    0x004703ba
                                                    0x004703c1
                                                    0x004703c1
                                                    0x004703ca
                                                    0x004703ca
                                                    0x004703dd
                                                    0x004703df
                                                    0x00470402
                                                    0x0047040c
                                                    0x00470417
                                                    0x0047041f
                                                    0x00470425
                                                    0x0047042a
                                                    0x0047042c
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x0047042c
                                                    0x004703fb
                                                    0x004703fb
                                                    0x0047042e
                                                    0x00470430
                                                    0x00470433
                                                    0x00470436
                                                    0x00470448

                                                    APIs
                                                      • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,00483FBF,?,00000001,?,?,00483FBF,?,00000001,00000000), ref: 0042DE38
                                                    • RegSetValueExA.ADVAPI32(?,00000000,00000000,00000001,00000000,00000001,?,00000002,00000000,00000000,00470449,?,?,?,?,00000000), ref: 004703B3
                                                    • RegCloseKey.ADVAPI32(?,?,00000000,00000000,00000001,00000000,00000001,?,00000002,00000000,00000000,00470449), ref: 004703CA
                                                    • AddFontResourceA.GDI32(00000000), ref: 004703E7
                                                    • SendNotifyMessageA.USER32(0000FFFF,0000001D,00000000,00000000), ref: 004703FB
                                                    Strings
                                                    • Failed to open Fonts registry key., xrefs: 004703D1
                                                    • Failed to set value in Fonts registry key., xrefs: 004703BC
                                                    • AddFontResource, xrefs: 00470405
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CloseFontMessageNotifyOpenResourceSendValue
                                                    • String ID: AddFontResource$Failed to open Fonts registry key.$Failed to set value in Fonts registry key.
                                                    • API String ID: 955540645-649663873
                                                    • Opcode ID: c636a64839ff53e682dff529f85995575b706fc8b75a47865608e8df79b75fab
                                                    • Instruction ID: de0fcad7f59b8b6e3f36252054ef2b9b6c1aa86c0dcba491f5fd59bb8c0745b9
                                                    • Opcode Fuzzy Hash: c636a64839ff53e682dff529f85995575b706fc8b75a47865608e8df79b75fab
                                                    • Instruction Fuzzy Hash: AA21CF74741204BBD710EB668C42FAF67AC8B44708F608477BA04FB3C2DA7C9E06966D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00462E30, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 75windowCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 78%
                                                    			E00462E30(intOrPtr* __eax, void* __ecx, void* __edx, void* __edi, void* __eflags) {
				struct HICON__* _v8;
				struct _SHFILEINFO _v360;
				void* __esi;
				void* __ebp;
				void* _t14;
				int _t18;
				intOrPtr* _t37;
				void* _t49;
				void* _t53;
				void* _t55;
				intOrPtr _t56;

				_t53 = _t55;
				_t56 = _t55 + 0xfffffe9c;
				_push(_t49);
				_t37 = __eax;
				 *((char*)(__eax + 0xfc)) = 0;
				E00416410(__eax, __edi, _t49, _t53);
				_t14 = E00403400(_t37 + 0x100);
				if(( *(_t37 + 0x1c) & 0x00000010) != 0) {
					return _t14;
				} else {
					if((GetVersion() & 0x000000ff) >= 6 &&  *0x49c714 != 0) {
						 *0x49c714(E004181E0(_t37), L"Explorer", 0);
						SendMessageA(E004181E0(_t37), 0x112c, 4, 4);
					}
					_t18 = SHGetFileInfo(0x462f3c, 0,  &_v360, 0x160, 0x4011);
					E00410890(E004181E0(_t37), 0, _t18);
					_v8 = SetCursor(LoadCursorA(0, 0x7f02));
					 *[fs:eax] = _t56;
					 *((intOrPtr*)( *_t37 + 0x80))( *[fs:eax], 0x462f18, _t53);
					 *[fs:eax] = 0;
					_push(0x462f1f);
					return SetCursor(_v8);
				}
			}














                                                    0x00462e31
                                                    0x00462e33
                                                    0x00462e3a
                                                    0x00462e3b
                                                    0x00462e3d
                                                    0x00462e46
                                                    0x00462e51
                                                    0x00462e5a
                                                    0x00462f24
                                                    0x00462e60
                                                    0x00462e6d
                                                    0x00462e87
                                                    0x00462e9e
                                                    0x00462e9e
                                                    0x00462ebb
                                                    0x00462ecd
                                                    0x00462ee4
                                                    0x00462ef2
                                                    0x00462efb
                                                    0x00462f06
                                                    0x00462f09
                                                    0x00462f17
                                                    0x00462f17

                                                    APIs
                                                      • Part of subcall function 00416410: GetClassInfoA.USER32 ref: 0041647F
                                                      • Part of subcall function 00416410: UnregisterClassA.USER32 ref: 004164AB
                                                      • Part of subcall function 00416410: RegisterClassA.USER32 ref: 004164CE
                                                    • GetVersion.KERNEL32 ref: 00462E60
                                                    • SendMessageA.USER32 ref: 00462E9E
                                                    • SHGetFileInfo.SHELL32(00462F3C,00000000,?,00000160,00004011), ref: 00462EBB
                                                    • LoadCursorA.USER32 ref: 00462ED9
                                                    • SetCursor.USER32(00000000,00000000,00007F02,00462F3C,00000000,?,00000160,00004011), ref: 00462EDF
                                                    • SetCursor.USER32(?,00462F1F,00007F02,00462F3C,00000000,?,00000160,00004011), ref: 00462F12
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: ClassCursor$Info$FileLoadMessageRegisterSendUnregisterVersion
                                                    • String ID: Explorer
                                                    • API String ID: 2594429197-512347832
                                                    • Opcode ID: 7f94d1b34be1123c5266d07caaa6a791a97c1592c612dd9281717db5908763d9
                                                    • Instruction ID: 4c9b61fcaeb9a6098bded6494fcb300de98feacffa2aea191203b59a87b37782
                                                    • Opcode Fuzzy Hash: 7f94d1b34be1123c5266d07caaa6a791a97c1592c612dd9281717db5908763d9
                                                    • Instruction Fuzzy Hash: BE21E7307403047AEB15BB758D47B9A37989B09708F4004BBBA05EA1C3EEBD9901966D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00478704, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 66libraryfileloaderCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 83%
                                                    			E00478704(void* __eax, void* __ecx, void* __edx) {
				char _v4112;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t8;
				signed char _t11;
				intOrPtr* _t19;
				void* _t20;
				void* _t21;
				void* _t25;
				void* _t26;
				long _t27;
				void* _t28;
				void* _t29;
				void* _t30;

				_t21 = __ecx;
				_t30 = _t29 + 0xfffff004;
				_push(__eax);
				_t25 = __edx;
				_t26 = __eax;
				_t19 = GetProcAddress(GetModuleHandleA("kernel32.dll"), "GetFinalPathNameByHandleA");
				if(_t19 == 0) {
					L9:
					_t8 = E00403494(_t25, _t26);
				} else {
					_t11 = GetFileAttributesA(E00403738(_t26));
					if(_t11 == 0xffffffff) {
						goto L9;
					} else {
						if((_t11 & 0x00000010) == 0) {
							_t27 = 0;
							__eflags = 0;
						} else {
							_t27 = 0x2000000;
						}
						_t28 = CreateFileA(E00403738(_t26), 0, 7, 0, 3, _t27, 0);
						if(_t28 == 0xffffffff) {
							goto L9;
						} else {
							_t20 =  *_t19(_t28,  &_v4112, 0x1000, 0);
							CloseHandle(_t28);
							if(_t20 <= 0) {
								goto L9;
							} else {
								_t37 = _t20 - 0xff0;
								if(_t20 >= 0xff0) {
									goto L9;
								} else {
									_t8 = E0047862C(_t30, _t20, _t21, _t25, _t25, _t26, _t37);
								}
							}
						}
					}
				}
				return _t8;
			}



















                                                    0x00478704
                                                    0x00478708
                                                    0x0047870e
                                                    0x0047870f
                                                    0x00478711
                                                    0x00478728
                                                    0x0047872c
                                                    0x0047879a
                                                    0x0047879e
                                                    0x0047872e
                                                    0x00478736
                                                    0x0047873e
                                                    0x00000000
                                                    0x00478740
                                                    0x00478742
                                                    0x0047874b
                                                    0x0047874b
                                                    0x00478744
                                                    0x00478744
                                                    0x00478744
                                                    0x00478765
                                                    0x0047876a
                                                    0x00000000
                                                    0x0047876c
                                                    0x0047877b
                                                    0x0047877e
                                                    0x00478785
                                                    0x00000000
                                                    0x00478787
                                                    0x00478787
                                                    0x0047878d
                                                    0x00000000
                                                    0x0047878f
                                                    0x00478793
                                                    0x00478793
                                                    0x0047878d
                                                    0x00478785
                                                    0x0047876a
                                                    0x0047873e
                                                    0x004787ad

                                                    APIs
                                                    • GetModuleHandleA.KERNEL32(kernel32.dll,GetFinalPathNameByHandleA,021A2A54,?,?,?,021A2A54,004788C8,00000000,004789E6,?,?,-00000010,?), ref: 0047871D
                                                    • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00478723
                                                    • GetFileAttributesA.KERNEL32(00000000,00000000,kernel32.dll,GetFinalPathNameByHandleA,021A2A54,?,?,?,021A2A54,004788C8,00000000,004789E6,?,?,-00000010,?), ref: 00478736
                                                    • CreateFileA.KERNEL32(00000000,00000000,00000007,00000000,00000003,00000000,00000000,00000000,00000000,kernel32.dll,GetFinalPathNameByHandleA,021A2A54,?,?,?,021A2A54), ref: 00478760
                                                    • CloseHandle.KERNEL32(00000000,?,?,?,021A2A54,004788C8,00000000,004789E6,?,?,-00000010,?), ref: 0047877E
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: FileHandle$AddressAttributesCloseCreateModuleProc
                                                    • String ID: GetFinalPathNameByHandleA$kernel32.dll
                                                    • API String ID: 2704155762-2318956294
                                                    • Opcode ID: 84faee84c7ae1c4c6466e44721508a772d43d2df2870f468474a87cc3996cec3
                                                    • Instruction ID: 047dad14a5c36f1309200c40cf8025e008869f39560cb3fb271412dec8c4dd3c
                                                    • Opcode Fuzzy Hash: 84faee84c7ae1c4c6466e44721508a772d43d2df2870f468474a87cc3996cec3
                                                    • Instruction Fuzzy Hash: 900161607C170466E524317B4C8AFBB654C8B90779F24813BBA5EEA2D2DDAC9D06015E
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00430940, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 23registryclipboardthreadCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00430940() {
				char _v4;
				long _v8;
				char _v12;
				char _v16;
				char _v48;
				char _t9;
				short _t13;

				 *0x49c698 = RegisterClipboardFormatA("commdlg_help");
				 *0x49c69c = RegisterClipboardFormatA("commdlg_FindReplace");
				_t9 =  *0x49c014; // 0x400000
				_v16 = _t9;
				_v12 = 0;
				_v8 = GetCurrentThreadId();
				_v4 = 0;
				_t13 = GlobalAddAtomA(E004078C0( &_v48,  &_v16, "WndProcPtr%.8X%.8X", 1));
				 *0x49a7f0 = _t13;
				return _t13;
			}










                                                    0x0043094d
                                                    0x0043095c
                                                    0x00430963
                                                    0x00430968
                                                    0x0043096c
                                                    0x00430976
                                                    0x0043097a
                                                    0x00430992
                                                    0x00430997
                                                    0x004309a0

                                                    APIs
                                                    • RegisterClipboardFormatA.USER32(commdlg_help), ref: 00430948
                                                    • RegisterClipboardFormatA.USER32(commdlg_FindReplace), ref: 00430957
                                                    • GetCurrentThreadId.KERNEL32 ref: 00430971
                                                    • GlobalAddAtomA.KERNEL32 ref: 00430992
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: ClipboardFormatRegister$AtomCurrentGlobalThread
                                                    • String ID: WndProcPtr%.8X%.8X$commdlg_FindReplace$commdlg_help
                                                    • API String ID: 4130936913-2943970505
                                                    • Opcode ID: a5ca90a30cf183996ea10938ce01219b281ca8395ff342eea983d69fd8c09c04
                                                    • Instruction ID: d785860af1824380fd88477401a0ac91f53502c0aef23a259f1a0b6829b03d26
                                                    • Opcode Fuzzy Hash: a5ca90a30cf183996ea10938ce01219b281ca8395ff342eea983d69fd8c09c04
                                                    • Instruction Fuzzy Hash: E5F082B0448340DEE300EB65884271A7BE0AF58318F10567FF488A2392E7389900CB6F
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00459E0C, Relevance: 12.1, APIs: 1, Strings: 7, Instructions: 121COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 84%
                                                    			E00459E0C(void* __eax, void* __ebx, intOrPtr __ecx, char __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				char _v9;
				char _v16;
				char _v20;
				char _v24;
				signed int _t43;
				intOrPtr _t50;
				void* _t64;
				void* _t70;
				void* _t75;
				intOrPtr _t87;
				signed int _t103;
				void* _t104;
				char _t106;
				void* _t109;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v24 = 0;
				_v8 = __ecx;
				_t106 = __edx;
				_t75 = __eax;
				_push(_t109);
				_push(0x459f8e);
				_push( *[fs:eax]);
				 *[fs:eax] = _t109 + 0xffffffec;
				_t103 = E00452AE0(__eax, __edx, __eflags);
				if(_t103 == 0xffffffff || (_t103 & 0x00000010) == 0) {
					_v9 = 1;
					goto L18;
				} else {
					_v20 = _t106;
					_v16 = 0xb;
					E00457F1C("Deleting directory: %s", _t75, 0,  &_v20, _t103, _t106);
					if((_t103 & 0x00000001) == 0) {
						L9:
						_t43 = E00452E10(_t75, _t106, _t117);
						asm("sbb eax, eax");
						_v9 =  ~( ~_t43);
						if(_v9 != 0) {
							L18:
							_pop(_t87);
							 *[fs:eax] = _t87;
							_push(E00459F95);
							return E00403400( &_v24);
						}
						_t104 = GetLastError();
						if(_v8 == 0) {
							__eflags = _a4;
							if(_a4 == 0) {
								L16:
								_v20 = _t104;
								_v16 = 0;
								E00457F1C("Failed to delete directory (%d).", _t75, 0,  &_v20, _t104, _t106);
								goto L18;
							}
							_t50 = E00459C64(_a4, _t75, _t106, _t104, _t106);
							__eflags = _t50;
							if(_t50 == 0) {
								goto L16;
							}
							__eflags =  *0x49a0dc - 2;
							if( *0x49a0dc != 2) {
								goto L16;
							}
							_v20 = _t104;
							_v16 = 0;
							E00457F1C("Failed to delete directory (%d). Will delete on restart (if empty).", _t75, 0,  &_v20, _t104, _t106);
							E00459D3C(_t75, _t75, _t106, _t104, _t106);
							goto L18;
						}
						_v20 = _t104;
						_v16 = 0;
						E00457F1C("Failed to delete directory (%d). Will retry later.", _t75, 0,  &_v20, _t104, _t106);
						E00403510();
						E0040357C( &_v24, _t106);
						E00456318(_v8, 0, _v24);
						goto L18;
					}
					_t115 = _t103 & 0x00000400;
					if((_t103 & 0x00000400) != 0) {
						L5:
						_t84 = _t103 & 0xfffffffe;
						_t64 = E00452E88(_t75, _t103 & 0xfffffffe, _t106, _t116);
						_t117 = _t64;
						if(_t64 == 0) {
							E00457D10("Failed to strip read-only attribute.", _t75, _t84, _t103, _t106);
						} else {
							E00457D10("Stripped read-only attribute.", _t75, _t84, _t103, _t106);
						}
						goto L9;
					}
					_t70 = E004543F4(_t75, _t75, _t106, _t103, _t106, _t115);
					_t116 = _t70;
					if(_t70 == 0) {
						E00457D10("Not stripping read-only attribute because the directory does not appear to be empty.", _t75, 0, _t103, _t106);
						goto L9;
					}
					goto L5;
				}
			}


















                                                    0x00459e12
                                                    0x00459e13
                                                    0x00459e14
                                                    0x00459e17
                                                    0x00459e1a
                                                    0x00459e1d
                                                    0x00459e1f
                                                    0x00459e23
                                                    0x00459e24
                                                    0x00459e29
                                                    0x00459e2c
                                                    0x00459e38
                                                    0x00459e3d
                                                    0x00459f74
                                                    0x00000000
                                                    0x00459e4f
                                                    0x00459e4f
                                                    0x00459e52
                                                    0x00459e60
                                                    0x00459e6b
                                                    0x00459eb6
                                                    0x00459eba
                                                    0x00459ec1
                                                    0x00459ec5
                                                    0x00459ecc
                                                    0x00459f78
                                                    0x00459f7a
                                                    0x00459f7d
                                                    0x00459f80
                                                    0x00459f8d
                                                    0x00459f8d
                                                    0x00459ed7
                                                    0x00459edd
                                                    0x00459f1e
                                                    0x00459f22
                                                    0x00459f5c
                                                    0x00459f5c
                                                    0x00459f5f
                                                    0x00459f6d
                                                    0x00000000
                                                    0x00459f6d
                                                    0x00459f29
                                                    0x00459f2e
                                                    0x00459f30
                                                    0x00000000
                                                    0x00000000
                                                    0x00459f32
                                                    0x00459f39
                                                    0x00000000
                                                    0x00000000
                                                    0x00459f3b
                                                    0x00459f3e
                                                    0x00459f4c
                                                    0x00459f55
                                                    0x00000000
                                                    0x00459f55
                                                    0x00459edf
                                                    0x00459ee2
                                                    0x00459ef0
                                                    0x00459f02
                                                    0x00459f0c
                                                    0x00459f17
                                                    0x00000000
                                                    0x00459f17
                                                    0x00459e6d
                                                    0x00459e73
                                                    0x00459e82
                                                    0x00459e84
                                                    0x00459e8b
                                                    0x00459e90
                                                    0x00459e92
                                                    0x00459ea5
                                                    0x00459e94
                                                    0x00459e99
                                                    0x00459e99
                                                    0x00000000
                                                    0x00459e92
                                                    0x00459e79
                                                    0x00459e7e
                                                    0x00459e80
                                                    0x00459eb1
                                                    0x00000000
                                                    0x00459eb1
                                                    0x00000000
                                                    0x00459e80

                                                    APIs
                                                    • GetLastError.KERNEL32(00000000,00459F8E,?,00000000,00000000,00000000,?,00000006,?,00000000,00497D9D,?,00000000,00497E40), ref: 00459ED2
                                                      • Part of subcall function 004543F4: FindClose.KERNEL32(000000FF,004544EA), ref: 004544D9
                                                    Strings
                                                    • Not stripping read-only attribute because the directory does not appear to be empty., xrefs: 00459EAC
                                                    • Deleting directory: %s, xrefs: 00459E5B
                                                    • Failed to delete directory (%d)., xrefs: 00459F68
                                                    • Failed to strip read-only attribute., xrefs: 00459EA0
                                                    • Failed to delete directory (%d). Will retry later., xrefs: 00459EEB
                                                    • Stripped read-only attribute., xrefs: 00459E94
                                                    • Failed to delete directory (%d). Will delete on restart (if empty)., xrefs: 00459F47
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CloseErrorFindLast
                                                    • String ID: Deleting directory: %s$Failed to delete directory (%d).$Failed to delete directory (%d). Will delete on restart (if empty).$Failed to delete directory (%d). Will retry later.$Failed to strip read-only attribute.$Not stripping read-only attribute because the directory does not appear to be empty.$Stripped read-only attribute.
                                                    • API String ID: 754982922-1448842058
                                                    • Opcode ID: eed5aa61101d37b683b43d2ad53e4a9e308a3ce5e58f45b7843850ad0de07bcf
                                                    • Instruction ID: 6514b8a34a7b0766e49f3a9923416089df7947466bf5f8ea7a116c2356c1b58d
                                                    • Opcode Fuzzy Hash: eed5aa61101d37b683b43d2ad53e4a9e308a3ce5e58f45b7843850ad0de07bcf
                                                    • Instruction Fuzzy Hash: BB41A331A04208CACB10EB69C8413AEB6A55F4530AF54897BAC01D73D3CB7C8E0DC79E
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00422E50, Relevance: 12.1, APIs: 8, Instructions: 119windowCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 78%
                                                    			E00422E50(intOrPtr __eax, void* __ebx, void* __edi, void* __esi) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v26;
				struct HWND__* _v32;
				intOrPtr _t50;
				intOrPtr _t51;
				intOrPtr _t53;
				intOrPtr _t54;
				intOrPtr _t56;
				intOrPtr _t71;
				void* _t76;
				intOrPtr _t102;
				void* _t103;
				void* _t104;
				void* _t106;
				void* _t107;
				intOrPtr _t108;

				_t104 = __esi;
				_t103 = __edi;
				_t106 = _t107;
				_t108 = _t107 + 0xffffffe4;
				_push(__ebx);
				_v8 = __eax;
				E004140E0();
				if( *((char*)(_v8 + 0x37)) != 0 ||  *((char*)(_v8 + 0x38)) == 0 || ( *(_v8 + 0x119) & 0x00000008) != 0 ||  *((char*)(_v8 + 0x116)) == 1) {
					E00408CBC(0x49c628, 0xf032, 1, _t103, _t104);
					E0040311C();
				}
				if(GetCapture() != 0) {
					SendMessageA(GetCapture(), 0x1f, 0, 0);
				}
				ReleaseCapture();
				 *(_v8 + 0x119) =  *(_v8 + 0x119) | 0x00000008;
				_v32 = GetActiveWindow();
				_t50 =  *0x49a57c; // 0xe
				_v20 = _t50;
				_t51 =  *0x49c62c; // 0x21a0660
				_v24 =  *((intOrPtr*)(_t51 + 0x4c));
				_t53 =  *0x49c62c; // 0x21a0660
				 *((intOrPtr*)(_t53 + 0x4c)) = _v8;
				_t54 =  *0x49c62c; // 0x21a0660
				_v26 =  *((intOrPtr*)(_t54 + 0x28));
				_t56 =  *0x49c62c; // 0x21a0660
				E00423394(_t56, 0);
				_v16 = E0041EEA4(0, 0x49c628, _t103, _t104);
				_push(_t106);
				_push(0x42303a);
				_push( *[fs:edx]);
				 *[fs:edx] = _t108;
				E00422E04(_v8);
				_push(_t106);
				_push(0x422fe3);
				_push( *[fs:edx]);
				 *[fs:edx] = _t108;
				SendMessageA(E004181E0(_v8), 0xb000, 0, 0);
				 *((intOrPtr*)(_v8 + 0x128)) = 0;
				do {
					E004244BC( *0x49c628, _t103, _t104);
					if( *((char*)( *0x49c628 + 0x7c)) == 0) {
						if( *((intOrPtr*)(_v8 + 0x128)) != 0) {
							E00422D54(_v8, 0xf032);
						}
					} else {
						 *((intOrPtr*)(_v8 + 0x128)) = 2;
					}
					_t71 =  *((intOrPtr*)(_v8 + 0x128));
				} while (_t71 == 0);
				_v12 = _t71;
				SendMessageA(E004181E0(_v8), 0xb001, 0, 0);
				_t76 = E004181E0(_v8);
				if(_t76 != GetActiveWindow()) {
					_v32 = 0;
				}
				_pop(_t102);
				 *[fs:eax] = _t102;
				_push(E00422FEA);
				return E00422DFC();
			}























                                                    0x00422e50
                                                    0x00422e50
                                                    0x00422e51
                                                    0x00422e53
                                                    0x00422e56
                                                    0x00422e57
                                                    0x00422e5f
                                                    0x00422e6b
                                                    0x00422e9a
                                                    0x00422e9f
                                                    0x00422e9f
                                                    0x00422eab
                                                    0x00422eb9
                                                    0x00422eb9
                                                    0x00422ebe
                                                    0x00422ec6
                                                    0x00422ed2
                                                    0x00422ed5
                                                    0x00422eda
                                                    0x00422edd
                                                    0x00422ee5
                                                    0x00422ee8
                                                    0x00422ef0
                                                    0x00422ef3
                                                    0x00422efc
                                                    0x00422f02
                                                    0x00422f07
                                                    0x00422f13
                                                    0x00422f18
                                                    0x00422f19
                                                    0x00422f1e
                                                    0x00422f21
                                                    0x00422f27
                                                    0x00422f2e
                                                    0x00422f2f
                                                    0x00422f34
                                                    0x00422f37
                                                    0x00422f4c
                                                    0x00422f56
                                                    0x00422f5c
                                                    0x00422f5e
                                                    0x00422f69
                                                    0x00422f84
                                                    0x00422f89
                                                    0x00422f89
                                                    0x00422f6b
                                                    0x00422f6e
                                                    0x00422f6e
                                                    0x00422f91
                                                    0x00422f97
                                                    0x00422f9b
                                                    0x00422fb0
                                                    0x00422fb8
                                                    0x00422fc6
                                                    0x00422fca
                                                    0x00422fca
                                                    0x00422fcf
                                                    0x00422fd2
                                                    0x00422fd5
                                                    0x00422fe2

                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CaptureMessageSend$ActiveWindow$Release
                                                    • String ID:
                                                    • API String ID: 862346643-0
                                                    • Opcode ID: 39b95147363cb89fd98338194d7258d63e092f3c08cf8341fd2ac28ca629037d
                                                    • Instruction ID: 1357ae16d8856f0372d1bd804dfe5642ed2db6f67eb3355d1ef670384bd1027f
                                                    • Opcode Fuzzy Hash: 39b95147363cb89fd98338194d7258d63e092f3c08cf8341fd2ac28ca629037d
                                                    • Instruction Fuzzy Hash: 3E417330B00245AFDB10EF69DA86B9E77F1EF44304F5540BAF404AB2A2D7789E50DB49
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0042F290, Relevance: 12.1, APIs: 8, Instructions: 102windowCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 55%
                                                    			E0042F290(CHAR* __eax, void* __ebx, signed int __ecx, CHAR* __edx, void* __edi, void* __esi) {
				signed int _v8;
				int _v12;
				struct HWND__* _v16;
				intOrPtr _v20;
				char _v21;
				char _v40;
				intOrPtr _t27;
				intOrPtr _t42;
				intOrPtr _t54;
				CHAR* _t63;
				intOrPtr _t72;
				intOrPtr _t74;
				void* _t75;
				CHAR* _t77;
				void* _t79;
				void* _t80;
				intOrPtr _t81;

				_t75 = __edi;
				_t79 = _t80;
				_t81 = _t80 + 0xffffffdc;
				_push(__ebx);
				_push(__esi);
				_v8 = __ecx;
				_t77 = __edx;
				_t63 = __eax;
				if( *0x49c688 != 0) {
					_v8 = _v8 | 0x00180000;
				}
				_t27 =  *0x49c628; // 0x21a2410
				if((GetWindowLongA( *(_t27 + 0x20), 0xfffffff0) & 0x10000000) == 0) {
					L4:
					_v16 = GetActiveWindow();
					_v20 = E0041EEA4(0, _t63, _t75, _t77);
					_push(_t79);
					_push(0x42f32e);
					_push( *[fs:eax]);
					 *[fs:eax] = _t81;
					_v12 = MessageBoxA(0, _t63, _t77, _v8 | 0x00002000);
					_pop(_t72);
					 *[fs:eax] = _t72;
					_push(E0042F437);
					E0041EF58(_v20);
					return SetActiveWindow(_v16);
				} else {
					_t42 =  *0x49c628; // 0x21a2410
					if((GetWindowLongA( *(_t42 + 0x20), 0xffffffec) & 0x00000080) == 0) {
						E0042F134();
						_push(_t79);
						_push(0x42f430);
						_push( *[fs:ecx]);
						 *[fs:ecx] = _t81;
						_v21 = E0042F188( &_v40);
						_push(_t79);
						_push(0x42f411);
						_push( *[fs:ecx]);
						 *[fs:ecx] = _t81;
						_v16 = GetActiveWindow();
						_v20 = E0041EEA4(0, _t63, _t75, _t77);
						_push(_t79);
						_push(0x42f3bc);
						_push( *[fs:eax]);
						 *[fs:eax] = _t81;
						_t54 =  *0x49c628; // 0x21a2410
						_v12 = MessageBoxA( *(_t54 + 0x20), _t63, _t77, _v8);
						_pop(_t74);
						 *[fs:eax] = _t74;
						_push(E0042F3C3);
						E0041EF58(_v20);
						return SetActiveWindow(_v16);
					} else {
						goto L4;
					}
				}
			}




















                                                    0x0042f290
                                                    0x0042f291
                                                    0x0042f293
                                                    0x0042f296
                                                    0x0042f297
                                                    0x0042f298
                                                    0x0042f29b
                                                    0x0042f29d
                                                    0x0042f2a6
                                                    0x0042f2a8
                                                    0x0042f2a8
                                                    0x0042f2b1
                                                    0x0042f2c4
                                                    0x0042f2da
                                                    0x0042f2df
                                                    0x0042f2e9
                                                    0x0042f2ee
                                                    0x0042f2ef
                                                    0x0042f2f4
                                                    0x0042f2f7
                                                    0x0042f30c
                                                    0x0042f311
                                                    0x0042f314
                                                    0x0042f317
                                                    0x0042f31f
                                                    0x0042f32d
                                                    0x0042f2c6
                                                    0x0042f2c8
                                                    0x0042f2d8
                                                    0x0042f33a
                                                    0x0042f341
                                                    0x0042f342
                                                    0x0042f347
                                                    0x0042f34a
                                                    0x0042f355
                                                    0x0042f35a
                                                    0x0042f35b
                                                    0x0042f360
                                                    0x0042f363
                                                    0x0042f36b
                                                    0x0042f375
                                                    0x0042f37a
                                                    0x0042f37b
                                                    0x0042f380
                                                    0x0042f383
                                                    0x0042f38c
                                                    0x0042f39a
                                                    0x0042f39f
                                                    0x0042f3a2
                                                    0x0042f3a5
                                                    0x0042f3ad
                                                    0x0042f3bb
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x0042f2d8

                                                    APIs
                                                    • GetWindowLongA.USER32 ref: 0042F2BA
                                                    • GetWindowLongA.USER32 ref: 0042F2D1
                                                    • GetActiveWindow.USER32 ref: 0042F2DA
                                                    • MessageBoxA.USER32 ref: 0042F307
                                                    • SetActiveWindow.USER32(?,0042F437,00000000,00000000,0042F32E,?,?,000000F0,00000000,?), ref: 0042F328
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Window$ActiveLong$Message
                                                    • String ID:
                                                    • API String ID: 2785966331-0
                                                    • Opcode ID: 3c98a287bcbc3a43e0e15f0e9e9e6331c1ebdf7e57234939d5281d79aaa85a99
                                                    • Instruction ID: 0ece09a01b05ac2bd58e3a2932475df1b460f34b24c2cf045fcfc9444de4ea96
                                                    • Opcode Fuzzy Hash: 3c98a287bcbc3a43e0e15f0e9e9e6331c1ebdf7e57234939d5281d79aaa85a99
                                                    • Instruction Fuzzy Hash: 6931C171A00254AFDB01EBA5DC52E6EBBB8EB09304B9144BAB804E3291D6389D10CB58
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00429480, Relevance: 12.1, APIs: 8, Instructions: 62COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00429480(void* __eax, void* __ebp, void* __eflags) {
				struct tagTEXTMETRICA _v84;
				signed int _v100;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t15;
				signed int _t20;
				signed int _t22;
				struct HDC__* _t28;
				signed int _t29;
				signed int _t31;
				signed int _t32;
				void* _t33;
				void* _t37;
				void* _t39;
				struct tagTEXTMETRICA* _t41;

				_t39 = __eax;
				_t28 = GetDC(0);
				GetTextMetricsA(_t28, _t41);
				_t15 = SelectObject(_t28, E0041A1E8( *((intOrPtr*)(_t39 + 0x44)), _t28, _t33, _t37, _t39));
				GetTextMetricsA(_t28,  &_v84);
				SelectObject(_t28, _t15);
				ReleaseDC(0, _t28);
				if( *0x49c5c4 == 0) {
					_t29 = _t41->tmHeight;
					_t20 = _v100;
					if(_t29 > _t20) {
						_t29 = _t20;
					}
					_t22 = GetSystemMetrics(6) << 2;
					if(_t29 < 0) {
						_t29 = _t29 + 3;
					}
					_t31 = _t22 + (_t29 >> 2);
				} else {
					if( *((char*)(_t39 + 0xc5)) == 0) {
						_t32 = 6;
					} else {
						_t32 = 8;
					}
					_t31 = GetSystemMetrics(6) * _t32;
				}
				return E0041463C(_t39, _v100 + _t31);
			}



















                                                    0x00429486
                                                    0x0042948f
                                                    0x00429493
                                                    0x004294a2
                                                    0x004294af
                                                    0x004294b6
                                                    0x004294be
                                                    0x004294ca
                                                    0x004294ee
                                                    0x004294f1
                                                    0x004294f7
                                                    0x004294f9
                                                    0x004294f9
                                                    0x00429502
                                                    0x00429507
                                                    0x00429509
                                                    0x00429509
                                                    0x00429511
                                                    0x004294cc
                                                    0x004294d3
                                                    0x004294dc
                                                    0x004294d5
                                                    0x004294d5
                                                    0x004294d5
                                                    0x004294ea
                                                    0x004294ea
                                                    0x00429526

                                                    APIs
                                                    • GetDC.USER32(00000000), ref: 0042948A
                                                    • GetTextMetricsA.GDI32(00000000), ref: 00429493
                                                      • Part of subcall function 0041A1E8: CreateFontIndirectA.GDI32(?), ref: 0041A2A7
                                                    • SelectObject.GDI32(00000000,00000000), ref: 004294A2
                                                    • GetTextMetricsA.GDI32(00000000,?), ref: 004294AF
                                                    • SelectObject.GDI32(00000000,00000000), ref: 004294B6
                                                    • ReleaseDC.USER32 ref: 004294BE
                                                    • GetSystemMetrics.USER32 ref: 004294E3
                                                    • GetSystemMetrics.USER32 ref: 004294FD
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Metrics$ObjectSelectSystemText$CreateFontIndirectRelease
                                                    • String ID:
                                                    • API String ID: 1583807278-0
                                                    • Opcode ID: b6c9b4590bedf8a5668c90f2a33c64f3739a4c15a772245c738bb335bb7cd0f7
                                                    • Instruction ID: a57f56e533d485e90500cc8844f53ed5573372bce62f15aaf232a07072237724
                                                    • Opcode Fuzzy Hash: b6c9b4590bedf8a5668c90f2a33c64f3739a4c15a772245c738bb335bb7cd0f7
                                                    • Instruction Fuzzy Hash: 4D01C4A17087203BE321767A8CC6F6F65C8DB44358F84043BF686D63D3D96C9C41866A
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0041DE24, Relevance: 12.1, APIs: 8, Instructions: 60windowCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E0041DE24() {
				int _t4;
				struct HDC__* _t23;

				_t23 = GetDC(0);
				 *0x49c604 = GetDeviceCaps(_t23, 0x5a);
				ReleaseDC(0, _t23);
				_t4 =  *0x49c604; // 0x60
				 *0x49a4e4 =  ~(MulDiv(8, _t4, 0x48));
				 *0x49c608 = GetStockObject(7);
				 *0x49c60c = GetStockObject(5);
				 *0x49c610 = GetStockObject(0xd);
				 *0x49c614 = LoadIconA(0, 0x7f00);
				 *0x49c618 = E00419B3C(0x2c, 1);
				 *0x49c61c = E00419B3C(0x10, 1);
				 *0x49c620 = E00419B3C(0x10, 1);
				 *0x49a564 = E00402B30(1);
				 *0x49c624 = E00402B30(1);
				return E0040ADAC(0x419060, 0x41a068, 0x41a098);
			}





                                                    0x0041de2c
                                                    0x0041de36
                                                    0x0041de3e
                                                    0x0041de45
                                                    0x0041de54
                                                    0x0041de60
                                                    0x0041de6c
                                                    0x0041de78
                                                    0x0041de89
                                                    0x0041de9e
                                                    0x0041deb3
                                                    0x0041dec8
                                                    0x0041ded9
                                                    0x0041deea
                                                    0x0041df04

                                                    APIs
                                                    • GetDC.USER32(00000000), ref: 0041DE27
                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0041DE31
                                                    • ReleaseDC.USER32 ref: 0041DE3E
                                                    • MulDiv.KERNEL32(00000008,00000060,00000048), ref: 0041DE4D
                                                    • GetStockObject.GDI32(00000007), ref: 0041DE5B
                                                    • GetStockObject.GDI32(00000005), ref: 0041DE67
                                                    • GetStockObject.GDI32(0000000D), ref: 0041DE73
                                                    • LoadIconA.USER32(00000000,00007F00), ref: 0041DE84
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: ObjectStock$CapsDeviceIconLoadRelease
                                                    • String ID:
                                                    • API String ID: 225703358-0
                                                    • Opcode ID: 60385fb8b99907decc0c048c95daa02a15d012cadae0939c392207dec41f8ec1
                                                    • Instruction ID: b1570225ef860401f90fbe0181f630f16bcc097e3e60e5a01c67c65972f4669b
                                                    • Opcode Fuzzy Hash: 60385fb8b99907decc0c048c95daa02a15d012cadae0939c392207dec41f8ec1
                                                    • Instruction Fuzzy Hash: BE114FB06453015EE340FFA65D92B6A36A0DB25709F40913FF609AF3D2DA7E1C448B6E
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00463240, Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 273COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 91%
                                                    			E00463240(intOrPtr* __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				intOrPtr* _v8;
				struct HICON__* _v12;
				char _v16;
				char _v17;
				intOrPtr _v44;
				intOrPtr _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _t129;
				signed int _t136;
				signed int _t139;
				signed int _t142;
				intOrPtr _t149;
				intOrPtr _t153;
				intOrPtr _t157;
				intOrPtr _t158;
				intOrPtr _t159;
				signed int _t165;
				signed int _t172;
				signed int _t177;
				signed int _t180;
				void* _t183;
				void* _t186;
				intOrPtr _t188;
				intOrPtr _t191;
				void* _t204;
				intOrPtr _t212;
				intOrPtr _t238;
				signed int _t239;
				intOrPtr _t240;
				signed int _t245;
				intOrPtr _t247;
				intOrPtr _t249;
				void* _t253;
				void* _t257;
				void* _t262;
				void* _t264;
				signed int* _t270;
				intOrPtr _t271;
				intOrPtr _t272;
				void* _t273;
				void* _t275;
				void* _t276;
				void* _t277;
				intOrPtr _t278;
				void* _t279;

				_t267 = __edi;
				_t276 = _t277;
				_t278 = _t277 + 0xffffffc8;
				_v16 = 0;
				_t216 = __edx;
				_v8 = __eax;
				 *[fs:eax] = _t278;
				_t220 =  *_v8;
				 *((intOrPtr*)( *_v8 - 0x10))( *[fs:eax], 0x4635fa, _t276, __edi, __esi, __ebx, _t275);
				_t129 =  *((intOrPtr*)(__edx + 8));
				_t238 =  *((intOrPtr*)(_t129 + 8));
				_t279 = _t238 - 0xfffffe6b;
				if(_t279 > 0) {
					_t239 = _t238 - 0xfffffe6d;
					__eflags = _t239;
					if(_t239 == 0) {
						_t270 =  *((intOrPtr*)(__edx + 8)) + 0xc;
						__eflags =  *_t270 & 0x00000002;
						if(( *_t270 & 0x00000002) != 0) {
							_t270[6] =  *((intOrPtr*)( *_v8 + 0x84))(0);
						}
						__eflags =  *_t270 & 0x00000020;
						if(( *_t270 & 0x00000020) != 0) {
							_t270[7] =  *((intOrPtr*)( *_v8 + 0x84))(1);
						}
						__eflags =  *_t270 & 0x00000040;
						if(( *_t270 & 0x00000040) != 0) {
							E004181E0(_v8);
							_t136 = E004108C8();
							__eflags = _t136;
							_t270[8] = (_t136 & 0xffffff00 | _t136 != 0x00000000) & 0x0000007f;
							__eflags = _t270[8];
							if(_t270[8] == 0) {
								_t139 = _t270[9];
								__eflags =  *((char*)(_t139 + 4));
								if( *((char*)(_t139 + 4)) == 0) {
									_t142 =  *((intOrPtr*)( *_v8 + 0x8c))() & 0x0000007f;
									__eflags = _t142;
									_t270[8] = _t142;
								}
							}
						}
						 *_t270 =  *_t270 | 0x00001000;
					} else {
						_t245 = _t239 - 1;
						__eflags = _t245;
						if(_t245 == 0) {
							_t149 = _v8;
							__eflags =  *((char*)(_t149 + 0xfc));
							if( *((char*)(_t149 + 0xfc)) == 0) {
								E004630F0(_v8, __edx, __edi, __esi);
							}
						} else {
							__eflags = _t245 - 0x190;
							if(__eflags == 0) {
								E0046317C(_t220, __eflags, _t276);
								 *(_t216 + 0xc) = 1;
							}
						}
					}
					goto L51;
				} else {
					if(_t279 == 0) {
						_t153 = _v8;
						__eflags =  *((char*)(_t153 + 0x105));
						if( *((char*)(_t153 + 0x105)) != 0) {
							E00408C0C("Internal error: Item already expanding", 1);
							E0040311C();
						}
						 *((char*)(_v8 + 0x105)) = 1;
						_push(_t276);
						_push(0x4633d9);
						_push( *[fs:eax]);
						 *[fs:eax] = _t278;
						_t271 =  *((intOrPtr*)(_t216 + 8));
						__eflags =  *((intOrPtr*)(_t271 + 0xc)) - 2;
						if( *((intOrPtr*)(_t271 + 0xc)) != 2) {
							L22:
							__eflags = 0;
							_pop(_t247);
							 *[fs:eax] = _t247;
							_push(0x4635e4);
							_t157 = _v8;
							 *((char*)(_t157 + 0x105)) = 0;
							return _t157;
						} else {
							_t158 =  *((intOrPtr*)(_t271 + 0x5c));
							__eflags =  *((char*)(_t158 + 5));
							if( *((char*)(_t158 + 5)) != 0) {
								goto L22;
							} else {
								_t159 =  *((intOrPtr*)(_t271 + 0x5c));
								__eflags =  *((char*)(_t159 + 4));
								if( *((char*)(_t159 + 4)) != 0) {
									goto L22;
								} else {
									 *((char*)( *((intOrPtr*)(_t271 + 0x5c)) + 5)) = 1;
									_v12 = SetCursor(LoadCursorA(0, 0x7f02));
									 *[fs:eax] = _t278;
									_t165 =  *((intOrPtr*)( *_v8 + 0x80))( *[fs:eax], 0x4633ba, _t276);
									__eflags = _t165;
									if(_t165 == 0) {
										 *((char*)( *((intOrPtr*)(_t271 + 0x5c)) + 5)) = 0;
										 *(_t216 + 0xc) = 1;
									} else {
										E004181E0(_v8);
										_t172 = E004108C8();
										__eflags = _t172;
										if(_t172 == 0) {
											E00463638(_v8, 0,  *((intOrPtr*)(_t271 + 0x3c)));
										}
									}
									__eflags = 0;
									_pop(_t249);
									 *[fs:eax] = _t249;
									_push(0x4633c1);
									return SetCursor(_v12);
								}
							}
						}
					} else {
						_t253 = _t238 - 0xfffffe61;
						if(_t253 == 0) {
							_t272 = _t129;
							__eflags =  *(_t272 + 0x14);
							if( *(_t272 + 0x14) != 0) {
								__eflags =  *(_t272 + 0x3c);
								if( *(_t272 + 0x3c) != 0) {
									E004181E0(_v8);
									_t183 = E004108E0();
									E004181E0(_v8);
									_t186 = E004108E0();
									__eflags = _t183 - _t186;
									if(_t183 != _t186) {
										_t111 = __edx + 0xc;
										 *_t111 =  *(__edx + 0xc) | 0x00000001;
										__eflags =  *_t111;
									}
								}
							}
							_t177 =  *(_t272 + 0x3c);
							__eflags = _t177;
							if(_t177 != 0) {
								_v60 = 8;
								_v56 = _t177;
								_v48 = 0x20;
								_t180 = E00410930(E004181E0(_v8),  &_v60);
								__eflags = _t180;
								if(_t180 != 0) {
									__eflags = _v52 & 0x00000020;
									if((_v52 & 0x00000020) != 0) {
										_t122 = _t216 + 0xc;
										 *_t122 =  *(_t216 + 0xc) | 0x00000002;
										__eflags =  *_t122;
									}
								}
							}
						} else {
							_t257 = _t253 - 4;
							if(_t257 == 0) {
								_t273 =  *((intOrPtr*)(__edx + 8)) + 0xc;
								_t188 =  *((intOrPtr*)(_t273 + 0x24));
								__eflags =  *((char*)(_t188 + 4));
								if( *((char*)(_t188 + 4)) != 0) {
									__eflags =  *(_t273 + 0x10);
									if( *(_t273 + 0x10) != 0) {
										E0040352C( &_v16,  *(_t273 + 0x10));
										_v17 = 1;
										_t191 = _v8;
										__eflags =  *((short*)(_t191 + 0x112));
										if( *((short*)(_t191 + 0x112)) != 0) {
											_t216 = _v8;
											 *((intOrPtr*)(_v8 + 0x110))( &_v17);
										}
										__eflags = _v17;
										if(_v17 != 0) {
											E00403450( *((intOrPtr*)(_t273 + 0x24)), _t216, _v16, _t267, _t273);
											_v60 = 1;
											_v56 =  *(_t273 + 4);
											_v44 = E00403738(_v16);
											E00410948(E004181E0(_v8),  &_v60);
											E004181E0(_v8);
											_push(E004108E0());
											_t204 = E004181E0(_v8);
											_pop(_t262);
											E004109A4(_t204, 0, _t262);
											E004630F0(_v8, _t216, _t267, _t273);
										}
									}
								}
							} else {
								_t264 = _t257 - 1;
								if(_t264 == 0) {
									_t212 =  *((intOrPtr*)( *((intOrPtr*)(__edx + 8)) + 0x30));
									__eflags =  *((char*)(_t212 + 4));
									if( *((char*)(_t212 + 4)) == 0) {
										 *(__edx + 0xc) = 1;
									}
								} else {
									if(_t264 == 1) {
										E00403B94( *((intOrPtr*)(_t129 + 0x34)));
									}
								}
							}
						}
						L51:
						_pop(_t240);
						 *[fs:eax] = _t240;
						_push(0x463601);
						return E00403400( &_v16);
					}
				}
			}


















































                                                    0x00463240
                                                    0x00463241
                                                    0x00463243
                                                    0x0046324b
                                                    0x0046324e
                                                    0x00463250
                                                    0x0046325e
                                                    0x00463266
                                                    0x00463268
                                                    0x0046326b
                                                    0x0046326e
                                                    0x00463271
                                                    0x00463277
                                                    0x0046329f
                                                    0x0046329f
                                                    0x004632a5
                                                    0x004633e3
                                                    0x004633e6
                                                    0x004633e9
                                                    0x00463401
                                                    0x00463401
                                                    0x00463404
                                                    0x00463407
                                                    0x0046341f
                                                    0x0046341f
                                                    0x00463422
                                                    0x00463425
                                                    0x0046342a
                                                    0x00463432
                                                    0x00463437
                                                    0x0046343f
                                                    0x00463442
                                                    0x00463446
                                                    0x00463448
                                                    0x0046344b
                                                    0x0046344f
                                                    0x0046345f
                                                    0x0046345f
                                                    0x00463462
                                                    0x00463462
                                                    0x0046344f
                                                    0x00463446
                                                    0x00463465
                                                    0x004632ab
                                                    0x004632ab
                                                    0x004632ab
                                                    0x004632ac
                                                    0x00463470
                                                    0x00463473
                                                    0x0046347a
                                                    0x00463483
                                                    0x00463483
                                                    0x004632b2
                                                    0x004632b2
                                                    0x004632b8
                                                    0x00463567
                                                    0x0046356d
                                                    0x0046356d
                                                    0x004632b8
                                                    0x004632ac
                                                    0x00000000
                                                    0x00463279
                                                    0x00463279
                                                    0x004632d5
                                                    0x004632d8
                                                    0x004632df
                                                    0x004632ed
                                                    0x004632f2
                                                    0x004632f2
                                                    0x004632fa
                                                    0x00463303
                                                    0x00463304
                                                    0x00463309
                                                    0x0046330c
                                                    0x0046330f
                                                    0x00463312
                                                    0x00463316
                                                    0x004633c1
                                                    0x004633c1
                                                    0x004633c3
                                                    0x004633c6
                                                    0x004633c9
                                                    0x004633ce
                                                    0x004633d1
                                                    0x004633d8
                                                    0x0046331c
                                                    0x0046331c
                                                    0x0046331f
                                                    0x00463323
                                                    0x00000000
                                                    0x00463329
                                                    0x00463329
                                                    0x0046332c
                                                    0x00463330
                                                    0x00000000
                                                    0x00463336
                                                    0x00463339
                                                    0x0046334f
                                                    0x0046335d
                                                    0x00463368
                                                    0x0046336e
                                                    0x00463370
                                                    0x00463398
                                                    0x0046339c
                                                    0x00463372
                                                    0x00463375
                                                    0x0046337d
                                                    0x00463382
                                                    0x00463384
                                                    0x0046338e
                                                    0x0046338e
                                                    0x00463384
                                                    0x004633a3
                                                    0x004633a5
                                                    0x004633a8
                                                    0x004633ab
                                                    0x004633b9
                                                    0x004633b9
                                                    0x00463330
                                                    0x00463323
                                                    0x0046327b
                                                    0x0046327b
                                                    0x00463281
                                                    0x00463576
                                                    0x00463578
                                                    0x0046357c
                                                    0x0046357e
                                                    0x00463582
                                                    0x00463587
                                                    0x0046358f
                                                    0x00463599
                                                    0x004635a1
                                                    0x004635a6
                                                    0x004635a8
                                                    0x004635aa
                                                    0x004635aa
                                                    0x004635aa
                                                    0x004635aa
                                                    0x004635a8
                                                    0x00463582
                                                    0x004635ae
                                                    0x004635b1
                                                    0x004635b3
                                                    0x004635b5
                                                    0x004635bc
                                                    0x004635bf
                                                    0x004635d1
                                                    0x004635d6
                                                    0x004635d8
                                                    0x004635da
                                                    0x004635de
                                                    0x004635e0
                                                    0x004635e0
                                                    0x004635e0
                                                    0x004635e0
                                                    0x004635de
                                                    0x004635d8
                                                    0x00463287
                                                    0x00463287
                                                    0x0046328a
                                                    0x004634af
                                                    0x004634b2
                                                    0x004634b5
                                                    0x004634b9
                                                    0x004634bf
                                                    0x004634c3
                                                    0x004634cf
                                                    0x004634d4
                                                    0x004634d8
                                                    0x004634db
                                                    0x004634e3
                                                    0x004634ec
                                                    0x004634f8
                                                    0x004634f8
                                                    0x004634fe
                                                    0x00463502
                                                    0x0046350e
                                                    0x00463513
                                                    0x0046351d
                                                    0x00463528
                                                    0x00463536
                                                    0x0046353e
                                                    0x0046354b
                                                    0x0046354f
                                                    0x00463556
                                                    0x00463557
                                                    0x0046355f
                                                    0x0046355f
                                                    0x00463502
                                                    0x004634c3
                                                    0x00463290
                                                    0x00463290
                                                    0x00463291
                                                    0x00463493
                                                    0x00463496
                                                    0x0046349a
                                                    0x004634a0
                                                    0x004634a0
                                                    0x00463297
                                                    0x00463298
                                                    0x004632cb
                                                    0x004632cb
                                                    0x00463298
                                                    0x00463291
                                                    0x0046328a
                                                    0x004635e4
                                                    0x004635e6
                                                    0x004635e9
                                                    0x004635ec
                                                    0x004635f9
                                                    0x004635f9
                                                    0x00463279

                                                    APIs
                                                    • LoadCursorA.USER32 ref: 00463344
                                                    • SetCursor.USER32(00000000,00000000,00007F02,00000000,004633D9), ref: 0046334A
                                                    • SetCursor.USER32(?,004633C1,00007F02,00000000,004633D9), ref: 004633B4
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Cursor$Load
                                                    • String ID: $ $Internal error: Item already expanding
                                                    • API String ID: 1675784387-1948079669
                                                    • Opcode ID: 040729a671edf880b94918ceea5f8eaec20fdfbf8da854279a56862745118dff
                                                    • Instruction ID: e4e85f4aa3fa623d7d3a169fbc538aa22306e9421cedfdc69a3031d12d347dae
                                                    • Opcode Fuzzy Hash: 040729a671edf880b94918ceea5f8eaec20fdfbf8da854279a56862745118dff
                                                    • Instruction Fuzzy Hash: 4CB18270604284EFDB11DF29C545B9ABBF1BF04305F1484AAE8469B792DB78EE44CB4A
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00453D30, Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 225COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 75%
                                                    			E00453D30(void* __eax, void* __ebx, char __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				char _v40;
				char _v41;
				char _v48;
				char _v52;
				void* __ecx;
				void* _t90;
				void* _t151;
				void* _t176;
				char _t178;
				intOrPtr _t180;
				intOrPtr _t188;
				intOrPtr _t195;
				intOrPtr _t219;
				intOrPtr _t229;
				intOrPtr _t230;

				_t227 = __esi;
				_t226 = __edi;
				_t229 = _t230;
				_t180 = 5;
				goto L1;
				L4:
				if(E0042DBF4(_t90) != 0) {
					if(_t176 == 0) {
						E00453B34(_v8, _t176, _t181,  &_v48, _t226, _t227);
						E00403494( &_v8, _v48);
						if(_v12 != 0) {
							E00453B34(_v12, _t176, _t181,  &_v48, _t226, _t227);
							E00403494( &_v12, _v48);
						}
					}
					if(E00452D04(_t176, _v12, _v8, 5) == 0) {
						E0045349C("MoveFileEx");
					}
					_pop(_t195);
					 *[fs:eax] = _t195;
					_push(E0045406D);
					E00403420( &_v52, 2);
					E00403420( &_v40, 2);
					return E00403420( &_v24, 5);
				} else {
					E0042D898( &_v16);
					E0042C3FC(_v16,  &_v48);
					E004035C0( &_v20, "WININIT.INI", _v48);
					E004537B0(0, _t176, 0x454090, _v16, _t226, _t227,  &_v24);
					_push(_t229);
					_push(0x453fc5);
					_push( *[fs:eax]);
					 *[fs:eax] = _t230;
					_v28 = 0;
					_v32 = 0;
					_push(_t229);
					_push(0x453f6f);
					_push( *[fs:eax]);
					 *[fs:eax] = _t230;
					WritePrivateProfileStringA(0, 0, 0, E00403738(_v20));
					_v28 = E0045072C(1, 1, 0, 3);
					_t188 = _v24;
					_v32 = E0045072C(1, 0, 1, 0);
					_v41 = 0;
					while(E004509C0(_v28) == 0) {
						E004509D0(_v28,  &_v36);
						_t178 = 1;
						E00406BB0(_v36,  &_v40);
						if(_v40 == 0 ||  *_v40 != 0x5b) {
							L11:
							E00450BB8(_v32, _t178, _t188, _v36, _t226, _t227);
							_t178 = 0;
							continue;
						} else {
							if(E00406AC4(_v40, "[rename]") != 0) {
								if(_v41 == 0) {
									goto L11;
								}
							} else {
								_v41 = 1;
								goto L11;
							}
						}
						break;
					}
					if(_v41 == 0) {
						E00450BB8(_v32, _t178, _t188, "[rename]", _t226, _t227);
					}
					if(_v12 == 0) {
						E00403494( &_v40, 0x4540b4);
					} else {
						E0042D844(_v12, _t188,  &_v40);
					}
					E00403494( &_v48, _v40);
					E0040357C( &_v48, 0x4540c0);
					_push( &_v48);
					E0042D844(_v8, _t188,  &_v52);
					_pop(_t151);
					E0040357C(_t151, _v52);
					E00450BB8(_v32, _t178, _t188, _v48, _t226, _t227);
					if(_t178 != 0) {
						E00450BB8(_v32, _t178, _t188, _v36, _t226, _t227);
					}
					while(E004509C0(_v28) == 0) {
						E004509D0(_v28,  &_v36);
						E00450BB8(_v32, _t178, _t188, _v36, _t226, _t227);
					}
					_pop(_t219);
					 *[fs:eax] = _t219;
					_push(E00453F76);
					E00402B58(_v32);
					return E00402B58(_v28);
				}
				L1:
				_push(0);
				_push(0);
				_t180 = _t180 - 1;
				if(_t180 != 0) {
					goto L1;
				} else {
					_push(_t180);
					_t1 =  &_v8;
					_t181 =  *_t1;
					 *_t1 = _t180;
					_push(__esi);
					_push(__edi);
					_v12 =  *_t1;
					_v8 = __edx;
					_t176 = __eax;
					E00403728(_v8);
					E00403728(_v12);
					_push(_t229);
					_push(0x454066);
					_push( *[fs:eax]);
					 *[fs:eax] = _t230;
					E0042C804(_v8,  &_v48);
					_t90 = E00403494( &_v8, _v48);
					if(_v12 != 0) {
						E0042C804(_v12,  &_v48);
						_t90 = E00403494( &_v12, _v48);
					}
				}
				goto L4;
			}


























                                                    0x00453d30
                                                    0x00453d30
                                                    0x00453d31
                                                    0x00453d34
                                                    0x00453d34
                                                    0x00453d9f
                                                    0x00453da6
                                                    0x00453fe0
                                                    0x00453fe8
                                                    0x00453ff3
                                                    0x00453ffc
                                                    0x00454004
                                                    0x0045400f
                                                    0x0045400f
                                                    0x00453ffc
                                                    0x00454025
                                                    0x0045402c
                                                    0x0045402c
                                                    0x00454033
                                                    0x00454036
                                                    0x00454039
                                                    0x00454046
                                                    0x00454053
                                                    0x00454065
                                                    0x00453dac
                                                    0x00453daf
                                                    0x00453dba
                                                    0x00453dca
                                                    0x00453ddd
                                                    0x00453de4
                                                    0x00453de5
                                                    0x00453dea
                                                    0x00453ded
                                                    0x00453df2
                                                    0x00453df7
                                                    0x00453dfc
                                                    0x00453dfd
                                                    0x00453e02
                                                    0x00453e05
                                                    0x00453e17
                                                    0x00453e31
                                                    0x00453e3a
                                                    0x00453e49
                                                    0x00453e4c
                                                    0x00453ea4
                                                    0x00453e5a
                                                    0x00453e5f
                                                    0x00453e67
                                                    0x00453e70
                                                    0x00453e97
                                                    0x00453e9d
                                                    0x00453ea2
                                                    0x00000000
                                                    0x00453e7a
                                                    0x00453e89
                                                    0x00453e95
                                                    0x00000000
                                                    0x00000000
                                                    0x00453e8b
                                                    0x00453e8b
                                                    0x00000000
                                                    0x00453e8b
                                                    0x00453e89
                                                    0x00000000
                                                    0x00453e70
                                                    0x00453eb4
                                                    0x00453ebe
                                                    0x00453ebe
                                                    0x00453ec7
                                                    0x00453ede
                                                    0x00453ec9
                                                    0x00453ecf
                                                    0x00453ecf
                                                    0x00453ee9
                                                    0x00453ef6
                                                    0x00453efe
                                                    0x00453f05
                                                    0x00453f0d
                                                    0x00453f0e
                                                    0x00453f19
                                                    0x00453f20
                                                    0x00453f28
                                                    0x00453f28
                                                    0x00453f45
                                                    0x00453f35
                                                    0x00453f40
                                                    0x00453f40
                                                    0x00453f53
                                                    0x00453f56
                                                    0x00453f59
                                                    0x00453f61
                                                    0x00453f6e
                                                    0x00453f6e
                                                    0x00453d39
                                                    0x00453d39
                                                    0x00453d3b
                                                    0x00453d3d
                                                    0x00453d3e
                                                    0x00000000
                                                    0x00453d40
                                                    0x00453d40
                                                    0x00453d41
                                                    0x00453d41
                                                    0x00453d41
                                                    0x00453d45
                                                    0x00453d46
                                                    0x00453d47
                                                    0x00453d4a
                                                    0x00453d4d
                                                    0x00453d52
                                                    0x00453d5a
                                                    0x00453d61
                                                    0x00453d62
                                                    0x00453d67
                                                    0x00453d6a
                                                    0x00453d73
                                                    0x00453d7e
                                                    0x00453d87
                                                    0x00453d8f
                                                    0x00453d9a
                                                    0x00453d9a
                                                    0x00453d87
                                                    0x00000000

                                                    APIs
                                                    • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00453E17
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: PrivateProfileStringWrite
                                                    • String ID: .tmp$MoveFileEx$NUL$WININIT.INI$[rename]
                                                    • API String ID: 390214022-3304407042
                                                    • Opcode ID: fdade099f246913e7a06ab1ae0640b7e0c900ce3f8fcc8a3e0a9d6328466fa06
                                                    • Instruction ID: 4c4b1d7f09994941c57eaafc4db68242d6a3f6c21ecd3f2b5b8f846a746055a2
                                                    • Opcode Fuzzy Hash: fdade099f246913e7a06ab1ae0640b7e0c900ce3f8fcc8a3e0a9d6328466fa06
                                                    • Instruction Fuzzy Hash: 40911434E002099BDB01EFA5D842BDEB7F5AF4874AF608466E90077392D7786E49CB58
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00476FE4, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 200windowCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 84%
                                                    			E00476FE4(intOrPtr __ebx, void* __edi, intOrPtr __esi) {
				char _v5;
				intOrPtr _v12;
				long _v16;
				char _v20;
				char _v24;
				struct _WNDCLASSW _v64;
				char _v68;
				intOrPtr _t76;
				void* _t78;
				intOrPtr _t113;
				intOrPtr _t117;
				void* _t119;
				intOrPtr _t121;
				intOrPtr _t131;
				long _t140;
				intOrPtr _t157;
				intOrPtr _t166;
				intOrPtr _t168;
				void* _t188;
				void* _t189;
				intOrPtr _t190;
				void* _t195;
				void* _t209;

				_t186 = __esi;
				_t185 = __edi;
				_t155 = __ebx;
				_t188 = _t189;
				_t190 = _t189 + 0xffffffc0;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v68 = 0;
				_v16 = 0;
				_v20 = 0;
				_push(_t188);
				_push(0x4772a6);
				_push( *[fs:eax]);
				 *[fs:eax] = _t190;
				_t158 =  *0x49c628; // 0x21a2410
				_v12 = E004772F8(1, __edi);
				_push(_t188);
				_push(0x47727c);
				_push( *[fs:edx]);
				 *[fs:edx] = _t190;
				if( *0x49a0dc == 2 && GetClassInfoW(0, L"COMBOBOX",  &_v64) != 0) {
					 *0x49d0d8 = _v64.lpfnWndProc;
					 *0x49d0dc = SetWindowLongW(E004181E0( *((intOrPtr*)(_v12 + 0x1bc))), 0xfffffffc, E00476F98);
				}
				_t76 =  *0x49d360; // 0x0
				_t78 =  *((intOrPtr*)(_t76 + 8)) - 1;
				if(_t78 < 0) {
					L15:
					if(( *0x49d31b & 0x00000004) == 0 ||  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v12 + 0x1bc)) + 0xfc)))) + 0x10))() - 1 <= 0) {
						L23:
						if(E0042A040( *((intOrPtr*)(_v12 + 0x1bc))) + 1 == 0) {
							_t155 =  *((intOrPtr*)(_v12 + 0x1bc));
							_t168 =  *0x49ac78; // 0x0
							E0042A05C( *((intOrPtr*)(_v12 + 0x1bc)), E0040BF08( *((intOrPtr*)( *((intOrPtr*)(_v12 + 0x1bc)) + 0xfc)), _t168));
						}
						_t209 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v12 + 0x1bc)) + 0xfc)))) + 0x10))() - 1;
						if(_t209 <= 0) {
							_v5 = 1;
						} else {
							E00422E50(_v12, _t155, _t185, _t186);
							_v5 = _t209 == 0;
							if(_v5 != 0 && E0042A040( *((intOrPtr*)(_v12 + 0x1bc))) >= 0) {
								E0047E850( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v12 + 0x1bc)) + 0xfc)))) + 0x14))(),  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v12 + 0x1bc)) + 0xfc)))));
							}
						}
						_pop(_t166);
						 *[fs:eax] = _t166;
						_push(E00477283);
						return E00402B58(_v12);
					} else {
						_t113 =  *0x49d1e8; // 0x21b8c78
						E0047C648(_t113, _t158,  &_v68);
						E0047922C(_v68, _t155, 0, "Inno Setup: Language", _t185, _t186,  &_v20);
						if(_v20 == 0) {
							goto L23;
						}
						_t117 =  *0x49d360; // 0x0
						_t119 =  *((intOrPtr*)(_t117 + 8)) - 1;
						if(_t119 < 0) {
							goto L23;
						}
						_v24 = _t119 + 1;
						_t155 = 0;
						while(1) {
							_t121 =  *0x49d360; // 0x0
							if(E00406AC4(_v20,  *((intOrPtr*)(E0040B24C(_t121, _t155)))) == 0) {
								break;
							}
							_t155 = _t155 + 1;
							_t50 =  &_v24;
							 *_t50 = _v24 - 1;
							if( *_t50 != 0) {
								continue;
							}
							goto L23;
						}
						_t186 =  *((intOrPtr*)(_v12 + 0x1bc));
						E0042A05C( *((intOrPtr*)(_v12 + 0x1bc)), E0040BF08( *((intOrPtr*)( *((intOrPtr*)(_v12 + 0x1bc)) + 0xfc)), _t155));
						goto L23;
					}
				}
				_v24 = _t78 + 1;
				_t157 = 0;
				do {
					_t131 =  *0x49d360; // 0x0
					_t186 = E0040B24C(_t131, _t157);
					_t195 = _t157 -  *0x49ac78; // 0x0
					if(_t195 == 0 ||  *((intOrPtr*)(_t186 + 0x2c)) == 0 || GetACP() ==  *((intOrPtr*)(_t186 + 0x2c)) || ( *0x49d31a & 0x00000080) != 0) {
						_t158 = 0x4772d4;
						E004035C0( &_v16, 0x4772d4,  *((intOrPtr*)(_t186 + 4)));
						if( *0x49a0dc != 2) {
							E00403BA4();
							_t158 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v12 + 0x1bc)) + 0xfc))));
							_t140 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v12 + 0x1bc)) + 0xfc)))) + 0x2c))();
						} else {
							_t140 = SendMessageW(E004181E0( *((intOrPtr*)(_v12 + 0x1bc))), 0x143, 0, _v16);
						}
						if(_t140 >= 0) {
							_t158 = _t157;
							_t186 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v12 + 0x1bc)) + 0xfc))));
							 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v12 + 0x1bc)) + 0xfc)))) + 0x20))();
						}
					}
					_t157 = _t157 + 1;
					_t32 =  &_v24;
					 *_t32 = _v24 - 1;
				} while ( *_t32 != 0);
				goto L15;
			}


























                                                    0x00476fe4
                                                    0x00476fe4
                                                    0x00476fe4
                                                    0x00476fe5
                                                    0x00476fe7
                                                    0x00476fea
                                                    0x00476feb
                                                    0x00476fec
                                                    0x00476fef
                                                    0x00476ff2
                                                    0x00476ff5
                                                    0x00476ffa
                                                    0x00476ffb
                                                    0x00477000
                                                    0x00477003
                                                    0x00477006
                                                    0x00477018
                                                    0x0047701d
                                                    0x0047701e
                                                    0x00477023
                                                    0x00477026
                                                    0x00477030
                                                    0x00477049
                                                    0x00477069
                                                    0x00477069
                                                    0x0047706e
                                                    0x00477076
                                                    0x00477079
                                                    0x00477135
                                                    0x0047713c
                                                    0x004771d3
                                                    0x004771e2
                                                    0x004771e7
                                                    0x004771f3
                                                    0x00477202
                                                    0x00477202
                                                    0x0047721b
                                                    0x0047721c
                                                    0x00477262
                                                    0x0047721e
                                                    0x00477221
                                                    0x00477227
                                                    0x0047722f
                                                    0x0047725b
                                                    0x0047725b
                                                    0x0047722f
                                                    0x00477268
                                                    0x0047726b
                                                    0x0047726e
                                                    0x0047727b
                                                    0x00477159
                                                    0x00477160
                                                    0x00477165
                                                    0x00477174
                                                    0x0047717d
                                                    0x00000000
                                                    0x00000000
                                                    0x0047717f
                                                    0x00477187
                                                    0x0047718a
                                                    0x00000000
                                                    0x00000000
                                                    0x0047718d
                                                    0x00477190
                                                    0x00477192
                                                    0x00477194
                                                    0x004771aa
                                                    0x00000000
                                                    0x00000000
                                                    0x004771cd
                                                    0x004771ce
                                                    0x004771ce
                                                    0x004771d1
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x004771d1
                                                    0x004771af
                                                    0x004771c6
                                                    0x00000000
                                                    0x004771c6
                                                    0x0047713c
                                                    0x00477080
                                                    0x00477083
                                                    0x00477085
                                                    0x00477087
                                                    0x00477091
                                                    0x00477093
                                                    0x00477099
                                                    0x004770b7
                                                    0x004770bf
                                                    0x004770cb
                                                    0x004770f4
                                                    0x0047710b
                                                    0x0047710d
                                                    0x004770cd
                                                    0x004770e7
                                                    0x004770e7
                                                    0x00477112
                                                    0x00477123
                                                    0x00477126
                                                    0x00477128
                                                    0x00477128
                                                    0x00477112
                                                    0x0047712b
                                                    0x0047712c
                                                    0x0047712c
                                                    0x0047712c
                                                    0x00000000

                                                    APIs
                                                    • GetClassInfoW.USER32 ref: 0047703D
                                                    • SetWindowLongW.USER32 ref: 00477064
                                                    • GetACP.KERNEL32(00000000,0047727C,?,00000000,004772A6), ref: 004770A1
                                                    • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 004770E7
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: ClassInfoLongMessageSendWindow
                                                    • String ID: COMBOBOX$Inno Setup: Language
                                                    • API String ID: 3391662889-4234151509
                                                    • Opcode ID: 792a324ed7b622f9147234cb48189f9456c6b168bf74eb73557f96826f908a3d
                                                    • Instruction ID: bd130a87903a889a3fd89afc2b0fe1c2965db49caec4f6fa4ce11e662dd4e942
                                                    • Opcode Fuzzy Hash: 792a324ed7b622f9147234cb48189f9456c6b168bf74eb73557f96826f908a3d
                                                    • Instruction Fuzzy Hash: 38811D34A042059FCB10DF69C885A9AB7F1FB09304F9580BBF818EB362D778AD41CB59
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00408720, Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 167COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 61%
                                                    			E00408720(void* __ebx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				intOrPtr _t148;
				intOrPtr _t156;

				_t153 = __esi;
				_t152 = __edi;
				_push(0);
				_push(0);
				_push(0);
				_push(__esi);
				_push(__edi);
				_push(_t156);
				_push(0x408968);
				_push( *[fs:eax]);
				 *[fs:eax] = _t156;
				_t104 = GetSystemDefaultLCID();
				E00408568(_t31, 0, 0x14,  &_v16);
				E00403450(0x49c498, _t104, _v16, __edi, __esi);
				E00408568(_t104, 0x408980, 0x1b,  &_v16);
				 *0x49c49c = E00406DD4(0x408980, 0);
				E00408568(_t104, 0x408980, 0x1c,  &_v16);
				 *0x49c49d = E00406DD4(0x408980, 0);
				 *0x49c49e = E004085B4(_t104, 0x2c, 0xf);
				 *0x49c49f = E004085B4(_t104, 0x2e, 0xe);
				E00408568(_t104, 0x408980, 0x19,  &_v16);
				 *0x49c4a0 = E00406DD4(0x408980, 0);
				 *0x49c4a1 = E004085B4(_t104, 0x2f, 0x1d);
				E00408568(_t104, "m/d/yy", 0x1f,  &_v16);
				E00403450(0x49c4a4, _t104, _v16, _t152, _t153);
				E00408568(_t104, "mmmm d, yyyy", 0x20,  &_v16);
				E00403450(0x49c4a8, _t104, _v16, _t152, _t153);
				 *0x49c4ac = E004085B4(_t104, 0x3a, 0x1e);
				E00408568(_t104, 0x4089b4, 0x28,  &_v16);
				E00403450(0x49c4b0, _t104, _v16, _t152, _t153);
				E00408568(_t104, 0x4089c0, 0x29,  &_v16);
				E00403450(0x49c4b4, _t104, _v16, _t152, _t153);
				E00408568(_t104, 0x408980, 0x25,  &_v16);
				if(E00406DD4(0x408980, 0) != 0) {
					E00403494( &_v8, 0x4089d8);
				} else {
					E00403494( &_v8, 0x4089cc);
				}
				E00408568(_t104, 0x408980, 0x23,  &_v16);
				if(E00406DD4(0x408980, 0) != 0) {
					E00403400( &_v12);
				} else {
					E00403494( &_v12, 0x4089e4);
				}
				_push(_v8);
				_push(":mm");
				_push(_v12);
				E00403634();
				_push(_v8);
				_push(":mm:ss");
				_push(_v12);
				E00403634();
				_pop(_t148);
				 *[fs:eax] = _t148;
				_push(E0040896F);
				return E00403420( &_v16, 3);
			}








                                                    0x00408720
                                                    0x00408720
                                                    0x00408723
                                                    0x00408725
                                                    0x00408727
                                                    0x0040872a
                                                    0x0040872b
                                                    0x0040872e
                                                    0x0040872f
                                                    0x00408734
                                                    0x00408737
                                                    0x0040873f
                                                    0x0040874e
                                                    0x0040875b
                                                    0x00408770
                                                    0x0040877f
                                                    0x00408794
                                                    0x004087a3
                                                    0x004087b6
                                                    0x004087c9
                                                    0x004087de
                                                    0x004087ed
                                                    0x00408800
                                                    0x00408815
                                                    0x00408822
                                                    0x00408837
                                                    0x00408844
                                                    0x00408857
                                                    0x0040886c
                                                    0x00408879
                                                    0x0040888e
                                                    0x0040889b
                                                    0x004088b0
                                                    0x004088c1
                                                    0x004088da
                                                    0x004088c3
                                                    0x004088cb
                                                    0x004088cb
                                                    0x004088ef
                                                    0x00408900
                                                    0x00408914
                                                    0x00408902
                                                    0x0040890a
                                                    0x0040890a
                                                    0x00408919
                                                    0x0040891c
                                                    0x00408921
                                                    0x0040892e
                                                    0x00408933
                                                    0x00408936
                                                    0x0040893b
                                                    0x00408948
                                                    0x0040894f
                                                    0x00408952
                                                    0x00408955
                                                    0x00408967

                                                    APIs
                                                    • GetSystemDefaultLCID.KERNEL32(00000000,00408968,?,?,?,?,00000000,00000000,00000000,?,0040996F,00000000,00409982), ref: 0040873A
                                                      • Part of subcall function 00408568: GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0049C4C0,00000001,?,00408633,?,00000000,00408712), ref: 00408586
                                                      • Part of subcall function 004085B4: GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,004087B6,?,?,?,00000000,00408968), ref: 004085C7
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: InfoLocale$DefaultSystem
                                                    • String ID: AMPM$:mm$:mm:ss$m/d/yy$mmmm d, yyyy
                                                    • API String ID: 1044490935-665933166
                                                    • Opcode ID: 192c3065348d067df08b1004c58281bebe04a3c301eaaaa353b7bc13eb4c98c7
                                                    • Instruction ID: f98ab489913726d0c786ac72485cda7c249a24ea469f35a64f172a62ee223423
                                                    • Opcode Fuzzy Hash: 192c3065348d067df08b1004c58281bebe04a3c301eaaaa353b7bc13eb4c98c7
                                                    • Instruction Fuzzy Hash: 6E516F64B00108ABDB01FBA58D916AEB7A9DB94308F50D07FB041BB3C2CE3DDA05875D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004116F4, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 158windowCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 80%
                                                    			E004116F4(void* __eax, void* __ebx, struct HMENU__* __edx, void* __edi, intOrPtr __esi) {
				char _v8;
				struct tagMENUITEMINFOA _v52;
				char _v56;
				intOrPtr _t91;
				CHAR* _t97;
				short _t128;
				void* _t132;
				intOrPtr _t139;
				struct HMENU__* _t159;
				int _t163;
				void* _t167;
				void* _t171;

				_t160 = __esi;
				_push(__esi);
				_push(__edi);
				_v56 = 0;
				_v8 = 0;
				_t159 = __edx;
				_t132 = __eax;
				_push(_t167);
				_push(0x4118f9);
				_push( *[fs:eax]);
				 *[fs:eax] = _t167 + 0xffffffcc;
				if( *((char*)(__eax + 0x2c)) == 0) {
					L15:
					_pop(_t139);
					 *[fs:eax] = _t139;
					_push(E00411900);
					E00403400( &_v56);
					return E00403400( &_v8);
				}
				E00403494( &_v8,  *((intOrPtr*)(__eax + 0x20)));
				if(E00411C9C(_t132) <= 0) {
					__eflags =  *((short*)(_t132 + 0x40));
					if( *((short*)(_t132 + 0x40)) == 0) {
						L8:
						_t171 = (GetVersion() & 0x000000ff) - 4;
						if(_t171 < 0) {
							_t163 =  *(0x49a294 + ((E00403684( *((intOrPtr*)(_t132 + 0x20)), E0041191C) & 0xffffff00 | __eflags == 0x00000000) & 0x0000007f) * 4) |  *0x0049A288 |  *0x0049A278 |  *0x0049A280 | 0x00000400;
							_t91 = E00411C9C(_t132);
							__eflags = _t91;
							if(_t91 <= 0) {
								InsertMenuA(_t159, 0xffffffff, _t163,  *(_t132 + 0x30) & 0x0000ffff, E00403738(_v8));
							} else {
								_t97 = E00403738( *((intOrPtr*)(_t132 + 0x20)));
								InsertMenuA(_t159, 0xffffffff, _t163 | 0x00000010, E00411AAC(_t132, _t159, _t163), _t97);
							}
						} else {
							_v52.cbSize = 0x2c;
							_v52.fMask = 0x3f;
							_v52.fType =  *(0x49a2c8 + ((E00403684( *((intOrPtr*)(_t132 + 0x20)), E0041191C) & 0xffffff00 | _t171 == 0x00000000) & 0x0000007f) * 4) |  *0x0049A2C0 |  *0x0049A29C;
							_v52.fState =  *0x0049A2A8 |  *0x0049A2B8 |  *0x0049A2B0;
							_v52.wID =  *(_t132 + 0x30) & 0x0000ffff;
							_v52.hSubMenu = 0;
							_v52.hbmpChecked = 0;
							_v52.hbmpUnchecked = 0;
							_v52.dwTypeData = E00403738(_v8);
							if(E00411C9C(_t132) > 0) {
								_v52.hSubMenu = E00411AAC(_t132, _t159, _t160);
							}
							InsertMenuItemA(_t159, 0xffffffff, 1,  &_v52);
						}
						goto L15;
					}
					_t160 =  *((intOrPtr*)(_t132 + 0x44));
					__eflags = _t160;
					if(_t160 == 0) {
						L7:
						_push(_v8);
						_push(0x411910);
						E004110D8( *((intOrPtr*)(_t132 + 0x40)), _t132, 0,  &_v56, _t159, _t160);
						_push(_v56);
						E00403634();
						goto L8;
					}
					__eflags =  *((intOrPtr*)(_t160 + 0x44));
					if( *((intOrPtr*)(_t160 + 0x44)) != 0) {
						goto L7;
					}
					_t128 = E00402BA0( *((intOrPtr*)(_t160 + 4)), 0x410dc8);
					__eflags = _t128;
					if(_t128 != 0) {
						goto L8;
					}
					goto L7;
				}
				_v52.hSubMenu = E00411AAC(_t132, _t159, __esi);
				goto L8;
			}















                                                    0x004116f4
                                                    0x004116fb
                                                    0x004116fc
                                                    0x004116ff
                                                    0x00411702
                                                    0x00411705
                                                    0x00411707
                                                    0x0041170b
                                                    0x0041170c
                                                    0x00411711
                                                    0x00411714
                                                    0x0041171b
                                                    0x004118db
                                                    0x004118dd
                                                    0x004118e0
                                                    0x004118e3
                                                    0x004118eb
                                                    0x004118f8
                                                    0x004118f8
                                                    0x00411727
                                                    0x00411735
                                                    0x00411743
                                                    0x00411748
                                                    0x0041178c
                                                    0x00411795
                                                    0x00411799
                                                    0x00411894
                                                    0x0041189c
                                                    0x004118a1
                                                    0x004118a3
                                                    0x004118d6
                                                    0x004118a5
                                                    0x004118a8
                                                    0x004118bd
                                                    0x004118bd
                                                    0x0041179f
                                                    0x0041179f
                                                    0x004117a6
                                                    0x004117e1
                                                    0x00411808
                                                    0x0041180f
                                                    0x00411814
                                                    0x00411819
                                                    0x0041181e
                                                    0x00411829
                                                    0x00411835
                                                    0x0041183e
                                                    0x0041183e
                                                    0x0041184a
                                                    0x0041184a
                                                    0x00000000
                                                    0x00411799
                                                    0x0041174a
                                                    0x0041174d
                                                    0x0041174f
                                                    0x00411768
                                                    0x00411768
                                                    0x0041176b
                                                    0x00411777
                                                    0x0041177c
                                                    0x00411787
                                                    0x00000000
                                                    0x00411787
                                                    0x00411751
                                                    0x00411755
                                                    0x00000000
                                                    0x00000000
                                                    0x0041175f
                                                    0x00411764
                                                    0x00411766
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00411766
                                                    0x0041173e
                                                    0x00000000

                                                    APIs
                                                    • GetVersion.KERNEL32(00000000,004118F9), ref: 0041178C
                                                    • InsertMenuItemA.USER32(?,000000FF,00000001,0000002C), ref: 0041184A
                                                      • Part of subcall function 00411AAC: CreatePopupMenu.USER32(?,004118B5,00000000,00000000,004118F9), ref: 00411AC6
                                                    • InsertMenuA.USER32(?,000000FF,?,?,00000000), ref: 004118D6
                                                      • Part of subcall function 00411AAC: CreateMenu.USER32(?,004118B5,00000000,00000000,004118F9), ref: 00411AD0
                                                    • InsertMenuA.USER32(?,000000FF,?,00000000,00000000), ref: 004118BD
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Menu$Insert$Create$ItemPopupVersion
                                                    • String ID: ,$?
                                                    • API String ID: 2359071979-2308483597
                                                    • Opcode ID: c0aa214a3dbd1df998103f0fa781b997bbdc0f30310c5116cc1a990c77879af7
                                                    • Instruction ID: 70c43b14af81a53109b5f0ae1afe130dedb0e354e111122ad404179c6957f781
                                                    • Opcode Fuzzy Hash: c0aa214a3dbd1df998103f0fa781b997bbdc0f30310c5116cc1a990c77879af7
                                                    • Instruction Fuzzy Hash: 00512674A00244ABDB10EF6ADC816EA7BF9AF09304B11817BF904E73A6D73CD941CB58
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0041BE63, Relevance: 10.7, APIs: 7, Instructions: 153windowCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 89%
                                                    			E0041BE63(signed int __ebx, void* __edi) {
				struct HINSTANCE__* _t118;
				signed int _t125;
				signed int _t127;
				long _t132;
				void* _t134;
				void* _t140;
				intOrPtr _t150;
				signed int _t154;
				void* _t158;
				BYTE* _t159;
				BYTE* _t162;
				signed int _t164;
				void* _t166;
				intOrPtr _t167;

				_t158 = __edi;
				_t127 = __ebx | 0xffffffff;
				 *(_t166 - 0x20) = 0;
				_t134 =  *((intOrPtr*)(_t166 - 0xc)) - 1;
				if(_t134 < 0) {
					L10:
					if(_t127 == 0xffffffff) {
						_t127 = 0;
					}
					 *((intOrPtr*)(_t166 - 0x44)) =  *((intOrPtr*)(_t166 - 0x10)) + (_t127 + _t127) * 8;
					 *((intOrPtr*)(_t166 - 0x30)) = E004069DC( *((intOrPtr*)( *((intOrPtr*)(_t166 - 0x44)) + 8)),  *((intOrPtr*)(_t166 - 0x10)), _t158, 0);
					 *[fs:eax] = _t167;
					 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t166 - 4)))) + 8))( *[fs:eax], 0x41c018, _t166);
					 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t166 - 4))))))();
					E0041BBB8( *((intOrPtr*)(_t166 - 0x30)),  *((intOrPtr*)(_t166 - 0x30)), _t166 - 0x3c, _t166 - 0x38,  *((intOrPtr*)( *((intOrPtr*)(_t166 - 4)))), 0);
					GetObjectA( *(_t166 - 0x3c), 0x18, _t166 - 0x74);
					GetObjectA( *(_t166 - 0x38), 0x18, _t166 - 0x5c);
					_t132 =  *(_t166 - 0x68) *  *(_t166 - 0x6c) * ( *(_t166 - 0x64) & 0x0000ffff);
					 *(_t166 - 0x40) =  *(_t166 - 0x50) *  *(_t166 - 0x54) * ( *(_t166 - 0x4c) & 0x0000ffff);
					 *((intOrPtr*)(_t166 - 0x18)) =  *(_t166 - 0x40) + _t132;
					 *(_t166 - 0x34) = E004069DC( *((intOrPtr*)(_t166 - 0x18)),  *(_t166 - 0x50) *  *(_t166 - 0x54) * ( *(_t166 - 0x4c) & 0x0000ffff) >> 0x20, _t158, 0);
					_push(_t166);
					_push(0x41bff5);
					_push( *[fs:eax]);
					 *[fs:eax] = _t167;
					_t159 =  *(_t166 - 0x34);
					_t162 =  &(( *(_t166 - 0x34))[_t132]);
					GetBitmapBits( *(_t166 - 0x3c), _t132, _t159);
					GetBitmapBits( *(_t166 - 0x38),  *(_t166 - 0x40), _t162);
					DeleteObject( *(_t166 - 0x38));
					DeleteObject( *(_t166 - 0x3c));
					_t118 =  *0x49c014; // 0x400000
					 *((intOrPtr*)( *((intOrPtr*)(_t166 - 8)))) = CreateIcon(_t118,  *(_t166 - 0x28),  *(_t166 - 0x24),  *(_t166 - 0x4c),  *(_t166 - 0x4a), _t159, _t162);
					if( *((intOrPtr*)( *((intOrPtr*)(_t166 - 8)))) == 0) {
						E0041B394();
					}
					_pop(_t150);
					 *[fs:eax] = _t150;
					_push(E0041BFFC);
					return E00402660( *(_t166 - 0x34));
				} else {
					_t140 = _t134 + 1;
					_t125 = 0;
					while(1) {
						_t154 =  *( *((intOrPtr*)(_t166 - 0x10)) + 2 + (_t125 + _t125) * 8) & 0x0000ffff;
						_t164 =  *(_t166 - 0x1a) & 0x0000ffff;
						if(_t154 == _t164) {
							break;
						}
						__eflags = _t127 - 0xffffffff;
						if(_t127 != 0xffffffff) {
							__eflags = _t154 -  *(_t166 - 0x20);
							if(_t154 >  *(_t166 - 0x20)) {
								_t127 = _t125;
							}
						} else {
							__eflags = _t164 - _t154;
							if(_t164 >= _t154) {
								_t127 = _t125;
								 *(_t166 - 0x20) =  *( *((intOrPtr*)(_t166 - 0x10)) + 2 + (_t125 + _t125) * 8) & 0x0000ffff;
							}
						}
						_t125 = _t125 + 1;
						_t140 = _t140 - 1;
						__eflags = _t140;
						if(__eflags != 0) {
							continue;
						} else {
							goto L10;
						}
					}
					_t127 = _t125;
					goto L10;
				}
			}

















                                                    0x0041be63
                                                    0x0041be63
                                                    0x0041be68
                                                    0x0041be6e
                                                    0x0041be71
                                                    0x0041beb5
                                                    0x0041beb8
                                                    0x0041beba
                                                    0x0041beba
                                                    0x0041bec6
                                                    0x0041bed4
                                                    0x0041bee2
                                                    0x0041befc
                                                    0x0041bf0f
                                                    0x0041bf19
                                                    0x0041bf28
                                                    0x0041bf37
                                                    0x0041bf47
                                                    0x0041bf56
                                                    0x0041bf5e
                                                    0x0041bf69
                                                    0x0041bf6e
                                                    0x0041bf6f
                                                    0x0041bf74
                                                    0x0041bf77
                                                    0x0041bf7a
                                                    0x0041bf80
                                                    0x0041bf88
                                                    0x0041bf96
                                                    0x0041bf9f
                                                    0x0041bfa8
                                                    0x0041bfbf
                                                    0x0041bfcd
                                                    0x0041bfd5
                                                    0x0041bfd7
                                                    0x0041bfd7
                                                    0x0041bfde
                                                    0x0041bfe1
                                                    0x0041bfe4
                                                    0x0041bff4
                                                    0x0041be73
                                                    0x0041be73
                                                    0x0041be74
                                                    0x0041be76
                                                    0x0041be7d
                                                    0x0041be82
                                                    0x0041be88
                                                    0x00000000
                                                    0x00000000
                                                    0x0041be8e
                                                    0x0041be91
                                                    0x0041beaa
                                                    0x0041bead
                                                    0x0041beaf
                                                    0x0041beaf
                                                    0x0041be93
                                                    0x0041be93
                                                    0x0041be95
                                                    0x0041be97
                                                    0x0041bea5
                                                    0x0041bea5
                                                    0x0041be95
                                                    0x0041beb1
                                                    0x0041beb2
                                                    0x0041beb2
                                                    0x0041beb3
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x0041beb3
                                                    0x0041be8a
                                                    0x00000000
                                                    0x0041be8a

                                                    APIs
                                                    • GetObjectA.GDI32(?,00000018,?), ref: 0041BF28
                                                    • GetObjectA.GDI32(?,00000018,?), ref: 0041BF37
                                                    • GetBitmapBits.GDI32(?,?,?), ref: 0041BF88
                                                    • GetBitmapBits.GDI32(?,?,?), ref: 0041BF96
                                                    • DeleteObject.GDI32(?), ref: 0041BF9F
                                                    • DeleteObject.GDI32(?), ref: 0041BFA8
                                                    • CreateIcon.USER32(00400000,?,?,?,?,?,?), ref: 0041BFC5
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Object$BitmapBitsDelete$CreateIcon
                                                    • String ID:
                                                    • API String ID: 1030595962-0
                                                    • Opcode ID: 46aac32cfbebcf8150d575d8a1e8ed9b9c385cdc1cb9fa531b0b219a9faf1949
                                                    • Instruction ID: 3143f4dd2d978d1f76384b00d7b793367abe982dfce487da2deedea9b663f500
                                                    • Opcode Fuzzy Hash: 46aac32cfbebcf8150d575d8a1e8ed9b9c385cdc1cb9fa531b0b219a9faf1949
                                                    • Instruction Fuzzy Hash: 6951F571A00219AFCB10DFA9C9819EEB7F9EF48314B11416AF914E7395D738AD81CB68
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0041CED8, Relevance: 10.7, APIs: 7, Instructions: 152windowCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 85%
                                                    			E0041CED8(void* __eax, void* __ebx, int* __ecx, intOrPtr __edx, void* __edi, void* __esi) {
				intOrPtr _v8;
				struct HPALETTE__* _v12;
				char _v13;
				char _v14;
				char _t59;
				struct HPALETTE__* _t65;
				void* _t76;
				void* _t83;
				void* _t110;
				intOrPtr _t126;
				intOrPtr _t128;
				intOrPtr _t129;
				intOrPtr _t131;
				int* _t133;
				void* _t135;
				void* _t136;
				intOrPtr _t137;

				_t111 = __ecx;
				_t135 = _t136;
				_t137 = _t136 + 0xfffffff4;
				_t133 = __ecx;
				_v8 = __edx;
				_t110 = __eax;
				if(E0041D13C(__eax) == 0) {
					SetStretchBltMode(E0041B094(_v8), 3);
				}
				if( *((intOrPtr*)(_t110 + 0x14)) == 0 ||  *((intOrPtr*)( *((intOrPtr*)(_t110 + 0x10)) + 0xc)) == 0) {
					if((GetDeviceCaps(E0041B094(_v8), 0x26) & 0x00000020) == 0 ||  *((char*)( *((intOrPtr*)(_t110 + 0x10)) + 0x25)) != 1 ||  *((intOrPtr*)( *((intOrPtr*)(_t110 + 0x10)) + 8)) == 0 || E0040CA4C( *((intOrPtr*)( *((intOrPtr*)(_t110 + 0x10)) + 8))) == 0) {
						goto L9;
					} else {
						_t59 = 0;
					}
				} else {
					L9:
					_t59 = 1;
				}
				_v13 = _t59;
				_t131 =  *((intOrPtr*)(_t110 + 0x10));
				_t126 =  *0x41d074; // 0xf
				E0041B168(_v8, _t111, _t126, _t131);
				E0041D258(_t110);
				_v12 = 0;
				_v14 = 0;
				_t65 =  *(_t131 + 0x10);
				if(_t65 != 0) {
					_v12 = SelectPalette( *(_v8 + 4), _t65, 1);
					RealizePalette( *(_v8 + 4));
					_v14 = 1;
				}
				_push(_t135);
				_push(0x41d065);
				_push( *[fs:ecx]);
				 *[fs:ecx] = _t137;
				if(_v13 == 0) {
					StretchDIBits( *(_v8 + 4),  *_t133, _t133[1], _t133[2] -  *_t133, _t133[3] - _t133[1], 0, 0,  *(_t131 + 0x14),  *(_t131 + 0x18),  *(_t131 + 0x20),  *(_t131 + 0x1c), 0,  *(_v8 + 0x20));
				} else {
					_t76 = E0041D0D0(_t110, 0, _t126);
					_t129 =  *0x41d074; // 0xf
					E0041B168(_t76, 0, _t129, _t131);
					_t83 = E0041D0D0(_t110, 0, _t129);
					StretchBlt(E0041B094(_v8),  *_t133, _t133[1], _t133[2] -  *_t133, _t133[3] - _t133[1],  *(_t83 + 4), 0, 0,  *(_t131 + 0x14),  *(_t131 + 0x18),  *(_v8 + 0x20));
				}
				_pop(_t128);
				 *[fs:eax] = _t128;
				_push(0x41d06c);
				if(_v14 != 0) {
					return SelectPalette( *(_v8 + 4), _v12, 1);
				}
				return 0;
			}




















                                                    0x0041ced8
                                                    0x0041ced9
                                                    0x0041cedb
                                                    0x0041cee1
                                                    0x0041cee3
                                                    0x0041cee6
                                                    0x0041cef1
                                                    0x0041cefe
                                                    0x0041cefe
                                                    0x0041cf07
                                                    0x0041cf25
                                                    0x00000000
                                                    0x0041cf48
                                                    0x0041cf48
                                                    0x0041cf48
                                                    0x0041cf4c
                                                    0x0041cf4c
                                                    0x0041cf4c
                                                    0x0041cf4c
                                                    0x0041cf4e
                                                    0x0041cf51
                                                    0x0041cf54
                                                    0x0041cf5d
                                                    0x0041cf64
                                                    0x0041cf6b
                                                    0x0041cf6e
                                                    0x0041cf72
                                                    0x0041cf77
                                                    0x0041cf88
                                                    0x0041cf92
                                                    0x0041cf97
                                                    0x0041cf97
                                                    0x0041cf9d
                                                    0x0041cf9e
                                                    0x0041cfa3
                                                    0x0041cfa6
                                                    0x0041cfad
                                                    0x0041d03a
                                                    0x0041cfaf
                                                    0x0041cfb1
                                                    0x0041cfb6
                                                    0x0041cfbc
                                                    0x0041cfd6
                                                    0x0041cffc
                                                    0x0041cffc
                                                    0x0041d041
                                                    0x0041d044
                                                    0x0041d047
                                                    0x0041d050
                                                    0x00000000
                                                    0x0041d05f
                                                    0x0041d064

                                                    APIs
                                                    • SetStretchBltMode.GDI32(00000000,00000003), ref: 0041CEFE
                                                    • GetDeviceCaps.GDI32(00000000,00000026), ref: 0041CF1D
                                                    • SelectPalette.GDI32(?,?,00000001), ref: 0041CF83
                                                    • RealizePalette.GDI32(?), ref: 0041CF92
                                                    • StretchBlt.GDI32(00000000,?,?,?,?,?,00000000,00000000,00000000,?,?), ref: 0041CFFC
                                                    • StretchDIBits.GDI32(?,?,?,?,?,00000000,00000000,00000000,?,?,?,00000000,?), ref: 0041D03A
                                                    • SelectPalette.GDI32(?,?,00000001), ref: 0041D05F
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: PaletteStretch$Select$BitsCapsDeviceModeRealize
                                                    • String ID:
                                                    • API String ID: 2222416421-0
                                                    • Opcode ID: 5be0e4e6833feb243a8d388dd1011de92277052336d3d318ec39d49e9b6efc72
                                                    • Instruction ID: 4b814cf558339e083a7fb5ccd56fb4ffad9fd0a27a4bfdacf16c2dd2476febac
                                                    • Opcode Fuzzy Hash: 5be0e4e6833feb243a8d388dd1011de92277052336d3d318ec39d49e9b6efc72
                                                    • Instruction Fuzzy Hash: D2515EB0604200AFDB14DFA8C985F9BBBE9EF08304F10459AB549DB292C778ED81CB58
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004572DC, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 103windowCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 71%
                                                    			E004572DC(int __eax, void* __ebx, long __ecx, char __edx, void* __edi, void* __esi, char* _a4) {
				char _v5;
				char _v6;
				char _v12;
				intOrPtr _v16;
				struct tagMSG _v44;
				char _v48;
				struct HWND__* _t31;
				intOrPtr _t33;
				intOrPtr _t42;
				void* _t46;
				char _t47;
				intOrPtr _t51;
				char* _t61;
				intOrPtr _t68;
				intOrPtr _t73;
				void* _t80;
				void* _t81;
				intOrPtr _t82;

				_t80 = _t81;
				_t82 = _t81 + 0xffffffd4;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v48 = 0;
				_v12 = 0;
				_t78 = __ecx;
				_v5 = __edx;
				_t76 = __eax;
				_t61 = _a4;
				_push(_t80);
				_push(0x457446);
				_push( *[fs:eax]);
				 *[fs:eax] = _t82;
				_v6 = 0;
				 *_t61 = 0;
				if( *0x49d00c == 0) {
					L10:
					_pop(_t68);
					 *[fs:eax] = _t68;
					_push(0x45744d);
					E00403400( &_v48);
					return E00403400( &_v12);
				} else {
					 *0x49d020 = 0;
					_t31 =  *0x49d018; // 0x0
					if(SendMessageA(_t31, __eax, 0, __ecx) == 0) {
						goto L10;
					} else {
						_v6 = 1;
						_t33 =  *0x49c628; // 0x21a2410
						E0042427C(_t33,  &_v12);
						_v16 = E0041EEA4(0, _t61, _t76, _t78);
						_push(_t80);
						_push(0x4573f4);
						_push( *[fs:eax]);
						 *[fs:eax] = _t82;
						E00403494( &_v48, "[Paused] ");
						E0040357C( &_v48, _v12);
						_t42 =  *0x49c628; // 0x21a2410
						E004242C4(_t42, _v48, _t76);
						while( *0x49d020 == 0) {
							_t46 = GetMessageA( &_v44, 0, 0, 0) - 0xffffffff;
							if(_t46 != 0) {
								if(_t46 == 1) {
									PostQuitMessage(_v44.wParam);
								} else {
									TranslateMessage( &_v44);
									DispatchMessageA( &_v44);
									continue;
								}
							}
							break;
						}
						_t47 =  *0x49d021; // 0x0
						 *_t61 = _t47;
						_pop(_t73);
						 *[fs:eax] = _t73;
						_push(0x4573fb);
						E0041EF58(_v16);
						_t51 =  *0x49c628; // 0x21a2410
						return E004242C4(_t51, _v12, _t76);
					}
				}
			}





















                                                    0x004572dd
                                                    0x004572df
                                                    0x004572e2
                                                    0x004572e3
                                                    0x004572e4
                                                    0x004572e7
                                                    0x004572ea
                                                    0x004572ed
                                                    0x004572ef
                                                    0x004572f2
                                                    0x004572f4
                                                    0x004572f9
                                                    0x004572fa
                                                    0x004572ff
                                                    0x00457302
                                                    0x00457305
                                                    0x00457309
                                                    0x00457313
                                                    0x00457428
                                                    0x0045742a
                                                    0x0045742d
                                                    0x00457430
                                                    0x00457438
                                                    0x00457445
                                                    0x00457319
                                                    0x00457319
                                                    0x00457328
                                                    0x00457335
                                                    0x00000000
                                                    0x0045733b
                                                    0x0045733b
                                                    0x00457342
                                                    0x00457347
                                                    0x00457353
                                                    0x00457358
                                                    0x00457359
                                                    0x0045735e
                                                    0x00457361
                                                    0x0045736c
                                                    0x00457377
                                                    0x0045737f
                                                    0x00457384
                                                    0x004573c1
                                                    0x0045739a
                                                    0x0045739d
                                                    0x004573a0
                                                    0x004573a8
                                                    0x004573a2
                                                    0x004573b3
                                                    0x004573bc
                                                    0x00000000
                                                    0x004573bc
                                                    0x004573a0
                                                    0x00000000
                                                    0x0045739d
                                                    0x004573ca
                                                    0x004573cf
                                                    0x004573d3
                                                    0x004573d6
                                                    0x004573d9
                                                    0x004573e1
                                                    0x004573e9
                                                    0x004573f3
                                                    0x004573f3
                                                    0x00457335

                                                    APIs
                                                    • SendMessageA.USER32 ref: 0045732E
                                                      • Part of subcall function 0042427C: GetWindowTextA.USER32 ref: 0042429C
                                                      • Part of subcall function 0041EEA4: GetCurrentThreadId.KERNEL32 ref: 0041EEF3
                                                      • Part of subcall function 0041EEA4: EnumThreadWindows.USER32(00000000,0041EE54,00000000), ref: 0041EEF9
                                                      • Part of subcall function 004242C4: SetWindowTextA.USER32(?,00000000), ref: 004242DC
                                                    • GetMessageA.USER32 ref: 00457395
                                                    • TranslateMessage.USER32(?), ref: 004573B3
                                                    • DispatchMessageA.USER32 ref: 004573BC
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Message$TextThreadWindow$CurrentDispatchEnumSendTranslateWindows
                                                    • String ID: [Paused]
                                                    • API String ID: 1007367021-4230553315
                                                    • Opcode ID: 4f717d0dcb2a9a6933558fddbf91818351ce273fae0830e93a939d1d8bf0c57d
                                                    • Instruction ID: edfd94200f1223d9ec42e95931478697cc02f6c552246070e836a46f73d16df6
                                                    • Opcode Fuzzy Hash: 4f717d0dcb2a9a6933558fddbf91818351ce273fae0830e93a939d1d8bf0c57d
                                                    • Instruction Fuzzy Hash: ED317531908244AADB11DB79EC81B9E7FB8EB4D314F5540B7ED00E7292D63C9909DB29
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0046B478, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 99sleepCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 80%
                                                    			E0046B478(void* __ebx, void* __ecx, void* __edi, struct HICON__* __esi, void* __eflags, void* __fp0, intOrPtr _a4) {
				char _v8;
				char _v12;
				char _v16;
				intOrPtr _t40;
				intOrPtr _t41;
				intOrPtr _t44;
				struct HICON__* _t56;
				intOrPtr _t68;
				void* _t73;
				intOrPtr _t81;
				void* _t91;
				void* _t101;

				_t101 = __fp0;
				_t88 = __esi;
				_t87 = __edi;
				_push(__esi);
				_push(__edi);
				_v8 = 0;
				_push(_t91);
				_push(0x46b5b7);
				_push( *[fs:eax]);
				 *[fs:eax] = _t91 + 0xfffffff4;
				_t73 = 0;
				E00414AE8( *((intOrPtr*)( *((intOrPtr*)(_a4 - 4)) + 0x21c)),  &_v8, __eflags);
				if(( *0x49d317 & 0x00000004) != 0) {
					_t73 = E00479390(_v8);
				}
				if(_t73 == 0) {
					_t96 =  *0x49d488;
					if( *0x49d488 != 0) {
						_v16 = _v8;
						_v12 = 0xb;
						_t68 =  *0x49d488; // 0x0
						_t73 = E004952E0(_t68,  &_v16, "CheckPassword", _t96, _t101, _t73, 0, 0);
					}
				}
				if(_t73 == 0) {
					_t40 =  *((intOrPtr*)(_a4 - 4));
					__eflags =  *((char*)(_t40 + 0x37));
					if( *((char*)(_t40 + 0x37)) != 0) {
						_t56 = GetCursor();
						_t88 = _t56;
						SetCursor(LoadCursorA(0, 0x7f02));
						Sleep(0x2ee);
						SetCursor(_t56);
					}
					_t41 =  *0x49cdc0; // 0x0
					E0047F3AC(_t41, _t73, 2, 0, _t87, _t88, 1, 1, 0);
					_t44 =  *((intOrPtr*)(_a4 - 4));
					__eflags =  *((char*)(_t44 + 0x37));
					if( *((char*)(_t44 + 0x37)) != 0) {
						__eflags = 0;
						E00414B18( *((intOrPtr*)( *((intOrPtr*)(_a4 - 4)) + 0x21c)), _t73, 0, _t87, _t88);
						 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_a4 - 4)) + 0x21c)))) + 0x78))();
					}
				} else {
					 *0x49d442 = 0;
					if(( *0x49d31a & 0x00000020) != 0) {
						E00403450(E0046D480() + 0x138, _t73, _v8, _t87, _t88);
					}
					E00414B18( *((intOrPtr*)( *((intOrPtr*)(_a4 - 4)) + 0x21c)), _t73, 0, _t87, _t88);
				}
				_pop(_t81);
				 *[fs:eax] = _t81;
				_push(0x46b5be);
				return E00403400( &_v8);
			}















                                                    0x0046b478
                                                    0x0046b478
                                                    0x0046b478
                                                    0x0046b47f
                                                    0x0046b480
                                                    0x0046b483
                                                    0x0046b488
                                                    0x0046b489
                                                    0x0046b48e
                                                    0x0046b491
                                                    0x0046b494
                                                    0x0046b4a5
                                                    0x0046b4b1
                                                    0x0046b4bb
                                                    0x0046b4bb
                                                    0x0046b4bf
                                                    0x0046b4c1
                                                    0x0046b4c8
                                                    0x0046b4d2
                                                    0x0046b4d5
                                                    0x0046b4e1
                                                    0x0046b4eb
                                                    0x0046b4eb
                                                    0x0046b4c8
                                                    0x0046b4ef
                                                    0x0046b52b
                                                    0x0046b52e
                                                    0x0046b532
                                                    0x0046b534
                                                    0x0046b539
                                                    0x0046b548
                                                    0x0046b552
                                                    0x0046b558
                                                    0x0046b558
                                                    0x0046b567
                                                    0x0046b56c
                                                    0x0046b574
                                                    0x0046b577
                                                    0x0046b57b
                                                    0x0046b589
                                                    0x0046b58b
                                                    0x0046b59e
                                                    0x0046b59e
                                                    0x0046b4f1
                                                    0x0046b4f1
                                                    0x0046b4ff
                                                    0x0046b50e
                                                    0x0046b50e
                                                    0x0046b521
                                                    0x0046b521
                                                    0x0046b5a3
                                                    0x0046b5a6
                                                    0x0046b5a9
                                                    0x0046b5b6

                                                    APIs
                                                    • GetCursor.USER32(00000000,0046B5B7), ref: 0046B534
                                                    • LoadCursorA.USER32 ref: 0046B542
                                                    • SetCursor.USER32(00000000,00000000,00007F02,00000000,0046B5B7), ref: 0046B548
                                                    • Sleep.KERNEL32(000002EE,00000000,00000000,00007F02,00000000,0046B5B7), ref: 0046B552
                                                    • SetCursor.USER32(00000000,000002EE,00000000,00000000,00007F02,00000000,0046B5B7), ref: 0046B558
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Cursor$LoadSleep
                                                    • String ID: CheckPassword
                                                    • API String ID: 4023313301-1302249611
                                                    • Opcode ID: c4d8e515076ad645f5cb6e3fb0cfae486c70cda8f9a824db342b6d03de0ff3ba
                                                    • Instruction ID: 52475523c8855b0971816624e6821ed1736627c30ccdf395b7cccd8d108c94b7
                                                    • Opcode Fuzzy Hash: c4d8e515076ad645f5cb6e3fb0cfae486c70cda8f9a824db342b6d03de0ff3ba
                                                    • Instruction Fuzzy Hash: DC316334640204AFD711EB69C889FDA7BE0EF45308F5580B6B804DB392D778AE80CB99
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00478000, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 92windowCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 91%
                                                    			E00478000(void* __eax, intOrPtr __ecx, intOrPtr* __edx, void* __edi, void* __eflags, signed int _a4) {
				intOrPtr _v8;
				signed int _v10;
				intOrPtr _v16;
				intOrPtr _v20;
				void* _v24;
				char _v28;
				signed int _v32;
				void* __ebx;
				void* __esi;
				void* __ebp;
				struct HWND__* _t28;
				long _t36;
				void* _t41;
				signed short _t45;
				signed short _t47;
				signed int _t50;
				signed int _t58;
				long _t59;
				void* _t73;
				intOrPtr* _t74;
				signed short _t76;

				_t73 = __edi;
				_t62 = __ecx;
				_v8 = __ecx;
				_t74 = __edx;
				_v24 = __eax;
				_v20 = E0040CA4C( *__edx);
				_v16 =  *((intOrPtr*)( *_t74 + 4));
				E00477F28(_t62);
				_t28 =  *0x49d0e4; // 0x0
				_t58 = SendMessageA(_t28, 0x4a, 0,  &_v24);
				E0042E384(_t74);
				if(_t58 == 0x6c840001) {
					E00408C00();
				}
				if((_t58 & 0xffff0000) != 0x6c830000) {
					_v32 = _t58;
					_v28 = 0;
					E004533A0("CallSpawnServer: Unexpected response: $%x", _t58, 0,  &_v32, _t73, _t74, 0);
				}
				_v10 = _t58;
				_t59 = GetTickCount();
				while(1) {
					_v8();
					_t36 = GetTickCount();
					if(_t36 - _t59 < 0xa) {
						goto L9;
					}
					_t59 = _t36;
					_t76 = E00477F84(_v10);
					_t41 = _t76 - 2;
					if(_t41 == 0) {
						goto L9;
					}
					if(_t41 - 0xffffffffffffffff >= 0) {
						_v32 = _t76 & 0x0000ffff;
						_v28 = 0;
						E004533A0("CallSpawnServer: Unexpected status: %d", _t59, 0,  &_v32, _t73, _t76, 0);
						goto L9;
					}
					_t45 = E00477F84(_v10);
					_t47 = E00477F84(_v10);
					_t50 = _a4;
					 *_t50 = _t45 & 0x0000ffff | (_t47 & 0x0000ffff) << 0x00000010;
					__eflags = _t76 - 3;
					_t20 = _t76 == 3;
					__eflags = _t20;
					return _t50 & 0xffffff00 | _t20;
					L9:
					MsgWaitForMultipleObjects(0, 0, 0, 0xa, 0xff);
				}
			}
























                                                    0x00478000
                                                    0x00478000
                                                    0x00478008
                                                    0x0047800b
                                                    0x0047800d
                                                    0x00478017
                                                    0x0047801f
                                                    0x00478022
                                                    0x0047802f
                                                    0x0047803a
                                                    0x0047803e
                                                    0x00478049
                                                    0x0047804b
                                                    0x0047804b
                                                    0x0047805c
                                                    0x0047805e
                                                    0x00478061
                                                    0x0047806f
                                                    0x0047806f
                                                    0x00478074
                                                    0x0047807f
                                                    0x00478081
                                                    0x00478081
                                                    0x00478084
                                                    0x00478090
                                                    0x00000000
                                                    0x00000000
                                                    0x00478092
                                                    0x004780a2
                                                    0x004780a6
                                                    0x004780aa
                                                    0x00000000
                                                    0x00000000
                                                    0x004780b1
                                                    0x004780b6
                                                    0x004780b9
                                                    0x004780c7
                                                    0x00000000
                                                    0x004780c7
                                                    0x004780e9
                                                    0x004780fa
                                                    0x00478107
                                                    0x0047810a
                                                    0x0047810c
                                                    0x00478110
                                                    0x00478110
                                                    0x00478118
                                                    0x004780cc
                                                    0x004780d9
                                                    0x004780d9

                                                    APIs
                                                      • Part of subcall function 00477F28: GetWindowThreadProcessId.USER32(00000000), ref: 00477F30
                                                      • Part of subcall function 00477F28: GetModuleHandleA.KERNEL32(user32.dll,AllowSetForegroundWindow,00000000,?,?,00478027,0049D0A8,00000000), ref: 00477F43
                                                      • Part of subcall function 00477F28: GetProcAddress.KERNEL32(00000000,user32.dll), ref: 00477F49
                                                    • SendMessageA.USER32 ref: 00478035
                                                    • GetTickCount.KERNEL32 ref: 0047807A
                                                    • GetTickCount.KERNEL32 ref: 00478084
                                                    • MsgWaitForMultipleObjects.USER32 ref: 004780D9
                                                    Strings
                                                    • CallSpawnServer: Unexpected status: %d, xrefs: 004780C2
                                                    • CallSpawnServer: Unexpected response: $%x, xrefs: 0047806A
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CountTick$AddressHandleMessageModuleMultipleObjectsProcProcessSendThreadWaitWindow
                                                    • String ID: CallSpawnServer: Unexpected response: $%x$CallSpawnServer: Unexpected status: %d
                                                    • API String ID: 613034392-3771334282
                                                    • Opcode ID: a55b2db953deb602a8fa04756f445de5da7beb58af9e2ce928b6f40c3801015d
                                                    • Instruction ID: 0164f356c35a16adb57d8a62159ffb0f412001f8ab662b64042fc9ea57691742
                                                    • Opcode Fuzzy Hash: a55b2db953deb602a8fa04756f445de5da7beb58af9e2ce928b6f40c3801015d
                                                    • Instruction Fuzzy Hash: 1831C234F402559ADF10EBB9C9467EEB6A0AF04314F50807AF548EB382DA7C8D05879D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00459784, Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 86libraryloaderCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 69%
                                                    			E00459784(void* __ebx, signed int __ecx, char __edx, void* __edi, void* __esi) {
				char _v5;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				void* _t24;
				signed int _t60;
				char _t66;
				intOrPtr _t73;
				void* _t77;
				struct HINSTANCE__* _t79;
				intOrPtr* _t80;
				void* _t82;
				void* _t83;
				intOrPtr _t84;

				_t78 = __esi;
				_t66 = __edx;
				_t60 = __ecx;
				_t82 = _t83;
				_t84 = _t83 + 0xffffffe8;
				_push(__ebx);
				_push(__esi);
				_v16 = 0;
				_v20 = 0;
				_v12 = 0;
				if(__edx != 0) {
					_t84 = _t84 + 0xfffffff0;
					_t24 = E00402D30(_t24, _t82);
				}
				_t59 = _t60;
				_v5 = _t66;
				_t77 = _t24;
				_push(_t82);
				_push(0x459887);
				_push( *[fs:eax]);
				 *[fs:eax] = _t84;
				E00402B30(0);
				E00459458(_t60, _t60,  &_v20, 3, _t77, _t78);
				E0042C3FC(_v20,  &_v16);
				E004035C0( &_v12, "Fusion.dll", _v16);
				E0040352C( &_v16, E00403738(_v12));
				_t79 = E0042E394(_v16, _t59, 0x8000);
				 *(_t77 + 4) = _t79;
				if(_t79 == 0) {
					_v28 = _v12;
					_v24 = 0xb;
					E004078F4("Failed to load .NET Framework DLL \"%s\"", 0,  &_v28,  &_v16);
					E00453344(_v16, _t59, _t77, _t79, 0);
				}
				_t20 = _t77 + 4; // 0x626d6573
				_t80 = GetProcAddress( *_t20, "CreateAssemblyCache");
				_t88 = _t80;
				if(_t80 == 0) {
					E00453344("Failed to get address of .NET Framework CreateAssemblyCache function", _t59, _t77, _t80, _t88);
				}
				_t21 = _t77 + 8; // 0x459358
				 *_t80(_t21, 0);
				_t89 =  *((intOrPtr*)(_t77 + 8));
				if( *((intOrPtr*)(_t77 + 8)) == 0) {
					E00453344(".NET Framework CreateAssemblyCache function failed", _t59, _t77, _t80, _t89);
				}
				_pop(_t73);
				 *[fs:eax] = _t73;
				_push(E0045988E);
				return E00403420( &_v20, 3);
			}



















                                                    0x00459784
                                                    0x00459784
                                                    0x00459784
                                                    0x00459785
                                                    0x00459787
                                                    0x0045978a
                                                    0x0045978b
                                                    0x0045978f
                                                    0x00459792
                                                    0x00459795
                                                    0x0045979a
                                                    0x0045979c
                                                    0x0045979f
                                                    0x0045979f
                                                    0x004597a4
                                                    0x004597a6
                                                    0x004597a9
                                                    0x004597ad
                                                    0x004597ae
                                                    0x004597b3
                                                    0x004597b6
                                                    0x004597bd
                                                    0x004597c9
                                                    0x004597d4
                                                    0x004597e4
                                                    0x004597f6
                                                    0x00459808
                                                    0x0045980a
                                                    0x0045980f
                                                    0x00459818
                                                    0x0045981b
                                                    0x00459829
                                                    0x00459831
                                                    0x00459831
                                                    0x0045983b
                                                    0x00459844
                                                    0x00459846
                                                    0x00459848
                                                    0x0045984f
                                                    0x0045984f
                                                    0x00459856
                                                    0x0045985a
                                                    0x0045985c
                                                    0x00459860
                                                    0x00459867
                                                    0x00459867
                                                    0x0045986e
                                                    0x00459871
                                                    0x00459874
                                                    0x00459886

                                                    APIs
                                                    • GetProcAddress.KERNEL32(626D6573,CreateAssemblyCache), ref: 0045983F
                                                    Strings
                                                    • Fusion.dll, xrefs: 004597DF
                                                    • Failed to get address of .NET Framework CreateAssemblyCache function, xrefs: 0045984A
                                                    • Failed to load .NET Framework DLL "%s", xrefs: 00459824
                                                    • CreateAssemblyCache, xrefs: 00459836
                                                    • .NET Framework CreateAssemblyCache function failed, xrefs: 00459862
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: AddressProc
                                                    • String ID: .NET Framework CreateAssemblyCache function failed$CreateAssemblyCache$Failed to get address of .NET Framework CreateAssemblyCache function$Failed to load .NET Framework DLL "%s"$Fusion.dll
                                                    • API String ID: 190572456-3990135632
                                                    • Opcode ID: 79fe707f02e33d1c2961f48ff62acb64304cdcd84adde0050bb8772b9a6698dc
                                                    • Instruction ID: 9a538673283cb431493768ab67eac729fe35d93f11f945e2dcd414e2b3f175b6
                                                    • Opcode Fuzzy Hash: 79fe707f02e33d1c2961f48ff62acb64304cdcd84adde0050bb8772b9a6698dc
                                                    • Instruction Fuzzy Hash: A2318B70E10649ABCB10FFA5C88169EB7B8EF45315F50857BE814E7382DB389E08C799
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0041C148, Relevance: 10.6, APIs: 7, Instructions: 70windowCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 70%
                                                    			E0041C148(struct HBITMAP__* __eax, void* __ebx, struct tagBITMAPINFO* __ecx, struct HPALETTE__* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, void* _a8) {
				char _v5;
				struct HPALETTE__* _v12;
				struct HWND__* _v16;
				struct HDC__* _v20;
				struct tagBITMAPINFO* _t42;
				intOrPtr _t49;
				struct HPALETTE__* _t51;
				struct HBITMAP__* _t53;
				void* _t56;

				_t42 = __ecx;
				_t51 = __edx;
				_t53 = __eax;
				E0041C048(__eax, _a4, __ecx);
				_v12 = 0;
				_v16 = GetFocus();
				_v20 = GetDC(_v16);
				_push(_t56);
				_push(0x41c1f3);
				_push( *[fs:eax]);
				 *[fs:eax] = _t56 + 0xfffffff0;
				if(_t51 != 0) {
					_v12 = SelectPalette(_v20, _t51, 0);
					RealizePalette(_v20);
				}
				_v5 = GetDIBits(_v20, _t53, 0, _t42->bmiHeader.biHeight, _a8, _t42, 0) != 0;
				_pop(_t49);
				 *[fs:eax] = _t49;
				_push(0x41c1fa);
				if(_v12 != 0) {
					SelectPalette(_v20, _v12, 0);
				}
				return ReleaseDC(_v16, _v20);
			}












                                                    0x0041c151
                                                    0x0041c153
                                                    0x0041c155
                                                    0x0041c15e
                                                    0x0041c165
                                                    0x0041c16d
                                                    0x0041c179
                                                    0x0041c17e
                                                    0x0041c17f
                                                    0x0041c184
                                                    0x0041c187
                                                    0x0041c18c
                                                    0x0041c19a
                                                    0x0041c1a1
                                                    0x0041c1a1
                                                    0x0041c1bf
                                                    0x0041c1c5
                                                    0x0041c1c8
                                                    0x0041c1cb
                                                    0x0041c1d4
                                                    0x0041c1e0
                                                    0x0041c1e0
                                                    0x0041c1f2

                                                    APIs
                                                      • Part of subcall function 0041C048: GetObjectA.GDI32(?,00000018), ref: 0041C055
                                                    • GetFocus.USER32 ref: 0041C168
                                                    • GetDC.USER32(?), ref: 0041C174
                                                    • SelectPalette.GDI32(?,?,00000000), ref: 0041C195
                                                    • RealizePalette.GDI32(?), ref: 0041C1A1
                                                    • GetDIBits.GDI32(?,?,00000000,?,?,?,00000000), ref: 0041C1B8
                                                    • SelectPalette.GDI32(?,00000000,00000000), ref: 0041C1E0
                                                    • ReleaseDC.USER32 ref: 0041C1ED
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Palette$Select$BitsFocusObjectRealizeRelease
                                                    • String ID:
                                                    • API String ID: 3303097818-0
                                                    • Opcode ID: 26117fda3ddcda01a6cc84f42a4f6ec069d0e010bd6cdd98afb854c6c7779a8d
                                                    • Instruction ID: 25a0b6576c779426e59073023ceed4ef49f3845c1b310514cd4f08ef327de147
                                                    • Opcode Fuzzy Hash: 26117fda3ddcda01a6cc84f42a4f6ec069d0e010bd6cdd98afb854c6c7779a8d
                                                    • Instruction Fuzzy Hash: 49116D71A44604BFDF10DBE9CC81FAFB7FCEB48700F50486AB518E7281DA7899008B28
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00418C54, Relevance: 10.6, APIs: 7, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 35%
                                                    			E00418C54(void* __eax) {
				int _v8;
				intOrPtr _v12;
				char _v16;
				int _t15;
				intOrPtr _t17;
				intOrPtr _t21;
				int _t31;
				void* _t33;
				intOrPtr _t41;
				void* _t43;
				void* _t45;
				intOrPtr _t46;

				_t43 = _t45;
				_t46 = _t45 + 0xfffffff4;
				_t33 = __eax;
				if( *((short*)(__eax + 0x46)) == 0xffff) {
					return __eax;
				} else {
					_push(1);
					_push(1);
					_push(1);
					_push(GetSystemMetrics(0xe));
					_t15 = GetSystemMetrics(0xd);
					_push(_t15);
					L004107D8();
					_v8 = _t15;
					_push(_t43);
					_push(0x418d08);
					_push( *[fs:eax]);
					 *[fs:eax] = _t46;
					_t17 =  *0x49c62c; // 0x21a0660
					E004107F8(_v8, E0042336C(_t17,  *((short*)(_t33 + 0x46))));
					_t21 =  *0x49c62c; // 0x21a0660
					E004107F8(_v8, E0042336C(_t21,  *((short*)(_t33 + 0x46))));
					_push(0);
					_push(0);
					_push(0);
					_push(_v8);
					L0041082C();
					_push( &_v16);
					_push(0);
					L0041083C();
					_push(_v12);
					_push(_v16);
					_push(1);
					_push(_v8);
					L0041082C();
					_pop(_t41);
					 *[fs:eax] = _t41;
					_push(0x418d0f);
					_t31 = _v8;
					_push(_t31);
					L004107E0();
					return _t31;
				}
			}















                                                    0x00418c55
                                                    0x00418c57
                                                    0x00418c5b
                                                    0x00418c62
                                                    0x00418d13
                                                    0x00418c68
                                                    0x00418c68
                                                    0x00418c6a
                                                    0x00418c6c
                                                    0x00418c75
                                                    0x00418c78
                                                    0x00418c7d
                                                    0x00418c7e
                                                    0x00418c83
                                                    0x00418c88
                                                    0x00418c89
                                                    0x00418c8e
                                                    0x00418c91
                                                    0x00418c98
                                                    0x00418ca7
                                                    0x00418cb0
                                                    0x00418cbf
                                                    0x00418cc4
                                                    0x00418cc6
                                                    0x00418cc8
                                                    0x00418ccd
                                                    0x00418cce
                                                    0x00418cd6
                                                    0x00418cd7
                                                    0x00418cd9
                                                    0x00418ce1
                                                    0x00418ce5
                                                    0x00418ce6
                                                    0x00418ceb
                                                    0x00418cec
                                                    0x00418cf3
                                                    0x00418cf6
                                                    0x00418cf9
                                                    0x00418cfe
                                                    0x00418d01
                                                    0x00418d02
                                                    0x00418d07
                                                    0x00418d07

                                                    APIs
                                                    • GetSystemMetrics.USER32 ref: 00418C70
                                                    • GetSystemMetrics.USER32 ref: 00418C78
                                                    • 70357CB0.COMCTL32(00000000,0000000D,00000000,0000000E,00000001,00000001,00000001,00000000), ref: 00418C7E
                                                      • Part of subcall function 004107F8: 70350620.COMCTL32(0049C628,000000FF,00000000,00418CAC,00000000,00418D08,?,00000000,0000000D,00000000,0000000E,00000001,00000001,00000001,00000000), ref: 004107FC
                                                    • 703ABC60.COMCTL32(0049C628,00000000,00000000,00000000,00000000,00418D08,?,00000000,0000000D,00000000,0000000E,00000001,00000001,00000001,00000000), ref: 00418CCE
                                                    • 703AB6C0.COMCTL32(00000000,?,0049C628,00000000,00000000,00000000,00000000,00418D08,?,00000000,0000000D,00000000,0000000E,00000001,00000001,00000001), ref: 00418CD9
                                                    • 703ABC60.COMCTL32(0049C628,00000001,?,?,00000000,?,0049C628,00000000,00000000,00000000,00000000,00418D08,?,00000000,0000000D,00000000), ref: 00418CEC
                                                    • 70357D50.COMCTL32(0049C628,00418D0F,?,00000000,?,0049C628,00000000,00000000,00000000,00000000,00418D08,?,00000000,0000000D,00000000,0000000E), ref: 00418D02
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: 70357MetricsSystem$70350620
                                                    • String ID:
                                                    • API String ID: 2853950161-0
                                                    • Opcode ID: b0bc427a64d40e2cdb4ba1a9dac6b0f96cc2bfc42510db51987cf4ced86dbdff
                                                    • Instruction ID: e7ebbfb341522daaf16a193f07e8787bb45d642da6b7ae2fd3fde5be7fc5e4a9
                                                    • Opcode Fuzzy Hash: b0bc427a64d40e2cdb4ba1a9dac6b0f96cc2bfc42510db51987cf4ced86dbdff
                                                    • Instruction Fuzzy Hash: 3F112475744204BBDB50EBA9DC82F9D73F8DB08704F504066B514EB2C1DAB9AD808758
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00484048, Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 61registryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 68%
                                                    			E00484048(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _v8;
				char _v12;
				intOrPtr _t34;
				void* _t43;

				_v12 = 0;
				_push(_t43);
				_push(0x484100);
				_push( *[fs:eax]);
				 *[fs:eax] = _t43 + 0xfffffff8;
				if(E0042DE1C(0, "System\\CurrentControlSet\\Control\\ProductOptions", 0x80000002,  &_v8, 1, 0) != 0) {
					L9:
					_pop(_t34);
					 *[fs:eax] = _t34;
					_push(E00484107);
					return E00403400( &_v12);
				}
				if(E0042DD4C() != 0) {
					if(E00406AC4(_v12, 0x484154) != 0) {
						if(E00406AC4(_v12, "LanmanNT") != 0) {
							if(E00406AC4(_v12, "ServerNT") == 0) {
								 *0x49d456 = 3;
							}
						} else {
							 *0x49d456 = 2;
						}
					} else {
						 *0x49d456 = 1;
					}
				}
				RegCloseKey(_v8);
				goto L9;
			}







                                                    0x00484053
                                                    0x00484058
                                                    0x00484059
                                                    0x0048405e
                                                    0x00484061
                                                    0x0048407f
                                                    0x004840ea
                                                    0x004840ec
                                                    0x004840ef
                                                    0x004840f2
                                                    0x004840ff
                                                    0x004840ff
                                                    0x00484093
                                                    0x004840a4
                                                    0x004840be
                                                    0x004840d8
                                                    0x004840da
                                                    0x004840da
                                                    0x004840c0
                                                    0x004840c0
                                                    0x004840c0
                                                    0x004840a6
                                                    0x004840a6
                                                    0x004840a6
                                                    0x004840a4
                                                    0x004840e5
                                                    0x00000000

                                                    APIs
                                                      • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,00483FBF,?,00000001,?,?,00483FBF,?,00000001,00000000), ref: 0042DE38
                                                    • RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,00484100), ref: 004840E5
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CloseOpen
                                                    • String ID: LanmanNT$ProductType$ServerNT$System\CurrentControlSet\Control\ProductOptions$WinNT
                                                    • API String ID: 47109696-2530820420
                                                    • Opcode ID: b39bfe74539bbe5a20bf0c2c434715a31f43c7a60d08a07575989125a6c3a451
                                                    • Instruction ID: 4d4b33c6353c265131fe463574db4bb43001997333066e3575d57f2dcf89af6c
                                                    • Opcode Fuzzy Hash: b39bfe74539bbe5a20bf0c2c434715a31f43c7a60d08a07575989125a6c3a451
                                                    • Instruction Fuzzy Hash: C1119330A042459ADB00F765DC5975F7BA8DBE6704F218877A900EB682E739DE91C72C
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0041B462, Relevance: 10.6, APIs: 7, Instructions: 57windowCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E0041B462() {
				void* _t40;
				void* _t43;
				void* _t44;

				if( *(_t44 - 0x10) != 0) {
					_t40 = SelectObject( *(_t44 - 0x18),  *(_t44 - 4));
					_t43 = SelectObject( *(_t44 - 0x1c),  *(_t44 - 0x10));
					StretchBlt( *(_t44 - 0x1c), 0, 0,  *(_t44 - 0xc),  *(_t44 - 8),  *(_t44 - 0x18), 0, 0,  *(_t44 - 0x30),  *(_t44 - 0x2c), 0xcc0020);
					if(_t40 != 0) {
						SelectObject( *(_t44 - 0x18), _t40);
					}
					if(_t43 != 0) {
						SelectObject( *(_t44 - 0x1c), _t43);
					}
				}
				DeleteDC( *(_t44 - 0x18));
				DeleteDC( *(_t44 - 0x1c));
				return  *(_t44 - 0x10);
			}






                                                    0x0041b466
                                                    0x0041b475
                                                    0x0041b484
                                                    0x0041b4ab
                                                    0x0041b4b2
                                                    0x0041b4b9
                                                    0x0041b4b9
                                                    0x0041b4c0
                                                    0x0041b4c7
                                                    0x0041b4c7
                                                    0x0041b4c0
                                                    0x0041b4d0
                                                    0x0041b4d9
                                                    0x0041b4e7

                                                    APIs
                                                    • SelectObject.GDI32(00000000,?), ref: 0041B470
                                                    • SelectObject.GDI32(?,00000000), ref: 0041B47F
                                                    • StretchBlt.GDI32(?,00000000,00000000,0000000B,?,00000000,00000000,00000000,?,?,00CC0020), ref: 0041B4AB
                                                    • SelectObject.GDI32(00000000,00000000), ref: 0041B4B9
                                                    • SelectObject.GDI32(?,00000000), ref: 0041B4C7
                                                    • DeleteDC.GDI32(00000000), ref: 0041B4D0
                                                    • DeleteDC.GDI32(?), ref: 0041B4D9
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: ObjectSelect$Delete$Stretch
                                                    • String ID:
                                                    • API String ID: 1458357782-0
                                                    • Opcode ID: 8542cbb8adbe0fd8af4a730cfe3faeef428ae57c020086fb9cb954466ea4b08d
                                                    • Instruction ID: 052e9154069abc57648b404522aaf552eddfcc6d95cd3388d63b7ef9ce004286
                                                    • Opcode Fuzzy Hash: 8542cbb8adbe0fd8af4a730cfe3faeef428ae57c020086fb9cb954466ea4b08d
                                                    • Instruction Fuzzy Hash: 7B115C72E40619ABDB10DAD9DC86FEFB7BCEF08704F144555B614F7282C678AC418BA8
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00495A48, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 57COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 51%
                                                    			E00495A48(void* __eax, void* __ebx, long* __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				struct HDC__* _v8;
				struct tagSIZE _v16;
				struct tagTEXTMETRICA _v72;
				signed int _t26;
				signed int _t27;
				void* _t36;
				intOrPtr _t43;
				long* _t45;
				signed int* _t47;
				void* _t50;

				_t37 = __ecx;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t45 = __ecx;
				_t47 = __edx;
				_t36 = __eax;
				_v8 = GetDC(0);
				_push(_t50);
				_push(0x495ad4);
				_push( *[fs:eax]);
				 *[fs:eax] = _t50 + 0xffffffbc;
				SelectObject(_v8, E0041A1E8(_t36, _t36, _t37, _t45, _t47));
				GetTextExtentPointA(_v8, "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz", 0x34,  &_v16);
				asm("cdq");
				_t26 = _v16.cx / 0x1a + 1;
				_t27 = _t26 >> 1;
				if(_t26 < 0) {
					asm("adc eax, 0x0");
				}
				 *_t47 = _t27;
				GetTextMetricsA(_v8,  &_v72);
				 *_t45 = _v72.tmHeight;
				_pop(_t43);
				 *[fs:eax] = _t43;
				_push(E00495ADB);
				return ReleaseDC(0, _v8);
			}













                                                    0x00495a48
                                                    0x00495a4e
                                                    0x00495a4f
                                                    0x00495a50
                                                    0x00495a51
                                                    0x00495a53
                                                    0x00495a55
                                                    0x00495a5e
                                                    0x00495a63
                                                    0x00495a64
                                                    0x00495a69
                                                    0x00495a6c
                                                    0x00495a7b
                                                    0x00495a8f
                                                    0x00495a9c
                                                    0x00495a9f
                                                    0x00495aa0
                                                    0x00495aa2
                                                    0x00495aa4
                                                    0x00495aa4
                                                    0x00495aa7
                                                    0x00495ab1
                                                    0x00495ab9
                                                    0x00495abd
                                                    0x00495ac0
                                                    0x00495ac3
                                                    0x00495ad3

                                                    APIs
                                                    • GetDC.USER32(00000000), ref: 00495A59
                                                      • Part of subcall function 0041A1E8: CreateFontIndirectA.GDI32(?), ref: 0041A2A7
                                                    • SelectObject.GDI32(00000000,00000000), ref: 00495A7B
                                                    • GetTextExtentPointA.GDI32(00000000,ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz,00000034,00495FF9), ref: 00495A8F
                                                    • GetTextMetricsA.GDI32(00000000,?), ref: 00495AB1
                                                    • ReleaseDC.USER32 ref: 00495ACE
                                                    Strings
                                                    • ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz, xrefs: 00495A86
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Text$CreateExtentFontIndirectMetricsObjectPointReleaseSelect
                                                    • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
                                                    • API String ID: 2948443157-222967699
                                                    • Opcode ID: 316de07bddff98118a0c71dd7b0b835aab520f1145cc0c49afa7d6e5291fcc8b
                                                    • Instruction ID: c3cee262f510061f99dda7aa9a20ba0f6124b10bede894f20eac2018434fd412
                                                    • Opcode Fuzzy Hash: 316de07bddff98118a0c71dd7b0b835aab520f1145cc0c49afa7d6e5291fcc8b
                                                    • Instruction Fuzzy Hash: 93014875604708BFDB05DBA5CC81E5FB7ECDB48704F614576F604E7291D6789E008B58
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00423394, Relevance: 10.6, APIs: 7, Instructions: 56threadwindowCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 93%
                                                    			E00423394(long __eax, short __edx) {
				struct tagPOINT _v24;
				long _t7;
				long _t12;
				long _t19;
				struct HWND__* _t26;
				short _t27;
				void* _t29;
				struct tagPOINT* _t30;

				_t7 = __eax;
				_t30 = _t29 + 0xfffffff8;
				_t27 = __edx;
				_t19 = __eax;
				if(__edx !=  *((intOrPtr*)(__eax + 0x28))) {
					 *((short*)(__eax + 0x28)) = __edx;
					if(__edx != 0) {
						L5:
						_t7 = SetCursor(E0042336C(_t19, _t27));
					} else {
						GetCursorPos(_t30);
						_push(_v24.y);
						_t26 = WindowFromPoint(_v24);
						if(_t26 == 0) {
							goto L5;
						} else {
							_t12 = GetWindowThreadProcessId(_t26, 0);
							if(_t12 != GetCurrentThreadId()) {
								goto L5;
							} else {
								_t7 = SendMessageA(_t26, 0x20, _t26, E00406244(SendMessageA(_t26, 0x84, _v24, _v24.y), 0x200));
							}
						}
					}
				}
				return _t7;
			}











                                                    0x00423394
                                                    0x00423398
                                                    0x0042339b
                                                    0x0042339d
                                                    0x004233a3
                                                    0x004233a5
                                                    0x004233ac
                                                    0x00423408
                                                    0x00423413
                                                    0x004233ae
                                                    0x004233af
                                                    0x004233b4
                                                    0x004233c1
                                                    0x004233c5
                                                    0x00000000
                                                    0x004233c7
                                                    0x004233ca
                                                    0x004233d8
                                                    0x00000000
                                                    0x004233da
                                                    0x00423401
                                                    0x00423401
                                                    0x004233d8
                                                    0x004233c5
                                                    0x004233ac
                                                    0x0042341e

                                                    APIs
                                                    • GetCursorPos.USER32 ref: 004233AF
                                                    • WindowFromPoint.USER32(?,?), ref: 004233BC
                                                    • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 004233CA
                                                    • GetCurrentThreadId.KERNEL32 ref: 004233D1
                                                    • SendMessageA.USER32 ref: 004233EA
                                                    • SendMessageA.USER32 ref: 00423401
                                                    • SetCursor.USER32(00000000), ref: 00423413
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CursorMessageSendThreadWindow$CurrentFromPointProcess
                                                    • String ID:
                                                    • API String ID: 1770779139-0
                                                    • Opcode ID: af20e6a58a8678feeb64eb05eb3854b74917a155ce4c6e64553ab0e2180fd3ec
                                                    • Instruction ID: 22bb490dc700fc35bbf8fe9eba0271ced42fa0644d0760cf779c582944844a3d
                                                    • Opcode Fuzzy Hash: af20e6a58a8678feeb64eb05eb3854b74917a155ce4c6e64553ab0e2180fd3ec
                                                    • Instruction Fuzzy Hash: BA01D4223046103AD6217B755D82E2F26E8DB85B15F50407FF504BB283DA3D9D11937D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0049586C, Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 47libraryloaderCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 40%
                                                    			E0049586C(void* __eax, void* __edx) {
				void _v52;
				void* _t9;
				struct HINSTANCE__* _t12;
				intOrPtr* _t13;
				void* _t18;
				intOrPtr* _t22;
				void* _t25;
				intOrPtr* _t26;

				_t18 = __edx;
				_t25 = __eax;
				_t12 = GetModuleHandleA("user32.dll");
				_t22 = GetProcAddress(_t12, "MonitorFromRect");
				_t13 = GetProcAddress(_t12, "GetMonitorInfoA");
				if(_t22 == 0 || _t13 == 0) {
					L4:
					return E00495834(1, _t18);
				} else {
					_t9 =  *_t22(_t25, 2);
					 *_t26 = 0x28;
					_push(_t26);
					_push(_t9);
					if( *_t13() == 0) {
						goto L4;
					}
					_push(_t18);
					return memcpy(_t18,  &_v52, 4 << 2);
				}
			}











                                                    0x00495873
                                                    0x00495875
                                                    0x00495881
                                                    0x0049588e
                                                    0x0049589b
                                                    0x0049589f
                                                    0x004958ca
                                                    0x00000000
                                                    0x004958a5
                                                    0x004958a8
                                                    0x004958ac
                                                    0x004958b3
                                                    0x004958b4
                                                    0x004958b9
                                                    0x00000000
                                                    0x00000000
                                                    0x004958bb
                                                    0x00000000
                                                    0x004958c7

                                                    APIs
                                                    • GetModuleHandleA.KERNEL32(user32.dll), ref: 0049587C
                                                    • GetProcAddress.KERNEL32(00000000,MonitorFromRect), ref: 00495889
                                                    • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 00495896
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: AddressProc$HandleModule
                                                    • String ID: GetMonitorInfoA$MonitorFromRect$user32.dll
                                                    • API String ID: 667068680-2254406584
                                                    • Opcode ID: bc5d85cad421cfd666303808505a6fcca2eea280aa1f9c47ee5c8e86b84fbab4
                                                    • Instruction ID: c2800f387dbf5c449328e37c173a5aabc67a289cf085d7c0fa86ddcdc9610187
                                                    • Opcode Fuzzy Hash: bc5d85cad421cfd666303808505a6fcca2eea280aa1f9c47ee5c8e86b84fbab4
                                                    • Instruction Fuzzy Hash: 6AF0CD92A41F1526DA12B1664C42B7F6ACCCB95761F240037BE04A6282E9AC8C254BED
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0045D188, Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 34libraryloaderCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 68%
                                                    			E0045D188(struct HINSTANCE__* __eax) {
				struct HINSTANCE__* _t11;
				intOrPtr _t17;

				_t11 = __eax;
				 *0x49d07c = GetProcAddress(__eax, "ISCryptGetVersion");
				 *0x49d080 = GetProcAddress(_t11, "ArcFourInit");
				 *0x49d084 = GetProcAddress(_t11, "ArcFourCrypt");
				if( *0x49d07c == 0 ||  *0x49d080 == 0) {
					L4:
					 *0x49d07c = 0;
					 *0x49d080 = 0;
					 *0x49d084 = 0;
					return 0;
				} else {
					_t17 =  *0x49d084;
					if(_t17 == 0) {
						goto L4;
					} else {
						return  *0x49d07c() - 0x00000001 & 0xffffff00 | _t17 == 0x00000000;
					}
				}
			}





                                                    0x0045d189
                                                    0x0045d196
                                                    0x0045d1a6
                                                    0x0045d1b6
                                                    0x0045d1c2
                                                    0x0045d1e2
                                                    0x0045d1e6
                                                    0x0045d1ee
                                                    0x0045d1f6
                                                    0x0045d1fd
                                                    0x0045d1cd
                                                    0x0045d1cd
                                                    0x0045d1d4
                                                    0x00000000
                                                    0x0045d1d6
                                                    0x0045d1e1
                                                    0x0045d1e1
                                                    0x0045d1d4

                                                    APIs
                                                    • GetProcAddress.KERNEL32(00000000,ISCryptGetVersion), ref: 0045D191
                                                    • GetProcAddress.KERNEL32(00000000,ArcFourInit), ref: 0045D1A1
                                                    • GetProcAddress.KERNEL32(00000000,ArcFourCrypt), ref: 0045D1B1
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: AddressProc
                                                    • String ID: ArcFourCrypt$ArcFourInit$ISCryptGetVersion
                                                    • API String ID: 190572456-508647305
                                                    • Opcode ID: 43c308cf23e86c7c68af6160549feadfa6e7ef3e1edc1213ff0607e099070cf5
                                                    • Instruction ID: 760cd2a864a9e1796cc6a8c16a9b6e4b518228a672e7f6b7c74141ea69608c8f
                                                    • Opcode Fuzzy Hash: 43c308cf23e86c7c68af6160549feadfa6e7ef3e1edc1213ff0607e099070cf5
                                                    • Instruction Fuzzy Hash: 69F030F0D01700CAD314EF76AD457263B96EB9830EF14C03BA414CA1A2D7794456DF1C
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0045D688, Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 33libraryloaderCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E0045D688(struct HINSTANCE__* __eax) {
				intOrPtr _t5;
				struct HINSTANCE__* _t6;

				_t6 = __eax;
				 *0x49d098 = GetProcAddress(__eax, "BZ2_bzDecompressInit");
				 *0x49d09c = GetProcAddress(_t6, "BZ2_bzDecompress");
				 *0x49d0a0 = GetProcAddress(_t6, "BZ2_bzDecompressEnd");
				if( *0x49d098 == 0 ||  *0x49d09c == 0 ||  *0x49d0a0 == 0) {
					_t5 = 0;
				} else {
					_t5 = 1;
				}
				if(_t5 == 0) {
					 *0x49d098 = 0;
					 *0x49d09c = 0;
					 *0x49d0a0 = 0;
					return _t5;
				}
				return _t5;
			}





                                                    0x0045d689
                                                    0x0045d696
                                                    0x0045d6a6
                                                    0x0045d6b6
                                                    0x0045d6c2
                                                    0x0045d6d6
                                                    0x0045d6da
                                                    0x0045d6da
                                                    0x0045d6da
                                                    0x0045d6de
                                                    0x0045d6e2
                                                    0x0045d6ea
                                                    0x0045d6f2
                                                    0x00000000
                                                    0x0045d6f2
                                                    0x0045d6f9

                                                    APIs
                                                    • GetProcAddress.KERNEL32(00000000,BZ2_bzDecompressInit), ref: 0045D691
                                                    • GetProcAddress.KERNEL32(00000000,BZ2_bzDecompress), ref: 0045D6A1
                                                    • GetProcAddress.KERNEL32(00000000,BZ2_bzDecompressEnd), ref: 0045D6B1
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: AddressProc
                                                    • String ID: BZ2_bzDecompress$BZ2_bzDecompressEnd$BZ2_bzDecompressInit
                                                    • API String ID: 190572456-212574377
                                                    • Opcode ID: ff3b3472e75bf541ca23cd004b5952c455680e4b3d04889bd37c414c9a7dced9
                                                    • Instruction ID: 28c0a2368456a3a58bd76b95839cc9862ceb14e5247f60e44f7901e6159fbc10
                                                    • Opcode Fuzzy Hash: ff3b3472e75bf541ca23cd004b5952c455680e4b3d04889bd37c414c9a7dced9
                                                    • Instruction Fuzzy Hash: 56F0BDB0D00705DED724EF36AC9672736D5AB6831EF14843B990D9526AD778045BCF2C
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0042EA1C, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 30libraryloaderwindowCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 75%
                                                    			E0042EA1C(void* __eax, void* __edx) {
				void* _t8;
				void* _t10;

				_t8 = __edx;
				_t10 = __eax;
				if( *0x49c668 == 0) {
					 *0x49c66c = GetProcAddress(GetModuleHandleA("user32.dll"), "ChangeWindowMessageFilterEx");
					InterlockedExchange(0x49c668, 1);
				}
				if( *0x49c66c == 0) {
					return E0042E9AC(_t8);
				} else {
					return  *0x49c66c(_t10, _t8, 1, 0);
				}
			}





                                                    0x0042ea1e
                                                    0x0042ea20
                                                    0x0042ea29
                                                    0x0042ea40
                                                    0x0042ea4c
                                                    0x0042ea4c
                                                    0x0042ea58
                                                    0x0042ea72
                                                    0x0042ea5a
                                                    0x0042ea68
                                                    0x0042ea68

                                                    APIs
                                                    • GetModuleHandleA.KERNEL32(user32.dll,ChangeWindowMessageFilterEx,00000004,0049A934,004571F1,00457594,00457148,00000000,00000B06,00000000,00000000,00000001,00000000,00000002,00000000,004816A4), ref: 0042EA35
                                                    • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0042EA3B
                                                    • InterlockedExchange.KERNEL32(0049C668,00000001), ref: 0042EA4C
                                                      • Part of subcall function 0042E9AC: GetModuleHandleA.KERNEL32(user32.dll,ChangeWindowMessageFilter,?,0042EA70,00000004,0049A934,004571F1,00457594,00457148,00000000,00000B06,00000000,00000000,00000001,00000000,00000002), ref: 0042E9C2
                                                      • Part of subcall function 0042E9AC: GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0042E9C8
                                                      • Part of subcall function 0042E9AC: InterlockedExchange.KERNEL32(0049C660,00000001), ref: 0042E9D9
                                                    • ChangeWindowMessageFilterEx.USER32(00000000,?,00000001,00000000,00000004,0049A934,004571F1,00457594,00457148,00000000,00000B06,00000000,00000000,00000001,00000000,00000002), ref: 0042EA60
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: AddressExchangeHandleInterlockedModuleProc$ChangeFilterMessageWindow
                                                    • String ID: ChangeWindowMessageFilterEx$user32.dll
                                                    • API String ID: 142928637-2676053874
                                                    • Opcode ID: 4f6d81ffa70e1dfa219394794dfa4c4920c45a597ffed152464e23b4e9c135f6
                                                    • Instruction ID: 868e598f1dfdb19ab3f6af13543706ee41780d41e05dd8d4067fd60d38f2d441
                                                    • Opcode Fuzzy Hash: 4f6d81ffa70e1dfa219394794dfa4c4920c45a597ffed152464e23b4e9c135f6
                                                    • Instruction Fuzzy Hash: E2E092A1741B20BAEA10B7B67CC6FAA2658EB14B6DF501037F100A51D1C2BD0C80CF5D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0044C7DC, Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 28libraryloaderCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 88%
                                                    			E0044C7DC() {
				signed int _t1;
				struct HINSTANCE__* _t7;

				if( *0x49c774 == 0) {
					_t7 = LoadLibraryA("oleacc.dll");
					if(_t7 != 0) {
						 *0x49c77c = GetProcAddress(_t7, "LresultFromObject");
						 *0x49c780 = GetProcAddress(_t7, "CreateStdAccessibleObject");
						if( *0x49c77c != 0 &&  *0x49c780 != 0) {
							 *0x49c778 = 1;
						}
					}
					 *0x49c774 = 1;
				}
				_t1 =  *0x49c778; // 0x0
				asm("sbb eax, eax");
				return  ~( ~_t1);
			}





                                                    0x0044c7e4
                                                    0x0044c7f0
                                                    0x0044c7f4
                                                    0x0044c801
                                                    0x0044c811
                                                    0x0044c81d
                                                    0x0044c828
                                                    0x0044c828
                                                    0x0044c81d
                                                    0x0044c832
                                                    0x0044c832
                                                    0x0044c83c
                                                    0x0044c843
                                                    0x0044c848

                                                    APIs
                                                    • LoadLibraryA.KERNEL32(oleacc.dll,?,0044F089), ref: 0044C7EB
                                                    • GetProcAddress.KERNEL32(00000000,LresultFromObject), ref: 0044C7FC
                                                    • GetProcAddress.KERNEL32(00000000,CreateStdAccessibleObject), ref: 0044C80C
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: AddressProc$LibraryLoad
                                                    • String ID: CreateStdAccessibleObject$LresultFromObject$oleacc.dll
                                                    • API String ID: 2238633743-1050967733
                                                    • Opcode ID: 4d087ee6ce3b94ab326fb7762e122d3d22abd7848642861eea9ac3f89c9c3772
                                                    • Instruction ID: f6c43001a98f23dcf5993b44d1547f2cd2c1eb373bb7d181d1ef9ee7095f500e
                                                    • Opcode Fuzzy Hash: 4d087ee6ce3b94ab326fb7762e122d3d22abd7848642861eea9ac3f89c9c3772
                                                    • Instruction Fuzzy Hash: 50F0F8B02C230A8AF750BBB5ECD57263694E37570AF18267BA001552A2CBBD4884CF5C
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00478FB4, Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 14libraryloaderCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00478FB4() {
				_Unknown_base(*)()* _t3;
				struct HINSTANCE__* _t4;

				_t4 = GetModuleHandleA("kernel32.dll");
				 *0x49d0e8 = GetProcAddress(_t4, "VerSetConditionMask");
				_t3 = GetProcAddress(_t4, "VerifyVersionInfoW");
				 *0x49d0ec = _t3;
				return _t3;
			}





                                                    0x00478fbf
                                                    0x00478fcc
                                                    0x00478fd7
                                                    0x00478fdc
                                                    0x00478fe2

                                                    APIs
                                                    • GetModuleHandleA.KERNEL32(kernel32.dll,?,00499164), ref: 00478FBA
                                                    • GetProcAddress.KERNEL32(00000000,VerSetConditionMask), ref: 00478FC7
                                                    • GetProcAddress.KERNEL32(00000000,VerifyVersionInfoW), ref: 00478FD7
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: AddressProc$HandleModule
                                                    • String ID: VerSetConditionMask$VerifyVersionInfoW$kernel32.dll
                                                    • API String ID: 667068680-222143506
                                                    • Opcode ID: 95c4b76a0c8dcd2084581fa4153e0367cda4b116a215065e47933a859f5191f6
                                                    • Instruction ID: e72cf036c242c5ab711552664871c72727fed367e5d11c95c6dfe9b968b9431a
                                                    • Opcode Fuzzy Hash: 95c4b76a0c8dcd2084581fa4153e0367cda4b116a215065e47933a859f5191f6
                                                    • Instruction Fuzzy Hash: BDC012F0680B01ADD600B7721C87D7A254CD52072C320843FB45D65183D97D0C104F3C
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0041B66C, Relevance: 9.1, APIs: 6, Instructions: 144windowCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 66%
                                                    			E0041B66C(intOrPtr* __eax, void* __ebx, struct HPALETTE__** __ecx, intOrPtr* __edx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8) {
				void* _v8;
				struct HPALETTE__** _v12;
				signed int _v14;
				struct HWND__* _v20;
				struct HDC__* _v24;
				void* _v28;
				BITMAPINFOHEADER* _v32;
				struct HPALETTE__* _v36;
				signed int _v44;
				intOrPtr _v62;
				short _v64;
				void _v76;
				void* _t100;
				void* _t113;
				intOrPtr _t118;
				intOrPtr _t121;
				intOrPtr* _t128;
				intOrPtr* _t130;
				void* _t132;
				void* _t133;
				intOrPtr _t134;
				intOrPtr _t135;

				_t122 = __edi;
				_t132 = _t133;
				_t134 = _t133 + 0xffffffb8;
				_push(__edi);
				_v12 = __ecx;
				_v8 = __edx;
				_t128 = __eax;
				_t113 =  &_v76 + 4;
				 *((intOrPtr*)( *__eax))();
				_v76 = _a8;
				if(_v64 != 1) {
					E0041B37C();
				}
				_t137 = _v44;
				if(_v44 == 0) {
					_v44 = E0041B4E8(_v62);
				}
				_v14 = _v44 << 2;
				_v32 = E004069DC((_v14 & 0x0000ffff) + 0x28, _t113, _t122, _t137);
				 *[fs:ecx] = _t134;
				_t100 = _v32;
				memcpy(_t100,  &_v76, 0xa << 2);
				_t135 = _t134 + 0xc;
				_t130 = _t128;
				_t126 =  *_t130;
				 *((intOrPtr*)( *_t130))( *[fs:ecx], 0x41b860, _t132);
				 *_v12 = E0041B508(_v32);
				_a4 = _a4 - (_v14 & 0x0000ffff) + 0x28;
				_t118 =  *((intOrPtr*)(_t100 + 0x14));
				if(_t118 != 0) {
					_t139 = _t118 - _a4;
					if(_t118 < _a4) {
						_a4 = _t118;
					}
				}
				_v28 = E004069DC(_a4, _t118, _t126, _t139);
				 *[fs:eax] = _t135;
				 *((intOrPtr*)( *_t130))( *[fs:eax], 0x41b83c, _t132);
				_v20 = GetFocus();
				_v24 = GetDC(_v20);
				if(_v24 == 0) {
					E0041B394();
				}
				_push(_t132);
				_push(0x41b81c);
				_push( *[fs:eax]);
				 *[fs:eax] = _t135;
				if( *_v12 == 0) {
					__eflags = 0;
					_v36 = 0;
				} else {
					_v36 = SelectPalette(_v24,  *_v12, 0);
					RealizePalette(_v24);
				}
				_push(_t132);
				_push(0x41b7fa);
				_push( *[fs:eax]);
				 *[fs:eax] = _t135;
				 *_v8 = CreateDIBitmap(_v24, _v32, 4, _v28, _v32, 0);
				if( *_v8 == 0) {
					E0041B394();
				}
				_pop(_t121);
				 *[fs:eax] = _t121;
				_push(E0041B801);
				if(_v36 == 0) {
					return 0;
				} else {
					return SelectPalette(_v24, _v36, 0);
				}
			}

























                                                    0x0041b66c
                                                    0x0041b66d
                                                    0x0041b66f
                                                    0x0041b674
                                                    0x0041b675
                                                    0x0041b678
                                                    0x0041b67b
                                                    0x0041b680
                                                    0x0041b68c
                                                    0x0041b691
                                                    0x0041b699
                                                    0x0041b69b
                                                    0x0041b69b
                                                    0x0041b6a0
                                                    0x0041b6a4
                                                    0x0041b6af
                                                    0x0041b6af
                                                    0x0041b6b9
                                                    0x0041b6c9
                                                    0x0041b6d7
                                                    0x0041b6da
                                                    0x0041b6e8
                                                    0x0041b6e8
                                                    0x0041b6ea
                                                    0x0041b6f4
                                                    0x0041b6f6
                                                    0x0041b703
                                                    0x0041b70e
                                                    0x0041b711
                                                    0x0041b716
                                                    0x0041b718
                                                    0x0041b71b
                                                    0x0041b71d
                                                    0x0041b71d
                                                    0x0041b71b
                                                    0x0041b728
                                                    0x0041b736
                                                    0x0041b743
                                                    0x0041b74a
                                                    0x0041b756
                                                    0x0041b75d
                                                    0x0041b75f
                                                    0x0041b75f
                                                    0x0041b766
                                                    0x0041b767
                                                    0x0041b76c
                                                    0x0041b76f
                                                    0x0041b778
                                                    0x0041b799
                                                    0x0041b79b
                                                    0x0041b77a
                                                    0x0041b78b
                                                    0x0041b792
                                                    0x0041b792
                                                    0x0041b7a0
                                                    0x0041b7a1
                                                    0x0041b7a6
                                                    0x0041b7a9
                                                    0x0041b7c8
                                                    0x0041b7d0
                                                    0x0041b7d2
                                                    0x0041b7d2
                                                    0x0041b7d9
                                                    0x0041b7dc
                                                    0x0041b7df
                                                    0x0041b7e8
                                                    0x0041b7f9
                                                    0x0041b7ea
                                                    0x00000000
                                                    0x0041b7f4

                                                    APIs
                                                    • GetFocus.USER32 ref: 0041B745
                                                    • GetDC.USER32(?), ref: 0041B751
                                                    • SelectPalette.GDI32(00000000,?,00000000), ref: 0041B786
                                                    • RealizePalette.GDI32(00000000), ref: 0041B792
                                                    • CreateDIBitmap.GDI32(00000000,?,00000004,?,?,00000000), ref: 0041B7C0
                                                    • SelectPalette.GDI32(00000000,00000000,00000000), ref: 0041B7F4
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Palette$Select$BitmapCreateFocusRealize
                                                    • String ID:
                                                    • API String ID: 3275473261-0
                                                    • Opcode ID: 9b17a45ebd00e155e5aeae17ac6cac102e8e00fd56b9a0d3692e3d2bf0971335
                                                    • Instruction ID: 38bdddf8d72f5571b31e8017bfcff87152bbfcb95d4f6cd7f9962c0a723fddb9
                                                    • Opcode Fuzzy Hash: 9b17a45ebd00e155e5aeae17ac6cac102e8e00fd56b9a0d3692e3d2bf0971335
                                                    • Instruction Fuzzy Hash: 8A512F70A002099FDF11DFA9C881AEEBBF9FF49704F104066F504A7791D7799981CBA9
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0041B93C, Relevance: 9.1, APIs: 6, Instructions: 142windowCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 64%
                                                    			E0041B93C(intOrPtr* __eax, void* __ebx, struct HPALETTE__** __ecx, intOrPtr* __edx, void* __edi, void* __esi, long _a8) {
				void* _v8;
				struct HPALETTE__** _v12;
				signed int _v14;
				struct HWND__* _v20;
				struct HDC__* _v24;
				void* _v28;
				BITMAPINFO* _v32;
				struct HPALETTE__* _v36;
				signed int _v40;
				intOrPtr _v42;
				short _v44;
				short _v48;
				long _v52;
				BITMAPINFOHEADER* _t65;
				BITMAPINFOHEADER* _t99;
				long* _t109;
				signed int _t115;
				intOrPtr _t121;
				intOrPtr* _t126;
				void* _t129;
				void* _t130;
				intOrPtr _t131;
				signed int _t134;

				_t129 = _t130;
				_t131 = _t130 + 0xffffffd0;
				_push(__edi);
				_v12 = __ecx;
				_v8 = __edx;
				_t126 = __eax;
				_t109 =  &(( &_v52)[1]);
				 *((intOrPtr*)( *__eax))();
				_v52 = _a8;
				_t132 = _v44 - 1;
				if(_v44 != 1) {
					E0041B37C();
				}
				_v14 = E0041B4E8(_v42) + _t53 * 2;
				_v32 = E004069DC((_v14 & 0x0000ffff) + 0xf, _t109, _v14 & 0x0000ffff, _t132);
				 *[fs:edx] = _t131;
				_t99 = _v32;
				_t99->biSize = _v52;
				_t99->biWidth = _v48;
				_t99->biHeight = _v44;
				_t124 =  *_t126;
				 *((intOrPtr*)( *_t126))( *[fs:edx], 0x41bb2d, _t129);
				 *_v12 = E0041B870(_v32,  &(_t99->biPlanes), _t132);
				_t65 = _t99;
				_t115 = (_t65->biWidth & 0x0000ffff) * (_t65->biHeight & 0x0000ffff) + 0x1f;
				if(_t115 < 0) {
					_t115 = _t115 + 0x1f;
					_t134 = _t115;
				}
				_v40 = (_t115 >> 5 << 2) * (_t65->biWidth & 0x0000ffff);
				_v28 = E004069DC(_v40, (_t115 >> 5 << 2) * (_t65->biWidth & 0x0000ffff), _t124, _t134);
				 *[fs:eax] = _t131;
				 *((intOrPtr*)( *_t126))( *[fs:eax], 0x41bb09, _t129);
				_v20 = GetFocus();
				_v24 = GetDC(_v20);
				if(_v24 == 0) {
					E0041B394();
				}
				_push(_t129);
				_push(0x41bae9);
				_push( *[fs:eax]);
				 *[fs:eax] = _t131;
				_v36 = 0;
				if( *_v12 != 0) {
					_v36 = SelectPalette(_v24,  *_v12, 0);
					RealizePalette(_v24);
				}
				_push(_t129);
				_push(0x41bac7);
				_push( *[fs:eax]);
				 *[fs:eax] = _t131;
				 *_v8 = CreateDIBitmap(_v24, _t99, 4, _v28, _v32, 0);
				if( *_v8 == 0) {
					E0041B394();
				}
				_pop(_t121);
				 *[fs:eax] = _t121;
				_push(E0041BACE);
				if(_v36 != 0) {
					return SelectPalette(_v24, _v36, 0);
				}
				return 0;
			}


























                                                    0x0041b93d
                                                    0x0041b93f
                                                    0x0041b944
                                                    0x0041b945
                                                    0x0041b948
                                                    0x0041b94b
                                                    0x0041b950
                                                    0x0041b95c
                                                    0x0041b961
                                                    0x0041b964
                                                    0x0041b969
                                                    0x0041b96b
                                                    0x0041b96b
                                                    0x0041b97c
                                                    0x0041b98e
                                                    0x0041b99c
                                                    0x0041b99f
                                                    0x0041b9a5
                                                    0x0041b9aa
                                                    0x0041b9b0
                                                    0x0041b9ba
                                                    0x0041b9bc
                                                    0x0041b9c9
                                                    0x0041b9cb
                                                    0x0041b9d8
                                                    0x0041b9dd
                                                    0x0041b9df
                                                    0x0041b9df
                                                    0x0041b9df
                                                    0x0041b9ef
                                                    0x0041b9fa
                                                    0x0041ba08
                                                    0x0041ba15
                                                    0x0041ba1c
                                                    0x0041ba28
                                                    0x0041ba2f
                                                    0x0041ba31
                                                    0x0041ba31
                                                    0x0041ba38
                                                    0x0041ba39
                                                    0x0041ba3e
                                                    0x0041ba41
                                                    0x0041ba46
                                                    0x0041ba4f
                                                    0x0041ba62
                                                    0x0041ba69
                                                    0x0041ba69
                                                    0x0041ba70
                                                    0x0041ba71
                                                    0x0041ba76
                                                    0x0041ba79
                                                    0x0041ba95
                                                    0x0041ba9d
                                                    0x0041ba9f
                                                    0x0041ba9f
                                                    0x0041baa6
                                                    0x0041baa9
                                                    0x0041baac
                                                    0x0041bab5
                                                    0x00000000
                                                    0x0041bac1
                                                    0x0041bac6

                                                    APIs
                                                    • GetFocus.USER32 ref: 0041BA17
                                                    • GetDC.USER32(?), ref: 0041BA23
                                                    • SelectPalette.GDI32(00000000,?,00000000), ref: 0041BA5D
                                                    • RealizePalette.GDI32(00000000), ref: 0041BA69
                                                    • CreateDIBitmap.GDI32(00000000,?,00000004,?,?,00000000), ref: 0041BA8D
                                                    • SelectPalette.GDI32(00000000,00000000,00000000), ref: 0041BAC1
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Palette$Select$BitmapCreateFocusRealize
                                                    • String ID:
                                                    • API String ID: 3275473261-0
                                                    • Opcode ID: f1b656a7ede54f8d65f93cc35dc493626dae048aef23b352968a277fb398f08e
                                                    • Instruction ID: 3fcaffe560058c7771eaec6053d79e0e1924f360d52694d27862de55114c0f48
                                                    • Opcode Fuzzy Hash: f1b656a7ede54f8d65f93cc35dc493626dae048aef23b352968a277fb398f08e
                                                    • Instruction Fuzzy Hash: 9D512A74A002189FDB11DFA9C891AAEBBF9FF49700F154066F904EB751D738AD40CBA4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0041B508, Relevance: 9.1, APIs: 6, Instructions: 113windowCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 78%
                                                    			E0041B508(intOrPtr __eax) {
				intOrPtr _v8;
				signed int _v12;
				short* _v16;
				intOrPtr _v20;
				struct HDC__* _v24;
				struct HWND__* _v28;
				void* __edi;
				short _t45;
				intOrPtr* _t67;
				short* _t76;
				intOrPtr _t83;
				signed int _t85;
				void* _t87;
				int _t89;
				short _t92;
				intOrPtr* _t94;
				intOrPtr* _t95;
				void* _t97;
				void* _t99;
				intOrPtr _t100;

				_t97 = _t99;
				_t100 = _t99 + 0xffffffe8;
				_push(_t87);
				_v8 = __eax;
				_v12 = 0;
				_t45 =  *((intOrPtr*)(_v8 + 0x20));
				if(_t45 == 0) {
					_t92 = E0041B4E8( *((intOrPtr*)(_v8 + 0xe)));
				} else {
					_t83 = _v8;
					_t92 = _t45;
				}
				_t104 = _t92 - 2;
				if(_t92 <= 2) {
					return _v12;
				} else {
					_v20 = (_t92 - 1 << 2) + 8;
					_v16 = E004069DC(_v20, _t83, _t87, _t104);
					_push(_t97);
					_push(0x41b658);
					_push( *[fs:ecx]);
					 *[fs:ecx] = _t100;
					_t76 = _v16;
					E00402934(_t76, _v20);
					 *((short*)(_t76 + 2)) = _t92;
					 *_t76 = 0x300;
					_v28 = GetFocus();
					_v24 = GetDC(_v28);
					_push(_t97);
					_push(0x41b62c);
					_push( *[fs:ecx]);
					 *[fs:ecx] = _t100;
					_t89 = GetDeviceCaps(_v24, 0x68);
					if(_t92 != 0x10 || _t89 < 0x10) {
						_t94 = _t92 - 1;
						__eflags = _t94;
						if(_t94 >= 0) {
							_t95 = _t94 + 1;
							_t85 = 0;
							_t67 = _v8 + 0x2a;
							__eflags = _t67;
							do {
								 *((char*)(_t76 + 4 + _t85 * 4)) =  *_t67;
								 *((char*)(_t76 + 5 + _t85 * 4)) =  *((intOrPtr*)(_t67 - 1));
								 *((char*)(_t76 + 6 + _t85 * 4)) =  *((intOrPtr*)(_t67 - 2));
								 *((char*)(_t76 + 7 + _t85 * 4)) = 0;
								_t85 = _t85 + 1;
								_t67 = _t67 + 4;
								_t95 = _t95 - 1;
								__eflags = _t95;
							} while (_t95 != 0);
						}
					} else {
						GetSystemPaletteEntries(_v24, 0, 8, _t76 + 4);
						GetSystemPaletteEntries(_v24, _t89 - 8, 8, _t76 + 0x24);
					}
					_pop( *[fs:0x0]);
					_push(E0041B633);
					return ReleaseDC(_v28, _v24);
				}
			}























                                                    0x0041b509
                                                    0x0041b50b
                                                    0x0041b510
                                                    0x0041b511
                                                    0x0041b516
                                                    0x0041b51c
                                                    0x0041b521
                                                    0x0041b536
                                                    0x0041b523
                                                    0x0041b523
                                                    0x0041b526
                                                    0x0041b526
                                                    0x0041b538
                                                    0x0041b53b
                                                    0x0041b668
                                                    0x0041b541
                                                    0x0041b54a
                                                    0x0041b555
                                                    0x0041b55a
                                                    0x0041b55b
                                                    0x0041b560
                                                    0x0041b563
                                                    0x0041b566
                                                    0x0041b570
                                                    0x0041b575
                                                    0x0041b579
                                                    0x0041b583
                                                    0x0041b58f
                                                    0x0041b594
                                                    0x0041b595
                                                    0x0041b59a
                                                    0x0041b59d
                                                    0x0041b5ab
                                                    0x0041b5b0
                                                    0x0041b5e1
                                                    0x0041b5e2
                                                    0x0041b5e4
                                                    0x0041b5e6
                                                    0x0041b5e7
                                                    0x0041b5ec
                                                    0x0041b5ec
                                                    0x0041b5ef
                                                    0x0041b5f1
                                                    0x0041b5f8
                                                    0x0041b5ff
                                                    0x0041b603
                                                    0x0041b608
                                                    0x0041b609
                                                    0x0041b60c
                                                    0x0041b60c
                                                    0x0041b60c
                                                    0x0041b5ef
                                                    0x0041b5b7
                                                    0x0041b5c3
                                                    0x0041b5da
                                                    0x0041b5da
                                                    0x0041b60f
                                                    0x0041b619
                                                    0x0041b62b
                                                    0x0041b62b

                                                    APIs
                                                    • GetFocus.USER32(00000000,0041B658,?,?,?,?), ref: 0041B57E
                                                    • GetDC.USER32(?), ref: 0041B58A
                                                    • GetDeviceCaps.GDI32(?,00000068), ref: 0041B5A6
                                                    • GetSystemPaletteEntries.GDI32(?,00000000,00000008,?), ref: 0041B5C3
                                                    • GetSystemPaletteEntries.GDI32(?,00000000,00000008,?), ref: 0041B5DA
                                                    • ReleaseDC.USER32 ref: 0041B626
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: EntriesPaletteSystem$CapsDeviceFocusRelease
                                                    • String ID:
                                                    • API String ID: 2502006586-0
                                                    • Opcode ID: e956e6ae92597662ed98b2f51c6b506043ab8b509e5ceb21f610fa5f8f95298e
                                                    • Instruction ID: 1753bd22f5710d4f749a3cf2d8329d0f84e6490acb09e3fae29671003709e3a5
                                                    • Opcode Fuzzy Hash: e956e6ae92597662ed98b2f51c6b506043ab8b509e5ceb21f610fa5f8f95298e
                                                    • Instruction Fuzzy Hash: D0410631A04258AFDF10DFA9C885AAFBBB4EF59704F1484AAF500EB351D3389D51CBA5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0045D04C, Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 73COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 58%
                                                    			E0045D04C(void* __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, signed int _a4, intOrPtr _a8) {
				char _v8;
				void* _t35;
				void* _t44;
				intOrPtr _t48;
				void* _t49;
				void* _t51;
				void* _t57;
				intOrPtr _t60;

				_t55 = __edi;
				_push(0);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t57 = __ecx;
				_t35 = __eax;
				_push(_t60);
				_push(0x45d118);
				_push( *[fs:eax]);
				 *[fs:eax] = _t60;
				_t44 = __edx - 0x80000000;
				if(_t44 == 0) {
					E00403494( &_v8, "CLASSES_ROOT");
					goto L10;
				} else {
					_t49 = _t44 - 1;
					if(_t49 == 0) {
						E00403494( &_v8, "CURRENT_USER");
						goto L10;
					} else {
						_t51 = _t49 - 1;
						if(_t51 == 0) {
							E00403494( &_v8, "MACHINE");
							goto L10;
						} else {
							if(_t51 == 1) {
								E00403494( &_v8, 0x45d174);
								L10:
								_push(_v8);
								_push(0x45d184);
								_push(_t57);
								E00403634();
								SetLastError(E0045CE9C(_a4 & 0xffffff00 | _t35 == 0x00000002, _t35, _v8, 4, _t55, _t57, 2, _a4, _a8));
							} else {
								SetLastError(0x57);
							}
						}
					}
				}
				_pop(_t48);
				 *[fs:eax] = _t48;
				_push(0x45d11f);
				return E00403400( &_v8);
			}











                                                    0x0045d04c
                                                    0x0045d04f
                                                    0x0045d051
                                                    0x0045d052
                                                    0x0045d053
                                                    0x0045d054
                                                    0x0045d056
                                                    0x0045d05a
                                                    0x0045d05b
                                                    0x0045d060
                                                    0x0045d063
                                                    0x0045d066
                                                    0x0045d06c
                                                    0x0045d081
                                                    0x00000000
                                                    0x0045d06e
                                                    0x0045d06e
                                                    0x0045d06f
                                                    0x0045d090
                                                    0x00000000
                                                    0x0045d071
                                                    0x0045d071
                                                    0x0045d072
                                                    0x0045d09f
                                                    0x00000000
                                                    0x0045d074
                                                    0x0045d075
                                                    0x0045d0ae
                                                    0x0045d0c0
                                                    0x0045d0c0
                                                    0x0045d0c3
                                                    0x0045d0c8
                                                    0x0045d0d1
                                                    0x0045d0f6
                                                    0x0045d077
                                                    0x0045d0b7
                                                    0x0045d0bc
                                                    0x0045d075
                                                    0x0045d072
                                                    0x0045d06f
                                                    0x0045d104
                                                    0x0045d107
                                                    0x0045d10a
                                                    0x0045d117

                                                    APIs
                                                    • SetLastError.KERNEL32(00000057,00000000,0045D118,?,?,?,?,00000000), ref: 0045D0B7
                                                    • SetLastError.KERNEL32(00000000,00000002,?,?,?,0045D184,?,00000000,0045D118,?,?,?,?,00000000), ref: 0045D0F6
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: ErrorLast
                                                    • String ID: CLASSES_ROOT$CURRENT_USER$MACHINE$USERS
                                                    • API String ID: 1452528299-1580325520
                                                    • Opcode ID: 44daac30ba6290961f85a10f910adeebe56024b8db7d764ffa7b36a0de599fb3
                                                    • Instruction ID: 81e1e27ad3ae8d1ea1d6b81b4c13ff0be47bc54c17845d393ef4ad8e2f10c1e8
                                                    • Opcode Fuzzy Hash: 44daac30ba6290961f85a10f910adeebe56024b8db7d764ffa7b36a0de599fb3
                                                    • Instruction Fuzzy Hash: 2C117535A04608AFD731DA91C942B9EB6ADDF4470AF6040776D00572C3D67C5F0B992E
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0041BD8C, Relevance: 9.1, APIs: 6, Instructions: 71COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 63%
                                                    			E0041BD8C(intOrPtr* __eax, void* __ebx, signed int __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v30;
				int _v40;
				int _v44;
				struct HDC__* _v48;
				signed int _t31;
				signed int _t34;
				intOrPtr _t53;
				void* _t56;
				void* _t57;
				void* _t58;
				intOrPtr _t59;

				_t57 = _t58;
				_t59 = _t58 + 0xffffff8c;
				_v16 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				_v24 = _v16 << 4;
				_v20 = E004069DC(_v24, __edx, __edi, __eflags);
				 *[fs:0x0] = _t59;
				 *((intOrPtr*)( *_v8))( *[fs:0x0], 0x41c038, _t57, __edi, __esi, __ebx, _t56);
				_v44 = GetSystemMetrics(0xb);
				_v40 = GetSystemMetrics(0xc);
				_v48 = GetDC(0);
				if(_v48 == 0) {
					E0041B394();
				}
				_push(_t57);
				_push(0x41be5c);
				_push( *[fs:edx]);
				 *[fs:edx] = _t59;
				_t31 = GetDeviceCaps(_v48, 0xe);
				_t34 = _t31 * GetDeviceCaps(_v48, 0xc);
				if(_t34 != 0x18) {
					__eflags = 1;
					_v30 = 1 << _t34;
				} else {
					_v30 = 0;
				}
				_pop(_t53);
				 *[fs:eax] = _t53;
				_push(E0041BE63);
				return ReleaseDC(0, _v48);
			}



















                                                    0x0041bd8d
                                                    0x0041bd8f
                                                    0x0041bd95
                                                    0x0041bd98
                                                    0x0041bd9b
                                                    0x0041bda4
                                                    0x0041bdaf
                                                    0x0041bdbf
                                                    0x0041bdd1
                                                    0x0041bdda
                                                    0x0041bde4
                                                    0x0041bdee
                                                    0x0041bdf5
                                                    0x0041bdf7
                                                    0x0041bdf7
                                                    0x0041bdfe
                                                    0x0041bdff
                                                    0x0041be04
                                                    0x0041be07
                                                    0x0041be10
                                                    0x0041be26
                                                    0x0041be2c
                                                    0x0041be3c
                                                    0x0041be3f
                                                    0x0041be2e
                                                    0x0041be2e
                                                    0x0041be2e
                                                    0x0041be45
                                                    0x0041be48
                                                    0x0041be4b
                                                    0x0041be5b

                                                    APIs
                                                    • GetSystemMetrics.USER32 ref: 0041BDD5
                                                    • GetSystemMetrics.USER32 ref: 0041BDDF
                                                    • GetDC.USER32(00000000), ref: 0041BDE9
                                                    • GetDeviceCaps.GDI32(00000000,0000000E), ref: 0041BE10
                                                    • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0041BE1D
                                                    • ReleaseDC.USER32 ref: 0041BE56
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CapsDeviceMetricsSystem$Release
                                                    • String ID:
                                                    • API String ID: 447804332-0
                                                    • Opcode ID: 3bdc6123dd6674b0137b7fef1a93c0b96d54f33e4692062cf67464f69f8f60e7
                                                    • Instruction ID: d5b995c8e3894394b735eabd433659eae54025482fea58e306a85006fdca5b97
                                                    • Opcode Fuzzy Hash: 3bdc6123dd6674b0137b7fef1a93c0b96d54f33e4692062cf67464f69f8f60e7
                                                    • Instruction Fuzzy Hash: E5212A74E04648AFEB00EFA9C941BEEB7B4EB48714F10846AF514B7690D7785940CB69
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0047EB34, Relevance: 9.1, APIs: 6, Instructions: 57COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E0047EB34(void* __eax) {
				intOrPtr _t12;
				signed int _t15;
				intOrPtr _t16;
				intOrPtr _t19;
				signed int _t21;
				long _t22;
				intOrPtr _t23;
				intOrPtr _t26;
				intOrPtr _t29;
				void* _t32;

				_t32 = __eax;
				_t12 =  *0x49c628; // 0x21a2410
				_t15 = GetWindowLongA( *(_t12 + 0x20), 0xffffffec) & 0xffffff00 | (_t14 & 0x00000080) == 0x00000000;
				if(_t32 != _t15) {
					_t16 =  *0x49c628; // 0x21a2410
					SetWindowPos( *(_t16 + 0x20), 0, 0, 0, 0, 0, 0x97);
					_t19 =  *0x49c628; // 0x21a2410
					_t21 = GetWindowLongA( *(_t19 + 0x20), 0xffffffec);
					if(_t32 == 0) {
						_t22 = _t21 | 0x00000080;
					} else {
						_t22 = _t21 & 0xffffff7f;
					}
					_t23 =  *0x49c628; // 0x21a2410
					SetWindowLongA( *(_t23 + 0x20), 0xffffffec, _t22);
					if(_t32 == 0) {
						_t26 =  *0x49c628; // 0x21a2410
						return SetWindowPos( *(_t26 + 0x20), 0, 0, 0, 0, 0, 0x57);
					} else {
						_t29 =  *0x49c628; // 0x21a2410
						return ShowWindow( *(_t29 + 0x20), 5);
					}
				}
				return _t15;
			}













                                                    0x0047eb35
                                                    0x0047eb39
                                                    0x0047eb49
                                                    0x0047eb4e
                                                    0x0047eb5f
                                                    0x0047eb68
                                                    0x0047eb6f
                                                    0x0047eb78
                                                    0x0047eb7f
                                                    0x0047eb88
                                                    0x0047eb81
                                                    0x0047eb81
                                                    0x0047eb81
                                                    0x0047eb90
                                                    0x0047eb99
                                                    0x0047eba0
                                                    0x0047ebc0
                                                    0x00000000
                                                    0x0047eba2
                                                    0x0047eba4
                                                    0x00000000
                                                    0x0047ebad
                                                    0x0047eba0
                                                    0x0047ebcf

                                                    APIs
                                                    • GetWindowLongA.USER32 ref: 0047EB42
                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000097,?,000000EC,?,0046CDA1), ref: 0047EB68
                                                    • GetWindowLongA.USER32 ref: 0047EB78
                                                    • SetWindowLongA.USER32 ref: 0047EB99
                                                    • ShowWindow.USER32(?,00000005,?,000000EC,00000000,?,000000EC,?,00000000,00000000,00000000,00000000,00000000,00000097,?,000000EC), ref: 0047EBAD
                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000057,?,000000EC,00000000,?,000000EC,?,00000000,00000000,00000000), ref: 0047EBC9
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Window$Long$Show
                                                    • String ID:
                                                    • API String ID: 3609083571-0
                                                    • Opcode ID: 45ec1cf8c65fa1a1d4c9e25a20d0fe29d262eedc4c1703c24f1e77e0302aa631
                                                    • Instruction ID: 558760181b7e7de2d8b346cb17cfb8003feda8981b89fed89de8fe354906c256
                                                    • Opcode Fuzzy Hash: 45ec1cf8c65fa1a1d4c9e25a20d0fe29d262eedc4c1703c24f1e77e0302aa631
                                                    • Instruction Fuzzy Hash: 780112B6645210ABD700D7A9CD81F6637D8AB1C334F0943A6B955DF3E3C638E8409B08
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0041B270, Relevance: 9.0, APIs: 6, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E0041B270(void* __eax) {
				void* _t36;

				_t36 = __eax;
				UnrealizeObject(E0041A6E0( *((intOrPtr*)(__eax + 0x14))));
				SelectObject( *(_t36 + 4), E0041A6E0( *((intOrPtr*)(_t36 + 0x14))));
				if(E0041A75C( *((intOrPtr*)(_t36 + 0x14))) != 0) {
					SetBkColor( *(_t36 + 4),  !(E0041A058(E0041A6A4( *((intOrPtr*)(_t36 + 0x14))))));
					return SetBkMode( *(_t36 + 4), 1);
				} else {
					SetBkColor( *(_t36 + 4), E0041A058(E0041A6A4( *((intOrPtr*)(_t36 + 0x14)))));
					return SetBkMode( *(_t36 + 4), 2);
				}
			}




                                                    0x0041b271
                                                    0x0041b27c
                                                    0x0041b28e
                                                    0x0041b29d
                                                    0x0041b2d7
                                                    0x0041b2e8
                                                    0x0041b29f
                                                    0x0041b2b1
                                                    0x0041b2c2
                                                    0x0041b2c2

                                                    APIs
                                                      • Part of subcall function 0041A6E0: CreateBrushIndirect.GDI32 ref: 0041A74B
                                                    • UnrealizeObject.GDI32(00000000), ref: 0041B27C
                                                    • SelectObject.GDI32(?,00000000), ref: 0041B28E
                                                    • SetBkColor.GDI32(?,00000000), ref: 0041B2B1
                                                    • SetBkMode.GDI32(?,00000002), ref: 0041B2BC
                                                    • SetBkColor.GDI32(?,00000000), ref: 0041B2D7
                                                    • SetBkMode.GDI32(?,00000001), ref: 0041B2E2
                                                      • Part of subcall function 0041A058: GetSysColor.USER32(?), ref: 0041A062
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Color$ModeObject$BrushCreateIndirectSelectUnrealize
                                                    • String ID:
                                                    • API String ID: 3527656728-0
                                                    • Opcode ID: 90af7722afa79acc590a6ee3060039fb524340e2cf7ce152cccbdcb584e8dbde
                                                    • Instruction ID: d03b18a2b949c207061bd18b8e5d47ed8ce294e6be165222704fda36eef26a4f
                                                    • Opcode Fuzzy Hash: 90af7722afa79acc590a6ee3060039fb524340e2cf7ce152cccbdcb584e8dbde
                                                    • Instruction Fuzzy Hash: 56F0CD756015009BDE00FFAAD9CBE4B3B989F043097048496B908DF187CA3CD8649B3A
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004538BC, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 100fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,asI,_iu,?,00000000,004539F6), ref: 004539AB
                                                    • CloseHandle.KERNEL32(00000000,00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,asI,_iu,?,00000000,004539F6), ref: 004539BB
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CloseCreateFileHandle
                                                    • String ID: .tmp$_iu$asI
                                                    • API String ID: 3498533004-3416993101
                                                    • Opcode ID: 1dee75e2bfc2da78c26475f080e8b0a4db6a1a73d39b0bf1d20dabbe4352c150
                                                    • Instruction ID: 7da7e9bbb2667b7856572ae533a3071efe8e017fb0344d9459fa270775feb22d
                                                    • Opcode Fuzzy Hash: 1dee75e2bfc2da78c26475f080e8b0a4db6a1a73d39b0bf1d20dabbe4352c150
                                                    • Instruction Fuzzy Hash: 1831C5B0A00249ABCB11EF95D842B9EBBB4AF44345F20453AF810B73C2D7785F058B69
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0049829C, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 97COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 004242C4: SetWindowTextA.USER32(?,00000000), ref: 004242DC
                                                    • ShowWindow.USER32(?,00000005,00000000,00498501,?,?,00000000), ref: 004982D2
                                                      • Part of subcall function 0042D8C4: GetSystemDirectoryA.KERNEL32 ref: 0042D8D7
                                                      • Part of subcall function 004072A8: SetCurrentDirectoryA.KERNEL32(00000000,?,004982FA,00000000,004984CD,?,?,00000005,00000000,00498501,?,?,00000000), ref: 004072B3
                                                      • Part of subcall function 0042D44C: GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,0042D4DA,?,?,?,00000001,?,0045607E,00000000,004560E6), ref: 0042D481
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: DirectoryWindow$CurrentFileModuleNameShowSystemText
                                                    • String ID: .dat$.msg$IMsg$Uninstall
                                                    • API String ID: 3312786188-1660910688
                                                    • Opcode ID: b40716ae20ef38e55cf5fb00421125a37882471468cc83c968af959bd4861768
                                                    • Instruction ID: 2b9c2c46f3884c4a48dc033c97e5b42376d3325146b4dc4ed866e5651845f74c
                                                    • Opcode Fuzzy Hash: b40716ae20ef38e55cf5fb00421125a37882471468cc83c968af959bd4861768
                                                    • Instruction Fuzzy Hash: 1C315234A00114AFCB11EF69DC92D6EBB75FB89718F91847AF800A7352DB39AD05CB58
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0042EAA8, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49libraryloaderCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetModuleHandleA.KERNEL32(user32.dll,ShutdownBlockReasonCreate), ref: 0042EADA
                                                    • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0042EAE0
                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000FFF,00000000,user32.dll,ShutdownBlockReasonCreate), ref: 0042EB09
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: AddressByteCharHandleModuleMultiProcWide
                                                    • String ID: ShutdownBlockReasonCreate$user32.dll
                                                    • API String ID: 828529508-2866557904
                                                    • Opcode ID: eb577c3347fbf9fd6a249885fcfc34f4074b2fa1c1d8d6afc25abb851ecf655c
                                                    • Instruction ID: 7e091cf0cf0c4dae12ae48626bdfb721f4796128e550bb25d34418d77cfbcdd5
                                                    • Opcode Fuzzy Hash: eb577c3347fbf9fd6a249885fcfc34f4074b2fa1c1d8d6afc25abb851ecf655c
                                                    • Instruction Fuzzy Hash: 70F0C8D034061136E620B57F5C82F7B598C8F94759F140436B109E62C2D96CA905426E
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00457FF8, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 45COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • MsgWaitForMultipleObjects.USER32 ref: 00458028
                                                    • GetExitCodeProcess.KERNEL32 ref: 00458049
                                                    • CloseHandle.KERNEL32(?,0045807C,00000001,00000000,000000FF,000000FF,00000000,00458075), ref: 0045806F
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CloseCodeExitHandleMultipleObjectsProcessWait
                                                    • String ID: GetExitCodeProcess$MsgWaitForMultipleObjects
                                                    • API String ID: 2573145106-3235461205
                                                    • Opcode ID: 0bf7457be4cd743180d0df9cbaebe39186a44c2eb61f5ac505f25413929649f5
                                                    • Instruction ID: 8ca2d0058ba7cbb50b4a329ddd8c934ddf4c064d08651955299a62d5c280044d
                                                    • Opcode Fuzzy Hash: 0bf7457be4cd743180d0df9cbaebe39186a44c2eb61f5ac505f25413929649f5
                                                    • Instruction Fuzzy Hash: F301A231600204AFD710EBA98C42A5A73A8EB49B25F51407BFC10E73D3DE399E08961D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0042E9AC, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetModuleHandleA.KERNEL32(user32.dll,ChangeWindowMessageFilter,?,0042EA70,00000004,0049A934,004571F1,00457594,00457148,00000000,00000B06,00000000,00000000,00000001,00000000,00000002), ref: 0042E9C2
                                                    • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0042E9C8
                                                    • InterlockedExchange.KERNEL32(0049C660,00000001), ref: 0042E9D9
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: AddressExchangeHandleInterlockedModuleProc
                                                    • String ID: ChangeWindowMessageFilter$user32.dll
                                                    • API String ID: 3478007392-2498399450
                                                    • Opcode ID: c36f8f94805b7d902051433b35875e22838e6d9aa50e17b7a9d16ab54da6b357
                                                    • Instruction ID: b8f9bf3d9be2f8c1d209f28124344a0c8d199a24e32242aaf2824e6907578135
                                                    • Opcode Fuzzy Hash: c36f8f94805b7d902051433b35875e22838e6d9aa50e17b7a9d16ab54da6b357
                                                    • Instruction Fuzzy Hash: 59E0ECB2740324AADA107B626ECAF663558A724B19F902437F001751E1C6FD0C80CA2D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00477F28, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderthreadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetWindowThreadProcessId.USER32(00000000), ref: 00477F30
                                                    • GetModuleHandleA.KERNEL32(user32.dll,AllowSetForegroundWindow,00000000,?,?,00478027,0049D0A8,00000000), ref: 00477F43
                                                    • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 00477F49
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: AddressHandleModuleProcProcessThreadWindow
                                                    • String ID: AllowSetForegroundWindow$user32.dll
                                                    • API String ID: 1782028327-3855017861
                                                    • Opcode ID: afc54861c8e7a9e311f6dec3000d7eb502ec530a4813a9c9c4fe9e845c6217e4
                                                    • Instruction ID: bb94c84c7b6da0bace4c8c5367c9ec9106dc9a44addef0b25af840ec1b7a485c
                                                    • Opcode Fuzzy Hash: afc54861c8e7a9e311f6dec3000d7eb502ec530a4813a9c9c4fe9e845c6217e4
                                                    • Instruction Fuzzy Hash: 21D09E9064870169D91077B58E46E9F225C8984718790843BF55CF21C6DA7CDC058A7D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0044F744, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 16libraryloaderCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetModuleHandleA.KERNEL32(user32.dll,NotifyWinEvent,00499132), ref: 0044F77F
                                                    • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0044F785
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: AddressHandleModuleProc
                                                    • String ID: NotifyWinEvent$`t$user32.dll
                                                    • API String ID: 1646373207-82275377
                                                    • Opcode ID: 0c4814f5095d2f26bf1dd295da01d2ea10056342ce4be8cb0cb6f46b9460fbf4
                                                    • Instruction ID: a548b1a2c93a9987e8a55f60344bf8fc374f152cafbee3c82208bfc9f7b62feb
                                                    • Opcode Fuzzy Hash: 0c4814f5095d2f26bf1dd295da01d2ea10056342ce4be8cb0cb6f46b9460fbf4
                                                    • Instruction Fuzzy Hash: 59E012F0E417019AFF00BBF569C6B193A90E76431DF41047BF104A6292CB7C44184F6E
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00416C2C, Relevance: 7.6, APIs: 5, Instructions: 104COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • BeginPaint.USER32(00000000,?), ref: 00416C52
                                                    • SaveDC.GDI32(?), ref: 00416C83
                                                    • ExcludeClipRect.GDI32(?,?,?,?,?,?,00000000,00416D45), ref: 00416CE4
                                                    • RestoreDC.GDI32(?,?), ref: 00416D0B
                                                    • EndPaint.USER32(00000000,?,00416D4C,00000000,00416D45), ref: 00416D3F
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Paint$BeginClipExcludeRectRestoreSave
                                                    • String ID:
                                                    • API String ID: 3808407030-0
                                                    • Opcode ID: ad781fe6fb59047a66b80eb53a3f65b2019eba16d1c733f202b60e39d660354f
                                                    • Instruction ID: 8164e3b37c2b38cc39b91ef4074089abf19b8963c3e0e5cbd12a4ce3d65b1abe
                                                    • Opcode Fuzzy Hash: ad781fe6fb59047a66b80eb53a3f65b2019eba16d1c733f202b60e39d660354f
                                                    • Instruction Fuzzy Hash: A1415070A002049FCB14DBA9C585FAA77F9FF48304F1540AEE8459B362D778DD81CB58
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00414800, Relevance: 7.6, APIs: 5, Instructions: 102COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b6913cb722474124f75cff2ee5949f067bbdde1b56a592e148b6496e85af3d5a
                                                    • Instruction ID: a833d86c80f2fb81cba799e3b93fc1891ddf3ebdd98a67124a25423b7ab76754
                                                    • Opcode Fuzzy Hash: b6913cb722474124f75cff2ee5949f067bbdde1b56a592e148b6496e85af3d5a
                                                    • Instruction Fuzzy Hash: 563132746057809FC320EF69C984B9BB7E8AF89354F04491EF9D5C3752C638E8818F19
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004297CC, Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: MessageSend
                                                    • String ID:
                                                    • API String ID: 3850602802-0
                                                    • Opcode ID: 8068ba89b5c4fe1614b86de526f289d09a5b543f463a5e68c5bb5a8996bd13a2
                                                    • Instruction ID: 8b65b0e689063cc909dba6714575951256d1ad54ff8cece17fd29570ea6901c2
                                                    • Opcode Fuzzy Hash: 8068ba89b5c4fe1614b86de526f289d09a5b543f463a5e68c5bb5a8996bd13a2
                                                    • Instruction Fuzzy Hash: 6E219D707107057BEB10AB62DC82F5B7AECAB41708F54443EB501AB2D2DFB8AE418228
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0041BBB8, Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetSystemMetrics.USER32 ref: 0041BBCA
                                                    • GetSystemMetrics.USER32 ref: 0041BBD4
                                                    • GetDC.USER32(00000000), ref: 0041BC12
                                                    • CreateDIBitmap.GDI32(00000000,?,00000004,?,?,00000000), ref: 0041BC59
                                                    • DeleteObject.GDI32(00000000), ref: 0041BC9A
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: MetricsSystem$BitmapCreateDeleteObject
                                                    • String ID:
                                                    • API String ID: 1095203571-0
                                                    • Opcode ID: d6ecec59309c4539c21f746b1d4641e0a999657a412e1d938322a226e3514674
                                                    • Instruction ID: 2a907a32995036c4e239f44386a828d3a2f1e7d44945ead90e55d18394f4d4ff
                                                    • Opcode Fuzzy Hash: d6ecec59309c4539c21f746b1d4641e0a999657a412e1d938322a226e3514674
                                                    • Instruction Fuzzy Hash: 5D315C70E00208EFDB04DFA5C941AAEB7F5EB48700F2084AAF514AB781D7789E40DB98
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0047396C, Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 71COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 0045D04C: SetLastError.KERNEL32(00000057,00000000,0045D118,?,?,?,?,00000000), ref: 0045D0B7
                                                    • GetLastError.KERNEL32(00000000,00000000,00000000,00473A40,?,?,0049D1E0,00000000), ref: 004739F9
                                                    • GetLastError.KERNEL32(00000000,00000000,00000000,00473A40,?,?,0049D1E0,00000000), ref: 00473A0F
                                                    Strings
                                                    • Setting permissions on registry key: %s\%s, xrefs: 004739BE
                                                    • Failed to set permissions on registry key (%d)., xrefs: 00473A20
                                                    • Could not set permissions on the registry key because it currently does not exist., xrefs: 00473A03
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: ErrorLast
                                                    • String ID: Could not set permissions on the registry key because it currently does not exist.$Failed to set permissions on registry key (%d).$Setting permissions on registry key: %s\%s
                                                    • API String ID: 1452528299-4018462623
                                                    • Opcode ID: 9a94751b9ceec0cea8b53b55177164b16b416a6e1b82bbbcb04e7a33a0ca06f9
                                                    • Instruction ID: 0a2381b1912759d686c5a064c86faa76dce3aa6e719ea4785adaf7dc2ecde98c
                                                    • Opcode Fuzzy Hash: 9a94751b9ceec0cea8b53b55177164b16b416a6e1b82bbbcb04e7a33a0ca06f9
                                                    • Instruction Fuzzy Hash: 10218670A042449FCB00DFAAC8426EEBBE4DB89315F50457AE448E7392DB785E0597AD
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00403CA4, Relevance: 7.6, APIs: 5, Instructions: 55memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000400), ref: 00403CDE
                                                    • SysAllocStringLen.OLEAUT32(?,00000000), ref: 00403CE9
                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 00403CFC
                                                    • SysAllocStringLen.OLEAUT32(00000000,00000000), ref: 00403D06
                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00403D15
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: ByteCharMultiWide$AllocString
                                                    • String ID:
                                                    • API String ID: 262959230-0
                                                    • Opcode ID: dcd45591e65b03bd276bb2a5b0fabad56ebf76f0c081827c2345b0a7b763a240
                                                    • Instruction ID: 657f84db466bd1c54801a2b30447fc2084338491f8142acf58a262d5883cef98
                                                    • Opcode Fuzzy Hash: dcd45591e65b03bd276bb2a5b0fabad56ebf76f0c081827c2345b0a7b763a240
                                                    • Instruction Fuzzy Hash: FCF0A4917442043BF21025A65C43F6B198CCB82B9BF50053FB704FA1D2D87C9D04427D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004143E0, Relevance: 7.6, APIs: 5, Instructions: 51windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SelectPalette.GDI32(00000000,00000000,00000000), ref: 00414419
                                                    • RealizePalette.GDI32(00000000), ref: 00414421
                                                    • SelectPalette.GDI32(00000000,00000000,00000001), ref: 00414435
                                                    • RealizePalette.GDI32(00000000), ref: 0041443B
                                                    • ReleaseDC.USER32 ref: 00414446
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Palette$RealizeSelect$Release
                                                    • String ID:
                                                    • API String ID: 2261976640-0
                                                    • Opcode ID: c9c8aa66f6917016d7555c0ac5b3df2d15848593dde74026b2272496f15e705b
                                                    • Instruction ID: 3cc421e061c7a323c9855e33cbe13bf4890882f9e8533d15179bd5f7679f66d2
                                                    • Opcode Fuzzy Hash: c9c8aa66f6917016d7555c0ac5b3df2d15848593dde74026b2272496f15e705b
                                                    • Instruction Fuzzy Hash: A2018F7520C3806AE600A63D8C85A9F6BED9FCA718F15446EF495DB282DA7AC8018765
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00424CE0, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 190COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 0041F074: GetActiveWindow.USER32 ref: 0041F077
                                                      • Part of subcall function 0041F074: GetCurrentThreadId.KERNEL32 ref: 0041F08C
                                                      • Part of subcall function 0041F074: EnumThreadWindows.USER32(00000000,Function_0001F050), ref: 0041F092
                                                      • Part of subcall function 004231A8: GetSystemMetrics.USER32 ref: 004231AA
                                                    • OffsetRect.USER32(?,?,?), ref: 00424DC9
                                                    • DrawTextA.USER32(00000000,00000000,000000FF,?,00000C10), ref: 00424E8C
                                                    • OffsetRect.USER32(?,?,?), ref: 00424E9D
                                                      • Part of subcall function 00423564: GetCurrentThreadId.KERNEL32 ref: 00423579
                                                      • Part of subcall function 00423564: SetWindowsHookExA.USER32 ref: 00423589
                                                      • Part of subcall function 00423564: CreateThread.KERNEL32 ref: 004235AD
                                                      • Part of subcall function 00424B2C: SetTimer.USER32(00000000,00000001,?,004234B4), ref: 00424B47
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Thread$CurrentOffsetRectWindows$ActiveCreateDrawEnumHookMetricsSystemTextTimerWindow
                                                    • String ID: vLB
                                                    • API String ID: 1477829881-1797516613
                                                    • Opcode ID: 6336c60e64649286a245b44d46559bc289005ddee16d0498013c52c3d52a7627
                                                    • Instruction ID: b45c0c3bb27c28e933d22bed36287d6572db73be915ebea65d6241a4fe5449bb
                                                    • Opcode Fuzzy Hash: 6336c60e64649286a245b44d46559bc289005ddee16d0498013c52c3d52a7627
                                                    • Instruction Fuzzy Hash: 7E812675A003188FCB14DFA8D880ADEBBF4FF88314F50416AE905AB296E738AD45CF44
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00406FA4, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 156shareCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • WNetGetUniversalNameA.MPR(00000000,00000001,?,00000400), ref: 00407003
                                                    • WNetOpenEnumA.MPR(00000001,00000001,00000000,00000000,?), ref: 0040707D
                                                    • WNetEnumResourceA.MPR(?,FFFFFFFF,?,?), ref: 004070D5
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Enum$NameOpenResourceUniversal
                                                    • String ID: Z
                                                    • API String ID: 3604996873-1505515367
                                                    • Opcode ID: 80d5d24c5cc1cd957ebe10b4970d3637aa7fe9c4f627cb318ad46338a568aecc
                                                    • Instruction ID: f2bb682c730c97d5af452be79e127298b11fec363d1d43a15518f059abcad36a
                                                    • Opcode Fuzzy Hash: 80d5d24c5cc1cd957ebe10b4970d3637aa7fe9c4f627cb318ad46338a568aecc
                                                    • Instruction Fuzzy Hash: CB516470E04208AFDB11DF95C951AAFBBB9EF09304F1045BAE500BB3D1D778AE458B5A
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0044CFC0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 126COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetRectEmpty.USER32(?), ref: 0044D04E
                                                    • DrawTextA.USER32(00000000,00000000,00000000,?,00000D20), ref: 0044D079
                                                    • DrawTextA.USER32(00000000,00000000,00000000,00000000,00000800), ref: 0044D101
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: DrawText$EmptyRect
                                                    • String ID:
                                                    • API String ID: 182455014-2867612384
                                                    • Opcode ID: 9342ac6c83ac2351db6e75e145b3a1785d61d95e184629f5b3317e8731ad5951
                                                    • Instruction ID: ac611c4ae9e9b4e435f74cd3b872a097dcdbbef8ea8fa2dc8c743a2ef399c877
                                                    • Opcode Fuzzy Hash: 9342ac6c83ac2351db6e75e145b3a1785d61d95e184629f5b3317e8731ad5951
                                                    • Instruction Fuzzy Hash: 18517171E00248AFDB11DFA5C885BDEBBF8BF48308F18447AE845EB252D7789945CB64
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0042EF74, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetDC.USER32(00000000), ref: 0042EF9E
                                                      • Part of subcall function 0041A1E8: CreateFontIndirectA.GDI32(?), ref: 0041A2A7
                                                    • SelectObject.GDI32(?,00000000), ref: 0042EFC1
                                                    • ReleaseDC.USER32 ref: 0042F0A0
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CreateFontIndirectObjectReleaseSelect
                                                    • String ID: ...\
                                                    • API String ID: 3133960002-983595016
                                                    • Opcode ID: f4419e26e150698def1edcae614262169de195db2bdb855112bb161bc373889c
                                                    • Instruction ID: de545d42c11d103cbad381cc3223c2b5efa9fdb4a6e9ae4bb0445229962d8c70
                                                    • Opcode Fuzzy Hash: f4419e26e150698def1edcae614262169de195db2bdb855112bb161bc373889c
                                                    • Instruction Fuzzy Hash: 5A316370B00128AFDB11EB96D841BAEB7F8EB09348F90447BE410A7392D7785E49CA59
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00416410, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Class$InfoRegisterUnregister
                                                    • String ID: @
                                                    • API String ID: 3749476976-2766056989
                                                    • Opcode ID: 4429400b2c8aa7885ab284c0fdf6fda1a4b259cb8f2969aef6d830a4fad7d720
                                                    • Instruction ID: 17bdcee1d95e3fed1dd3d41c9f7bbe28a180c173fc6d114d8d51d8d3f9958cb1
                                                    • Opcode Fuzzy Hash: 4429400b2c8aa7885ab284c0fdf6fda1a4b259cb8f2969aef6d830a4fad7d720
                                                    • Instruction Fuzzy Hash: 63316F702042408BD720EF69C981B9B77E5AB85308F04457FF949DB392DB39DD44CB6A
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00498750, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetFileAttributesA.KERNEL32(00000000,004990A0,00000000,00498846,?,?,00000000,0049C628), ref: 004987C0
                                                    • SetFileAttributesA.KERNEL32(00000000,00000000,00000000,004990A0,00000000,00498846,?,?,00000000,0049C628), ref: 004987E9
                                                    • MoveFileExA.KERNEL32 ref: 00498802
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: File$Attributes$Move
                                                    • String ID: isRS-%.3u.tmp
                                                    • API String ID: 3839737484-3657609586
                                                    • Opcode ID: 2e79d6205de39ee5bd8e21d0bf6f01d2e229e005eddd2bc7530ab10d976f7253
                                                    • Instruction ID: 82621092ba519d6558eab5b6810e2d5fb819a527f63b2b6426a9ae6067d1da2d
                                                    • Opcode Fuzzy Hash: 2e79d6205de39ee5bd8e21d0bf6f01d2e229e005eddd2bc7530ab10d976f7253
                                                    • Instruction Fuzzy Hash: C9214471E00219ABDF00EFA9C8819AFBBB8EB45314F50457FB414F72D1DA389E018A69
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00456BFC, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 65registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 0042C804: GetFullPathNameA.KERNEL32(00000000,00001000,?), ref: 0042C828
                                                      • Part of subcall function 00403CA4: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000400), ref: 00403CDE
                                                      • Part of subcall function 00403CA4: SysAllocStringLen.OLEAUT32(?,00000000), ref: 00403CE9
                                                    • LoadTypeLib.OLEAUT32(00000000,00000000), ref: 00456C50
                                                    • RegisterTypeLib.OLEAUT32(00000000,00000000,00000000), ref: 00456C7D
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Type$AllocByteCharFullLoadMultiNamePathRegisterStringWide
                                                    • String ID: LoadTypeLib$RegisterTypeLib
                                                    • API String ID: 1312246647-2435364021
                                                    • Opcode ID: 99adc2ab1761f2fa15f1ac99c5dc87c93e60f5f8f6cafab150dd189b668492eb
                                                    • Instruction ID: 3ed1135b8019c5f4588910a0035f5c9e1cabb82a18fedb82429c118dce795412
                                                    • Opcode Fuzzy Hash: 99adc2ab1761f2fa15f1ac99c5dc87c93e60f5f8f6cafab150dd189b668492eb
                                                    • Instruction Fuzzy Hash: 2911B430B00604AFDB02EFA6CD51A5EB7BDEB89705F5184B6FC44D3752DA389904CA24
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00457154, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    • Cannot debug. Debugger version ($%.8x) does not match Setup version ($%.8x), xrefs: 0045719A
                                                    • Failed to create DebugClientWnd, xrefs: 004571D4
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: MessageSend
                                                    • String ID: Cannot debug. Debugger version ($%.8x) does not match Setup version ($%.8x)$Failed to create DebugClientWnd
                                                    • API String ID: 3850602802-3720027226
                                                    • Opcode ID: 1bee9ecaddc758046b2502070419197472307785d067ae5ed5a9be1d024849ff
                                                    • Instruction ID: aa14c65db6cdd99b67d70119d4cc5236aa31a4fc47b3e85e0ebf9eb66bd2cffc
                                                    • Opcode Fuzzy Hash: 1bee9ecaddc758046b2502070419197472307785d067ae5ed5a9be1d024849ff
                                                    • Instruction Fuzzy Hash: DB112370608240AFD710AB68EC81B4F7BD89B58319F14447AF9848B383D7788819C7AE
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004968E0, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 59processCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateProcessA.KERNEL32 ref: 0049694E
                                                    • CloseHandle.KERNEL32(iI,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,000000FC,?,004969A8,?,0049699C,00000000), ref: 00496965
                                                      • Part of subcall function 00496838: GetLastError.KERNEL32(00000000,004968D0,?,?,?,?), ref: 0049685C
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CloseCreateErrorHandleLastProcess
                                                    • String ID: psI$iI
                                                    • API String ID: 3798668922-3774315737
                                                    • Opcode ID: cf283c8603ff895351109cbf5c8e6e249ce522223dede431b24c2ff3919a7ee0
                                                    • Instruction ID: 10186b6b9f3658dcfa801a6576978a188435e4e7341e7dcc7eead78f3a974db4
                                                    • Opcode Fuzzy Hash: cf283c8603ff895351109cbf5c8e6e249ce522223dede431b24c2ff3919a7ee0
                                                    • Instruction Fuzzy Hash: DB0161B1604248AFDF00EBA5DC42E9FBFACEF49714F52003BB904E7281D6785E058A29
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00478A80, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55windowkeyboardCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 004242C4: SetWindowTextA.USER32(?,00000000), ref: 004242DC
                                                    • GetFocus.USER32(?,00000000,00478B24,?,00000000,00478B4B,?,?,00000001,00000000,?,?,?,004807DE,00000000,004816A4), ref: 00478AEB
                                                    • GetKeyState.USER32(0000007A), ref: 00478AFD
                                                    • WaitMessage.USER32(?,00000000,00478B24,?,00000000,00478B4B,?,?,00000001,00000000,?,?,?,004807DE,00000000,004816A4), ref: 00478B07
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: FocusMessageStateTextWaitWindow
                                                    • String ID: Wnd=$%x
                                                    • API String ID: 1381870634-2927251529
                                                    • Opcode ID: 95e2632fb63b5825483ccaa5c16028881b79b7a74636cba41af72dea4bfdaa6b
                                                    • Instruction ID: 4a656451e32f28a531afd2ae7378f5801c6f2a9c595db78dcddbffc4d70283d4
                                                    • Opcode Fuzzy Hash: 95e2632fb63b5825483ccaa5c16028881b79b7a74636cba41af72dea4bfdaa6b
                                                    • Instruction Fuzzy Hash: 0611C470A44645AFCB00EBA5CC4A99E7BF8EB48304F51847FF408E7281DB386900CA29
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0046E760, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46timeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • FileTimeToLocalFileTime.KERNEL32(?), ref: 0046E768
                                                    • FileTimeToSystemTime.KERNEL32(?,?,?), ref: 0046E777
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Time$File$LocalSystem
                                                    • String ID: %.4u-%.2u-%.2u %.2u:%.2u:%.2u.%.3u$(invalid)
                                                    • API String ID: 1748579591-1013271723
                                                    • Opcode ID: b5a965d629e679462cee1fe0d12d3cfb9bd2af2622692aeb463d283e3c1ff69e
                                                    • Instruction ID: d6c712b8a1c8fe7cad0a5a3f3eb7758ab27952dbda4e85a7147eb7d881f6fbea
                                                    • Opcode Fuzzy Hash: b5a965d629e679462cee1fe0d12d3cfb9bd2af2622692aeb463d283e3c1ff69e
                                                    • Instruction Fuzzy Hash: 25113AA440C3919ED300DF2AC04432BBAE4ABD9704F04892EF8C8C6381E779C848DB77
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00453F76, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetFileAttributesA.KERNEL32(00000000,00000020), ref: 00453F83
                                                      • Part of subcall function 00406F50: DeleteFileA.KERNEL32(00000000,0049C628,00498C31,00000000,00498C86,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000), ref: 00406F5B
                                                    • MoveFileA.KERNEL32 ref: 00453FA8
                                                      • Part of subcall function 0045349C: GetLastError.KERNEL32(00000000,00454031,00000005,00000000,00454066,?,?,00000000,0049C628,00000004,00000000,00000000,00000000,?,004988E5,00000000), ref: 0045349F
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: File$AttributesDeleteErrorLastMove
                                                    • String ID: DeleteFile$MoveFile
                                                    • API String ID: 3024442154-139070271
                                                    • Opcode ID: af3126191ca54be2b14b7bcabd5526068bb9cd492029050b8beb60dc3650c2cb
                                                    • Instruction ID: b5871bee3d194af1fa843ac656f6d820fc0ba16d57580c91db5694710367c43f
                                                    • Opcode Fuzzy Hash: af3126191ca54be2b14b7bcabd5526068bb9cd492029050b8beb60dc3650c2cb
                                                    • Instruction Fuzzy Hash: AEF062716142045BD701FBA2D84266EA7ECDB8435EF60443BB900BB6C3DA3C9E094529
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00459364, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 39registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,00483FBF,?,00000001,?,?,00483FBF,?,00000001,00000000), ref: 0042DE38
                                                    • RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,?,00000000,?,00000002,004594A1,00000000,00459659,?,00000000,00000000,00000000), ref: 004593B1
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CloseOpen
                                                    • String ID: .NET Framework not found$InstallRoot$SOFTWARE\Microsoft\.NETFramework
                                                    • API String ID: 47109696-2631785700
                                                    • Opcode ID: 71efe52f3b5d833c881730dd537475a26ae2595cd9ebfdad929fce7fd53757e2
                                                    • Instruction ID: eb971141c82c6e90af09bd69be2b9c7788e5252ab351c10859e118dada29c764
                                                    • Opcode Fuzzy Hash: 71efe52f3b5d833c881730dd537475a26ae2595cd9ebfdad929fce7fd53757e2
                                                    • Instruction Fuzzy Hash: BDF0AF31700110DBCB10EB5AD845B6E6299DBD931AF10503BF981DB293E73CCC178629
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00483FA0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,00483FBF,?,00000001,?,?,00483FBF,?,00000001,00000000), ref: 0042DE38
                                                    • RegQueryValueExA.ADVAPI32(?,CSDVersion,00000000,?,?,?,?,00000001,00000000), ref: 00483FE1
                                                    • RegCloseKey.ADVAPI32(?,?,CSDVersion,00000000,?,?,?,?,00000001,00000000), ref: 00484004
                                                    Strings
                                                    • CSDVersion, xrefs: 00483FD8
                                                    • System\CurrentControlSet\Control\Windows, xrefs: 00483FAE
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CloseOpenQueryValue
                                                    • String ID: CSDVersion$System\CurrentControlSet\Control\Windows
                                                    • API String ID: 3677997916-1910633163
                                                    • Opcode ID: f3e1b682b595892edc8e04416e9bcb6bd900fcb4c9496300ad687447a84e512d
                                                    • Instruction ID: b915f471b655e7fdef170db69507dca06909280b60962d587ed7fc305732f584
                                                    • Opcode Fuzzy Hash: f3e1b682b595892edc8e04416e9bcb6bd900fcb4c9496300ad687447a84e512d
                                                    • Instruction Fuzzy Hash: 15F0A475E00209E6DF10EAE09C45BEF73BCAB45308F204867EB14E7280F639AA048B59
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0042D8F0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetModuleHandleA.KERNEL32(kernel32.dll,GetSystemWow64DirectoryA,?,00453B5A,00000000,00453BFD,?,?,00000000,00000000,00000000,00000000,00000000,?,00453FED,00000000), ref: 0042D90A
                                                    • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0042D910
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: AddressHandleModuleProc
                                                    • String ID: GetSystemWow64DirectoryA$kernel32.dll
                                                    • API String ID: 1646373207-4063490227
                                                    • Opcode ID: 3965e48138ab8598cb17ff311cd558fd433aca8a834515e354a81fb776e31baf
                                                    • Instruction ID: 657275fb9dfacbe144619f02b172540cf2f0c5a6f4252bec6bd03a25d2dd35a2
                                                    • Opcode Fuzzy Hash: 3965e48138ab8598cb17ff311cd558fd433aca8a834515e354a81fb776e31baf
                                                    • Instruction Fuzzy Hash: A5E0DFE0B40B0122D70032BA1C82B6B108D4B84728F90053B3894E62D6DDBCD9840A6D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0042EB54, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 23libraryloaderCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetModuleHandleA.KERNEL32(user32.dll,ShutdownBlockReasonDestroy,?,00000000,0042EAD0), ref: 0042EB62
                                                    • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0042EB68
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: AddressHandleModuleProc
                                                    • String ID: ShutdownBlockReasonDestroy$user32.dll
                                                    • API String ID: 1646373207-260599015
                                                    • Opcode ID: 88ce12e330a2fc51ece58c284b54de3a76b504cb94a4c995bd1a3fb2c6ea0693
                                                    • Instruction ID: e1ec077e445c8734ae54db5ffdd633522f5c412f0b7fee52e54de0d29bb4c321
                                                    • Opcode Fuzzy Hash: 88ce12e330a2fc51ece58c284b54de3a76b504cb94a4c995bd1a3fb2c6ea0693
                                                    • Instruction Fuzzy Hash: A2D0C793311732665D10B1F73CD1EAB058C891527935404B7F515E5641D55DEC1115AD
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00498EA8, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetModuleHandleA.KERNEL32(user32.dll,DisableProcessWindowsGhosting,00499188,00000001,00000000,004991AC), ref: 00498EB2
                                                    • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 00498EB8
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: AddressHandleModuleProc
                                                    • String ID: DisableProcessWindowsGhosting$user32.dll
                                                    • API String ID: 1646373207-834958232
                                                    • Opcode ID: f82e9a8c1fc520efc3493493f57f3e11975ff19308d5bc5f03be5583808cd056
                                                    • Instruction ID: a85b6fa453d319a71eefe831850ebd09cb83ca2f3b2a56c048834f0552a6e23a
                                                    • Opcode Fuzzy Hash: f82e9a8c1fc520efc3493493f57f3e11975ff19308d5bc5f03be5583808cd056
                                                    • Instruction Fuzzy Hash: D0B00280A41B02699D5172BA0D27F1B0848886676E714047F7414E51C6DE6C8D11593D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004645F4, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 8libraryloaderCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 0044B658: LoadLibraryA.KERNEL32(uxtheme.dll,?,0044F775,00499132), ref: 0044B67F
                                                      • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,OpenThemeData), ref: 0044B697
                                                      • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,CloseThemeData), ref: 0044B6A9
                                                      • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,DrawThemeBackground), ref: 0044B6BB
                                                      • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,DrawThemeText), ref: 0044B6CD
                                                      • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,GetThemeBackgroundContentRect), ref: 0044B6DF
                                                      • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,GetThemeBackgroundContentRect), ref: 0044B6F1
                                                      • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,GetThemePartSize), ref: 0044B703
                                                      • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,GetThemeTextExtent), ref: 0044B715
                                                      • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,GetThemeTextMetrics), ref: 0044B727
                                                      • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,GetThemeBackgroundRegion), ref: 0044B739
                                                      • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,HitTestThemeBackground), ref: 0044B74B
                                                      • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,DrawThemeEdge), ref: 0044B75D
                                                      • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,DrawThemeIcon), ref: 0044B76F
                                                      • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,IsThemePartDefined), ref: 0044B781
                                                      • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,IsThemeBackgroundPartiallyTransparent), ref: 0044B793
                                                      • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,GetThemeColor), ref: 0044B7A5
                                                      • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,GetThemeMetric), ref: 0044B7B7
                                                    • LoadLibraryA.KERNEL32(shell32.dll,SHPathPrepareForWriteA,0049915A), ref: 00464603
                                                    • GetProcAddress.KERNEL32(00000000,shell32.dll), ref: 00464609
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: AddressProc$LibraryLoad
                                                    • String ID: SHPathPrepareForWriteA$shell32.dll
                                                    • API String ID: 2238633743-2683653824
                                                    • Opcode ID: 266b5aae74457c18d17694bc6f9d4dc2bcbfde0c5a5f95e23c1699c5c17d9369
                                                    • Instruction ID: 6f0f7d0aca7b5f2124629fae06fe0de77c927d41fde507854a0da375de159762
                                                    • Opcode Fuzzy Hash: 266b5aae74457c18d17694bc6f9d4dc2bcbfde0c5a5f95e23c1699c5c17d9369
                                                    • Instruction Fuzzy Hash: A9B092D0A8274064C90077B2981B90F2A4488A271EB10053B710877483EABC84100EAE
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0047DA58, Relevance: 6.2, APIs: 4, Instructions: 195fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • FindNextFileA.KERNEL32(000000FF,?,00000000,0047DBCC,?,?,?,?,00000000,0047DD21,?,?,?,00000000,?,0047DE30), ref: 0047DBA8
                                                    • FindClose.KERNEL32(000000FF,0047DBD3,0047DBCC,?,?,?,?,00000000,0047DD21,?,?,?,00000000,?,0047DE30,00000000), ref: 0047DBC6
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Find$CloseFileNext
                                                    • String ID:
                                                    • API String ID: 2066263336-0
                                                    • Opcode ID: 88a27566c8430f0e8c9fdd4726c9adac07bfc869fd5355c6936475728285f6db
                                                    • Instruction ID: 2a35a6999a453231ff6cf52326074d4c8e5400bf28a19e29f9dab68c88990ac4
                                                    • Opcode Fuzzy Hash: 88a27566c8430f0e8c9fdd4726c9adac07bfc869fd5355c6936475728285f6db
                                                    • Instruction Fuzzy Hash: 83812B74D0424D9FDF12DFA5C841ADFBBB9EF49304F5080AAE808A7291D639AA46CF54
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00475940, Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 114COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 0042EE30: GetTickCount.KERNEL32 ref: 0042EE36
                                                      • Part of subcall function 0042EC88: MoveFileExA.KERNEL32 ref: 0042ECBD
                                                    • GetLastError.KERNEL32(00000000,00475AB5,?,?,0049D1E0,00000000), ref: 0047599E
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CountErrorFileLastMoveTick
                                                    • String ID: $LoggedMsgBox returned an unexpected value. Assuming Cancel.$MoveFileEx
                                                    • API String ID: 2406187244-2685451598
                                                    • Opcode ID: eefa15005827e49071ab2b851c4f9491611c7044eef03091ba63e79c4b402804
                                                    • Instruction ID: 970d0f228ed0ee64b1f253f167705d001af74b9d4c262bd7fbc13ac5fa24ecbb
                                                    • Opcode Fuzzy Hash: eefa15005827e49071ab2b851c4f9491611c7044eef03091ba63e79c4b402804
                                                    • Instruction Fuzzy Hash: DA4156B1A006198FCB10EFA5D882AEE77B4EF48314F508537E514BB391D7789A058BAD
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00413CF8, Relevance: 6.1, APIs: 4, Instructions: 107COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetDesktopWindow.USER32 ref: 00413D46
                                                    • GetDesktopWindow.USER32 ref: 00413DFE
                                                      • Part of subcall function 00418EC0: 703AB5E0.COMCTL32(?,00000000,00413FC3,00000000,004140D3,?,?,0049C628), ref: 00418EDC
                                                      • Part of subcall function 00418EC0: ShowCursor.USER32(00000001,?,00000000,00413FC3,00000000,004140D3,?,?,0049C628), ref: 00418EF9
                                                    • SetCursor.USER32(00000000,?,?,?,?,00413AF3,00000000,00413B06), ref: 00413E3C
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CursorDesktopWindow$Show
                                                    • String ID:
                                                    • API String ID: 2074268717-0
                                                    • Opcode ID: c82077e875ceebfb446ca8bdba497cc44f2f016adda31143cf8d95e20cbb1c8e
                                                    • Instruction ID: 896cdbd04830fa17f0c4ad14c6e5261715e4716651aaca0f773e018681f1b2d9
                                                    • Opcode Fuzzy Hash: c82077e875ceebfb446ca8bdba497cc44f2f016adda31143cf8d95e20cbb1c8e
                                                    • Instruction Fuzzy Hash: 13414774600220EFCB14EF29E9C4B9677E1AB65325B16807BE405DB366DA38FD80CF58
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00408A54, Relevance: 6.1, APIs: 4, Instructions: 95windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: LoadString$FileMessageModuleName
                                                    • String ID:
                                                    • API String ID: 704749118-0
                                                    • Opcode ID: 3d0272cb4438d2cd0cd3bc083d72a7d886fa44808b7212d57058cdfaaef78319
                                                    • Instruction ID: dd649895f54789da5ab3727b704ba240b85178ea5423077ea4551db47b7443ef
                                                    • Opcode Fuzzy Hash: 3d0272cb4438d2cd0cd3bc083d72a7d886fa44808b7212d57058cdfaaef78319
                                                    • Instruction Fuzzy Hash: E83121716083849BD370EB65C945BDBB7D89B86704F40483FB6C8E72D1EBB89904876B
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0044E8C4, Relevance: 6.1, APIs: 4, Instructions: 83windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SendMessageA.USER32 ref: 0044E90D
                                                      • Part of subcall function 0044CF50: SendMessageA.USER32 ref: 0044CF82
                                                    • InvalidateRect.USER32(00000000,00000000,00000001,00000000,000001A1,?,00000000), ref: 0044E991
                                                      • Part of subcall function 0042BBB4: SendMessageA.USER32 ref: 0042BBC8
                                                    • IsRectEmpty.USER32(?), ref: 0044E953
                                                    • ScrollWindowEx.USER32 ref: 0044E976
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: MessageSend$Rect$EmptyInvalidateScrollWindow
                                                    • String ID:
                                                    • API String ID: 855768636-0
                                                    • Opcode ID: 335d38c900f5431c65232e7e3276e80efbd523f32ed56291c0cb877b38017c3a
                                                    • Instruction ID: f7bad605b8f68185b4e834990bb8ca2287257270a928060092b59a923d315d7c
                                                    • Opcode Fuzzy Hash: 335d38c900f5431c65232e7e3276e80efbd523f32ed56291c0cb877b38017c3a
                                                    • Instruction Fuzzy Hash: E5114A71B0030067E650BA7B8C86B5B76C9AB88748F15083FB545EB387DE7DDD094299
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00495E64, Relevance: 6.1, APIs: 4, Instructions: 81COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • OffsetRect.USER32(?,?,00000000), ref: 00495EC8
                                                    • OffsetRect.USER32(?,00000000,?), ref: 00495EE3
                                                    • OffsetRect.USER32(?,?,00000000), ref: 00495EFD
                                                    • OffsetRect.USER32(?,00000000,?), ref: 00495F18
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: OffsetRect
                                                    • String ID:
                                                    • API String ID: 177026234-0
                                                    • Opcode ID: 758979e9218dc4969a003e38f205f50134a882301915ac1ed28822b64ab0e268
                                                    • Instruction ID: 46025b2b902532244ab058fbba81834a109846b8a776b76840e75eab68b8dfff
                                                    • Opcode Fuzzy Hash: 758979e9218dc4969a003e38f205f50134a882301915ac1ed28822b64ab0e268
                                                    • Instruction Fuzzy Hash: D9218EB6704601ABCB00DF69CD85E5BB7EAEBC4344F248A2AF544C7249E638ED448B65
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00417218, Relevance: 6.1, APIs: 4, Instructions: 72COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetCursorPos.USER32 ref: 00417260
                                                    • SetCursor.USER32(00000000), ref: 004172A3
                                                    • GetLastActivePopup.USER32(?), ref: 004172CD
                                                    • GetForegroundWindow.USER32(?), ref: 004172D4
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Cursor$ActiveForegroundLastPopupWindow
                                                    • String ID:
                                                    • API String ID: 1959210111-0
                                                    • Opcode ID: 42b2b2f1fee3895b97051f62777c7582eb45c1fc4d7e4805d7efff34dea4a97c
                                                    • Instruction ID: 6015a550b49415ac2d233993b55ed4bb4288d084877657d9c2e64f8629c913b3
                                                    • Opcode Fuzzy Hash: 42b2b2f1fee3895b97051f62777c7582eb45c1fc4d7e4805d7efff34dea4a97c
                                                    • Instruction Fuzzy Hash: 562183313086118BC720AFA9D885AD733F1AF48754B0544ABF8558B352DB3DDC82CB5E
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00495B1C, Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • MulDiv.KERNEL32(?,00000008,?), ref: 00495B31
                                                    • MulDiv.KERNEL32(?,00000008,?), ref: 00495B45
                                                    • MulDiv.KERNEL32(?,00000008,?), ref: 00495B59
                                                    • MulDiv.KERNEL32(?,00000008,?), ref: 00495B77
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b0bc83cb44cddb6cfb83e9cff79c84a8c4632dee95d4fc6912c32f85648e17c5
                                                    • Instruction ID: 6116e2a20741203e8feef447184c07a5babf2283b0e9d97c936b49cc9c6ac3c7
                                                    • Opcode Fuzzy Hash: b0bc83cb44cddb6cfb83e9cff79c84a8c4632dee95d4fc6912c32f85648e17c5
                                                    • Instruction Fuzzy Hash: 38112172A05504AFCB40DEA9C8C4D9B7BECEF4D370B24416AF908DB242D674ED408BA8
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0041F480, Relevance: 6.1, APIs: 4, Instructions: 56registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Class$InfoLongRegisterUnregisterWindow
                                                    • String ID:
                                                    • API String ID: 4025006896-0
                                                    • Opcode ID: 2647e2276c4ee218666a952c0b7fda7704b6ed6b5e6d21bde2f3bd2e04e301b6
                                                    • Instruction ID: 1564972ae72e56a1e1df30b4864def064323a8a7c50b4cb7330e0cbd62eddf2f
                                                    • Opcode Fuzzy Hash: 2647e2276c4ee218666a952c0b7fda7704b6ed6b5e6d21bde2f3bd2e04e301b6
                                                    • Instruction Fuzzy Hash: 67015271340104BBCB10EFE8DD81E9B73999729314F11423BB605EB2E2D6399C558BBD
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0040D010, Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • FindResourceA.KERNEL32(00400000,?,00000000), ref: 0040D027
                                                    • LoadResource.KERNEL32(00400000,72756F73,0040A7C8,00400000,00000001,00000000,?,0040CF84,00000000,?,00000000,?,?,0047CF34,0000000A,00000000), ref: 0040D041
                                                    • SizeofResource.KERNEL32(00400000,72756F73,00400000,72756F73,0040A7C8,00400000,00000001,00000000,?,0040CF84,00000000,?,00000000,?,?,0047CF34), ref: 0040D05B
                                                    • LockResource.KERNEL32(74536563,00000000,00400000,72756F73,00400000,72756F73,0040A7C8,00400000,00000001,00000000,?,0040CF84,00000000,?,00000000,?), ref: 0040D065
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Resource$FindLoadLockSizeof
                                                    • String ID:
                                                    • API String ID: 3473537107-0
                                                    • Opcode ID: 52132c190dfaf061790402c8041877c09d56e9edb2e0f995ab3ee72abb07885d
                                                    • Instruction ID: ce77ce8360aa458f47a01e9b0563465317cd85cc21d7bcd45488e041df035c61
                                                    • Opcode Fuzzy Hash: 52132c190dfaf061790402c8041877c09d56e9edb2e0f995ab3ee72abb07885d
                                                    • Instruction Fuzzy Hash: 49F04F726056046F9B14EE59A881D5B77ECDE88268310013AF908E7286DA38DD018B68
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004019CC, Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RtlInitializeCriticalSection.KERNEL32(0049C420,00000000,00401A82,?,?,0040222E,021EC000,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019E2
                                                    • RtlEnterCriticalSection.KERNEL32(0049C420,0049C420,00000000,00401A82,?,?,0040222E,021EC000,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019F5
                                                    • LocalAlloc.KERNEL32(00000000,00000FF8,0049C420,00000000,00401A82,?,?,0040222E,021EC000,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A1F
                                                    • RtlLeaveCriticalSection.KERNEL32(0049C420,00401A89,00000000,00401A82,?,?,0040222E,021EC000,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A7C
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CriticalSection$AllocEnterInitializeLeaveLocal
                                                    • String ID:
                                                    • API String ID: 730355536-0
                                                    • Opcode ID: a537f80313018cf3950957164b1fdd12897bf3377eacdc83d36d2ef3f56c3ae2
                                                    • Instruction ID: 68a963c4b4ce3cb9fa4489d147f84cdc209e61955976dc0c42ca8291dd14a8a4
                                                    • Opcode Fuzzy Hash: a537f80313018cf3950957164b1fdd12897bf3377eacdc83d36d2ef3f56c3ae2
                                                    • Instruction Fuzzy Hash: 1501C0707842405EFB19AB6998A27353ED4D796748F91803BF440A6AF1C67C4840CB6D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004706F0, Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 41COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLastError.KERNEL32(?,00000000), ref: 00470741
                                                    Strings
                                                    • Failed to set NTFS compression state (%d)., xrefs: 00470752
                                                    • Unsetting NTFS compression on file: %s, xrefs: 00470727
                                                    • Setting NTFS compression on file: %s, xrefs: 0047070F
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: ErrorLast
                                                    • String ID: Failed to set NTFS compression state (%d).$Setting NTFS compression on file: %s$Unsetting NTFS compression on file: %s
                                                    • API String ID: 1452528299-3038984924
                                                    • Opcode ID: cb352b682511378ef55ab38e48569ac0c35d814b9dedbee4e01c79f3aa9ccf61
                                                    • Instruction ID: 516ba9922c05d2884c901261e3297babd46d2414ea2f30b5c6a01ed0c8da25d4
                                                    • Opcode Fuzzy Hash: cb352b682511378ef55ab38e48569ac0c35d814b9dedbee4e01c79f3aa9ccf61
                                                    • Instruction Fuzzy Hash: 06016721D0924896CB08D7AD94412DDBBA49F49304F44C5AFE459E7382DB781A098BAA
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00455D9C, Relevance: 6.0, APIs: 4, Instructions: 41registrywindowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,00483FBF,?,00000001,?,?,00483FBF,?,00000001,00000000), ref: 0042DE38
                                                    • RegDeleteValueA.ADVAPI32(?,00000000,00000082,00000002,00000000,?,?,00000000,0045B7AE,?,?,?,?,?,00000000,0045B7D5), ref: 00455DD8
                                                    • RegCloseKey.ADVAPI32(00000000,?,00000000,00000082,00000002,00000000,?,?,00000000,0045B7AE,?,?,?,?,?,00000000), ref: 00455DE1
                                                    • RemoveFontResourceA.GDI32(00000000), ref: 00455DEE
                                                    • SendNotifyMessageA.USER32(0000FFFF,0000001D,00000000,00000000), ref: 00455E02
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CloseDeleteFontMessageNotifyOpenRemoveResourceSendValue
                                                    • String ID:
                                                    • API String ID: 4283692357-0
                                                    • Opcode ID: 8f4524ec4b62dec5390bdd2ed83ea6772c50fa7bfc1a3ba25c401c368cf37ed2
                                                    • Instruction ID: a9a8af30189c92b571934aff020c7041fd05f253265614bca04673beed127bfa
                                                    • Opcode Fuzzy Hash: 8f4524ec4b62dec5390bdd2ed83ea6772c50fa7bfc1a3ba25c401c368cf37ed2
                                                    • Instruction Fuzzy Hash: 08F0BEB174070036EA10B6B6AC4BF2B26CC8F54745F10883ABA00EF2C3D97CDC04966D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0046FF44, Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 41COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLastError.KERNEL32(00000000,00000000), ref: 0046FF95
                                                    Strings
                                                    • Unsetting NTFS compression on directory: %s, xrefs: 0046FF7B
                                                    • Failed to set NTFS compression state (%d)., xrefs: 0046FFA6
                                                    • Setting NTFS compression on directory: %s, xrefs: 0046FF63
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: ErrorLast
                                                    • String ID: Failed to set NTFS compression state (%d).$Setting NTFS compression on directory: %s$Unsetting NTFS compression on directory: %s
                                                    • API String ID: 1452528299-1392080489
                                                    • Opcode ID: 77060103e7a82cec4092835f2ea5e015ec8224a44b08f7b5060cbdeda988ed54
                                                    • Instruction ID: a045838dcc4f37756fc34b517471cd96220c37e591c9b42891c7cb6a53decabf
                                                    • Opcode Fuzzy Hash: 77060103e7a82cec4092835f2ea5e015ec8224a44b08f7b5060cbdeda988ed54
                                                    • Instruction Fuzzy Hash: E4016721E0825856CB04D7ADA4412DDBBA49F4E314F54C1BFA495D7286EB780A0C879A
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00478598, Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetCurrentProcess.KERNEL32(00000008,?,?,?,00000001,00000000,00000002,00000000,004816A4,?,?,?,?,?,0049921B,00000000), ref: 004785A1
                                                    • OpenProcessToken.ADVAPI32(00000000,00000008,?,?,?,00000001,00000000,00000002,00000000,004816A4,?,?,?,?,?,0049921B), ref: 004785A7
                                                    • GetTokenInformation.ADVAPI32(00000008,00000012(TokenIntegrityLevel),00000000,00000004,00000008,00000000,00000008,?,?,?,00000001,00000000,00000002,00000000,004816A4), ref: 004785C9
                                                    • CloseHandle.KERNEL32(00000000,00000008,TokenIntegrityLevel,00000000,00000004,00000008,00000000,00000008,?,?,?,00000001,00000000,00000002,00000000,004816A4), ref: 004785DA
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: ProcessToken$CloseCurrentHandleInformationOpen
                                                    • String ID:
                                                    • API String ID: 215268677-0
                                                    • Opcode ID: 06d41b12d0d877b6bf14acd877a92edcadf3f207d8b3780faa116844b8d07ee0
                                                    • Instruction ID: 7a0968ec8f136f967f8939260ff1f9597a88f05d56cd6bcf815474b891c9e107
                                                    • Opcode Fuzzy Hash: 06d41b12d0d877b6bf14acd877a92edcadf3f207d8b3780faa116844b8d07ee0
                                                    • Instruction Fuzzy Hash: 66F037716447007BD600E6B58D81E5B73DCEB44354F04493E7E94D71C1DA78DC089776
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00424240, Relevance: 6.0, APIs: 4, Instructions: 26windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLastActivePopup.USER32(?), ref: 0042424C
                                                    • IsWindowVisible.USER32(?), ref: 0042425D
                                                    • IsWindowEnabled.USER32(?), ref: 00424267
                                                    • SetForegroundWindow.USER32(?,?,?,?,?,004939B0,00000000,004941ED), ref: 00424271
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Window$ActiveEnabledForegroundLastPopupVisible
                                                    • String ID:
                                                    • API String ID: 2280970139-0
                                                    • Opcode ID: 7ea25e86981cd22a436f7730a5ce4b99d9904119f75a67690abc0c6a5277efc1
                                                    • Instruction ID: 2c5ff33fc315f6eb6fab431e1453bcb0e66c5aaaa6596e28cc8dc28fd0b03a53
                                                    • Opcode Fuzzy Hash: 7ea25e86981cd22a436f7730a5ce4b99d9904119f75a67690abc0c6a5277efc1
                                                    • Instruction Fuzzy Hash: C7E0EC61B02672D6AE31FA7B2881A9F518C9D45BE434641EBBC04FB38ADB2CDC1141BD
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0040626C, Relevance: 6.0, APIs: 4, Instructions: 11memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Global$AllocHandleWire
                                                    • String ID:
                                                    • API String ID: 2210401237-0
                                                    • Opcode ID: cbc5b304f88c7a08b053d0b09bd11fc9f2d944e51c7d356257a26bde9ab667b0
                                                    • Instruction ID: 5df08fd8dc2b017785a639aa93036e57be915985ffe03f20f856cac12e18577c
                                                    • Opcode Fuzzy Hash: cbc5b304f88c7a08b053d0b09bd11fc9f2d944e51c7d356257a26bde9ab667b0
                                                    • Instruction Fuzzy Hash: 0BB009C4810A01BEEC0473B24C0BE3F245CD88172C3904A6F3448BA183987C9C405A3A
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0047A5F4, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 210registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RegCloseKey.ADVAPI32(?,?,?,?,00000001,00000000,00000000,0047BEDD,?,00000000,00000000,00000001,00000000,0047A891,?,00000000), ref: 0047A855
                                                    Strings
                                                    • Cannot access a 64-bit key in a "reg" constant on this version of Windows, xrefs: 0047A6C9
                                                    • Failed to parse "reg" constant, xrefs: 0047A85C
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Close
                                                    • String ID: Cannot access a 64-bit key in a "reg" constant on this version of Windows$Failed to parse "reg" constant
                                                    • API String ID: 3535843008-1938159461
                                                    • Opcode ID: c60f311d79c224dfc362c2749d46616026ebc5b2af15052a5460d0979b2401ec
                                                    • Instruction ID: 001d7052bab1efafb9f85154a11dff06e437df12a15571a1df2c1c4f382e212c
                                                    • Opcode Fuzzy Hash: c60f311d79c224dfc362c2749d46616026ebc5b2af15052a5460d0979b2401ec
                                                    • Instruction Fuzzy Hash: 35815374E00108AFCB10EFA5D481ADEBBF9AF88314F54817AE854B7391D7389E05CB99
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00476740, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 105timeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LocalFileTimeToFileTime.KERNEL32(?,?,?,00000000,00000000,00476873,?,00000000,00476884,?,00000000,004768CD), ref: 00476844
                                                    • SetFileTime.KERNEL32(?,00000000,00000000,?,?,?,?,00000000,00000000,00476873,?,00000000,00476884,?,00000000,004768CD), ref: 00476858
                                                    Strings
                                                    • Extracting temporary file: , xrefs: 00476780
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: FileTime$Local
                                                    • String ID: Extracting temporary file:
                                                    • API String ID: 791338737-4171118009
                                                    • Opcode ID: 541ef390b8a454b92050565b0f576b2e48f67177e9f76e74fea367fb25747d71
                                                    • Instruction ID: f3a2b65f93f92646adb6002ee314f887bdea4c0ad4fc48674df75dbdf8adc8f3
                                                    • Opcode Fuzzy Hash: 541ef390b8a454b92050565b0f576b2e48f67177e9f76e74fea367fb25747d71
                                                    • Instruction Fuzzy Hash: E541A970E006496FCB01EFA5C892E9FBBB9EF09304F52847AF814A7391D7789905CB59
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0046CC64, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 89COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • Failed to proceed to next wizard page; showing wizard., xrefs: 0046CD90
                                                    • Failed to proceed to next wizard page; aborting., xrefs: 0046CD7C
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: Failed to proceed to next wizard page; aborting.$Failed to proceed to next wizard page; showing wizard.
                                                    • API String ID: 0-1974262853
                                                    • Opcode ID: 39c603f3da5e8e6da3562071ff758269a6d43c0f9aff8d68f89b87ccc057ce94
                                                    • Instruction ID: b6ca7043fe10e2652c72014a267ee34eb1496f960dd642c93ae57dd861da4d8a
                                                    • Opcode Fuzzy Hash: 39c603f3da5e8e6da3562071ff758269a6d43c0f9aff8d68f89b87ccc057ce94
                                                    • Instruction Fuzzy Hash: C331C130A04204AFD711EB58D985BAA7BF5EB05308F2400BBF4489B3A2D7787E41DB0D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0047922C, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 86registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,00483FBF,?,00000001,?,?,00483FBF,?,00000001,00000000), ref: 0042DE38
                                                    • RegCloseKey.ADVAPI32(?,00479312,?,?,00000001,00000000,00000000,0047932D), ref: 004792FB
                                                    Strings
                                                    • %s\%s_is1, xrefs: 004792A4
                                                    • Software\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 00479286
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CloseOpen
                                                    • String ID: %s\%s_is1$Software\Microsoft\Windows\CurrentVersion\Uninstall
                                                    • API String ID: 47109696-1598650737
                                                    • Opcode ID: 9b2e946d5899b9a5b5433d1c8e1a9fae6c82f9be74ccb941a7dabe4cf8b29487
                                                    • Instruction ID: 49a346c6c8189a3db07ea358deb0dc233baf706630e3e1f4ad9cd37f683b27aa
                                                    • Opcode Fuzzy Hash: 9b2e946d5899b9a5b5433d1c8e1a9fae6c82f9be74ccb941a7dabe4cf8b29487
                                                    • Instruction Fuzzy Hash: D4218170B00644AFDB01DBAACC41ADEBBE9EB4D304F91847AE804E7391D7789D018B59
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00450168, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 78windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SendMessageA.USER32 ref: 004501FD
                                                    • ShellExecuteA.SHELL32(00000000,open,00000000,00000000,00000000,00000001), ref: 0045022E
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: ExecuteMessageSendShell
                                                    • String ID: open
                                                    • API String ID: 812272486-2758837156
                                                    • Opcode ID: 9a9dfd0ac5ff3ed3b3be18a23d0483abf0fe7367f59472a0c6022d7688fa6cf5
                                                    • Instruction ID: 7f57506e0c07b49dd0b520b237e7736b759e9f4ed638734fb0c833ac5abbff07
                                                    • Opcode Fuzzy Hash: 9a9dfd0ac5ff3ed3b3be18a23d0483abf0fe7367f59472a0c6022d7688fa6cf5
                                                    • Instruction Fuzzy Hash: A1216074E00204AFDB10DFA9C896B9EBBF8EB44705F1081BAB404E7292D678DE45CA59
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00455290, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • ShellExecuteEx.SHELL32(0000003C), ref: 0045532C
                                                    • GetLastError.KERNEL32(0000003C,00000000,00455375,?,?,?), ref: 0045533D
                                                      • Part of subcall function 0042D8C4: GetSystemDirectoryA.KERNEL32 ref: 0042D8D7
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: DirectoryErrorExecuteLastShellSystem
                                                    • String ID: <
                                                    • API String ID: 893404051-4251816714
                                                    • Opcode ID: 5a23c991ea1f4f9f6b13be7a01823eb161f98855501a952691e7822c27d307b8
                                                    • Instruction ID: 92df0b2f1231c5c49ece4c570041ef31d6ed92e86db86b93cafb864a5026e18c
                                                    • Opcode Fuzzy Hash: 5a23c991ea1f4f9f6b13be7a01823eb161f98855501a952691e7822c27d307b8
                                                    • Instruction Fuzzy Hash: 172167B0600609ABDB10EF65C8926AE7BE8AF44355F54403AFC44E7291D7789E49CB98
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00402584, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RtlEnterCriticalSection.KERNEL32(0049C420,00000000,)), ref: 004025C7
                                                    • RtlLeaveCriticalSection.KERNEL32(0049C420,0040263D), ref: 00402630
                                                      • Part of subcall function 004019CC: RtlInitializeCriticalSection.KERNEL32(0049C420,00000000,00401A82,?,?,0040222E,021EC000,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019E2
                                                      • Part of subcall function 004019CC: RtlEnterCriticalSection.KERNEL32(0049C420,0049C420,00000000,00401A82,?,?,0040222E,021EC000,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019F5
                                                      • Part of subcall function 004019CC: LocalAlloc.KERNEL32(00000000,00000FF8,0049C420,00000000,00401A82,?,?,0040222E,021EC000,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A1F
                                                      • Part of subcall function 004019CC: RtlLeaveCriticalSection.KERNEL32(0049C420,00401A89,00000000,00401A82,?,?,0040222E,021EC000,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A7C
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CriticalSection$EnterLeave$AllocInitializeLocal
                                                    • String ID: )
                                                    • API String ID: 2227675388-1084416617
                                                    • Opcode ID: 396a9afb75b2cc7f7a4cbe0e3edaa9b49a36ea60243cfc7b43fdf6a3ec3db581
                                                    • Instruction ID: 1fa17fb08616f6b4eef2bbe9ac14d29337f111a30cd6b0cffb698505e2c33406
                                                    • Opcode Fuzzy Hash: 396a9afb75b2cc7f7a4cbe0e3edaa9b49a36ea60243cfc7b43fdf6a3ec3db581
                                                    • Instruction Fuzzy Hash: A21134307042006FEB10AB795F6A62A6AD4D795358B60087FF404F32D2D9BD8C02825C
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0049706E, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 66COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000097), ref: 004970A9
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Window
                                                    • String ID: /INITPROCWND=$%x $@
                                                    • API String ID: 2353593579-4169826103
                                                    • Opcode ID: 2b11d8bc3c534e138800ad0cfd641c484f27e4cac2aae1223636dbf2942fd761
                                                    • Instruction ID: 27b6959225009179d71714de2407b6757a93da0b12486f53c706093c408d73e1
                                                    • Opcode Fuzzy Hash: 2b11d8bc3c534e138800ad0cfd641c484f27e4cac2aae1223636dbf2942fd761
                                                    • Instruction Fuzzy Hash: 0811A231A182489FDB01DBA4DC42BAEBFE8EB48314F51847BE504E7291DB3C9905C75C
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00447414, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00403CA4: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000400), ref: 00403CDE
                                                      • Part of subcall function 00403CA4: SysAllocStringLen.OLEAUT32(?,00000000), ref: 00403CE9
                                                    • SysFreeString.OLEAUT32(?), ref: 004474C6
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: String$AllocByteCharFreeMultiWide
                                                    • String ID: NIL Interface Exception$Unknown Method
                                                    • API String ID: 3952431833-1023667238
                                                    • Opcode ID: 68784d6db451ced0cb76174b103882e66c2be5d8f7e965ee48eac584af4b4338
                                                    • Instruction ID: c71f63dc48a525ba77490e76e14047fbf5e7b25ce244d131e113cf4708b6d3e8
                                                    • Opcode Fuzzy Hash: 68784d6db451ced0cb76174b103882e66c2be5d8f7e965ee48eac584af4b4338
                                                    • Instruction Fuzzy Hash: DF11B9706082089FEB10DFA58C52A6EBBBCEB09704F91407AF504F7681D77C9D01CB69
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0042DD64, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RegQueryValueExA.ADVAPI32(?,Inno Setup: No Icons,00000000,00000000,00000000,00000000), ref: 0042DD78
                                                    • RegEnumValueA.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,Inno Setup: No Icons,00000000,00000000,00000000), ref: 0042DDB8
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Value$EnumQuery
                                                    • String ID: Inno Setup: No Icons
                                                    • API String ID: 1576479698-2016326496
                                                    • Opcode ID: f350c76201ab4997d4652543ced6fce67a53d94d17f0ed1fe822a95ce8049552
                                                    • Instruction ID: 1f9698fd4e7a3c5b204893953a849f33624a46b7d24a37d40f6251e799f9796a
                                                    • Opcode Fuzzy Hash: f350c76201ab4997d4652543ced6fce67a53d94d17f0ed1fe822a95ce8049552
                                                    • Instruction Fuzzy Hash: BA012B33B55B7179FB3045216D01F7B57889B82B60F64013BF942EA2C0D6999C0493AE
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00452E88, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetFileAttributesA.KERNEL32(00000000,?,00000000,00452EE9,?,?,-00000001,?), ref: 00452EC3
                                                    • GetLastError.KERNEL32(00000000,?,00000000,00452EE9,?,?,-00000001,?), ref: 00452ECB
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: AttributesErrorFileLast
                                                    • String ID: 0(H
                                                    • API String ID: 1799206407-4268776330
                                                    • Opcode ID: 639054bdfccb1e92e79adc417b540f40f046fb4b195b8a4a2f0ac4cfae6b9ee3
                                                    • Instruction ID: d2ab7b9b66ca24062e77e49c95e81f13ab46b8af1b1b2eb811bbb53637dcbd2b
                                                    • Opcode Fuzzy Hash: 639054bdfccb1e92e79adc417b540f40f046fb4b195b8a4a2f0ac4cfae6b9ee3
                                                    • Instruction Fuzzy Hash: 86F0F971A04204AB8B01DB7A9D4249EB7ECEB8A32171045BBFC04E3642E7B84E048558
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00497DA4, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 004555E4: GetCurrentProcess.KERNEL32(00000028), ref: 004555F3
                                                      • Part of subcall function 004555E4: OpenProcessToken.ADVAPI32(00000000,00000028), ref: 004555F9
                                                    • SetForegroundWindow.USER32(?), ref: 00497DD6
                                                    Strings
                                                    • Restarting Windows., xrefs: 00497DB3
                                                    • Not restarting Windows because Uninstall is being run from the debugger., xrefs: 00497E01
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Process$CurrentForegroundOpenTokenWindow
                                                    • String ID: Not restarting Windows because Uninstall is being run from the debugger.$Restarting Windows.
                                                    • API String ID: 3179053593-4147564754
                                                    • Opcode ID: 99a2c689f2aff4ac444e5b827a7270568ad8548d7ccbd1776e14de301935e8b8
                                                    • Instruction ID: ca25da4fbe953d28e2ba1dad80811693e03ea22c752e99a0fcc25da02e3f468d
                                                    • Opcode Fuzzy Hash: 99a2c689f2aff4ac444e5b827a7270568ad8548d7ccbd1776e14de301935e8b8
                                                    • Instruction Fuzzy Hash: 6E01D4746081406BEF12FB65E842B5D3FA89B55308F5080BFF400AB6D3CA3D9D098B2D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0044E3B0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 0044DF30: InvalidateRect.USER32(00000000,00000000,00000000), ref: 0044DFB1
                                                    • NotifyWinEvent.USER32(0000800A,00000000,000000FC,?), ref: 0044E406
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: EventInvalidateNotifyRect
                                                    • String ID: `t${D
                                                    • API String ID: 4137399111-821128380
                                                    • Opcode ID: e027a6b2c33b064956d5b46d3c02c18e6568e2db4b5ef417062905d6b6cca702
                                                    • Instruction ID: 054341499f284f1eed1ab6f13a2a7b5a1c24d83ab8985174b49cc5d51d6d933c
                                                    • Opcode Fuzzy Hash: e027a6b2c33b064956d5b46d3c02c18e6568e2db4b5ef417062905d6b6cca702
                                                    • Instruction Fuzzy Hash: BEF09634701614AFD711DB2EC48998ABFD8FF59364B1481D2F8448B362CB34DE42CB99
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00498544, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 0047D4A8: FreeLibrary.KERNEL32(00000000,00481E0B), ref: 0047D4BE
                                                      • Part of subcall function 0047D178: GetTickCount.KERNEL32 ref: 0047D1C2
                                                      • Part of subcall function 00457294: SendMessageA.USER32 ref: 004572B3
                                                    • GetCurrentProcess.KERNEL32(00000001,?,?,?,?,00498E9B), ref: 00498599
                                                    • TerminateProcess.KERNEL32(00000000,00000001,?,?,?,?,00498E9B), ref: 0049859F
                                                    Strings
                                                    • Detected restart. Removing temporary directory., xrefs: 00498553
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: Process$CountCurrentFreeLibraryMessageSendTerminateTick
                                                    • String ID: Detected restart. Removing temporary directory.
                                                    • API String ID: 1717587489-3199836293
                                                    • Opcode ID: d2c555fe38475b9b270f0f71e2b89111a70a52469faa454ad7bc7e2f7a299849
                                                    • Instruction ID: b3a6d679994dc37753ad002194f102b9241ba8c47aa29d79ad17e2efdf9342c2
                                                    • Opcode Fuzzy Hash: d2c555fe38475b9b270f0f71e2b89111a70a52469faa454ad7bc7e2f7a299849
                                                    • Instruction Fuzzy Hash: 2AE0E5726086407EDA1173BABC129177F6CDB863787A2887FF80882592D92D4808C53D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00403344, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 9COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetModuleHandleA.KERNEL32(00000000,004990F6), ref: 0040334B
                                                    • GetCommandLineA.KERNEL32(00000000,004990F6), ref: 00403356
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: CommandHandleLineModule
                                                    • String ID: X5q
                                                    • API String ID: 2123368496-417146118
                                                    • Opcode ID: f58f8e950532dcfe9cce0c082a6550bb3b71f662624f5e87828fb25057d706ed
                                                    • Instruction ID: 9846383379d11da5b3979ec5ca3a4cf6b38316955b58c391e9082901a5cd845e
                                                    • Opcode Fuzzy Hash: f58f8e950532dcfe9cce0c082a6550bb3b71f662624f5e87828fb25057d706ed
                                                    • Instruction Fuzzy Hash: 98C00260901205CBE750AFF6A886B156A94A751389F8044BFB104BA2E2DA7C82056BEE
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00455674, Relevance: 5.0, APIs: 4, Instructions: 45sleepCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.281395034.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.281382099.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281478759.000000000049A000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281484340.000000000049B000.00000008.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281489759.000000000049C000.00000004.00020000.sdmp Download File
                                                    • Associated: 00000001.00000002.281497428.00000000004AC000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_ccproxysetup-free.jbxd
                                                    Similarity
                                                    • API ID: ErrorLastSleep
                                                    • String ID:
                                                    • API String ID: 1458359878-0
                                                    • Opcode ID: e961e6e228940e55bd67ca7864a7284e72df75448fb2e05e98589adfe79b6d05
                                                    • Instruction ID: f31041694d7e6b08a2ea33ec2b58b28b25921f40701f973673b956735a8b67d8
                                                    • Opcode Fuzzy Hash: e961e6e228940e55bd67ca7864a7284e72df75448fb2e05e98589adfe79b6d05
                                                    • Instruction Fuzzy Hash: 42F02B32705F58A78B21B56A889157FB2A8DB81366750012BFC0CD7313C878CC058BBC
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Analysis Process: CCProxy.exe PID: 6396 Parent PID: 2872 CCProxy.exeCOMMON

                                                    Execution Graph

                                                    Execution Coverage:7.9%
                                                    Dynamic/Decrypted Code Coverage:0%
                                                    Signature Coverage:10.4%
                                                    Total number of Nodes:2000
                                                    Total number of Limit Nodes:35

                                                    Graph

                                                    execution_graph 66815 434800 66816 43481b __ftelli64_nolock 66815->66816 66865 4de4c0 66816->66865 66818 434840 66819 434844 66818->66819 66987 4862a0 66818->66987 67816 527c5d 66819->67816 66824 434ba5 67824 4ca980 66865->67824 66870 4de50c InitCommonControlsEx 68096 4f8973 66870->68096 66980 4de4f4 66980->66818 66988 4862bb _memset __ftelli64_nolock 66987->66988 66989 486310 GetModuleFileNameW PathRemoveFileSpecW 66988->66989 66990 415da0 Concurrency::cancellation_token::_FromImpl 106 API calls 66989->66990 66991 486346 66990->66991 66992 424520 _DebugHeapAllocator 72 API calls 66991->66992 66993 48635d _memset 66992->66993 69860 527d48 66993->69860 66997 4863cb GetPrivateProfileStringW 66998 528180 66997->66998 66999 48640e GetPrivateProfileIntW GetPrivateProfileStringW GetPrivateProfileStringW 66998->66999 69875 528474 66999->69875 67001 4864ae GetPrivateProfileStringW 69877 42da50 67001->69877 67003 4864e5 _wcscpy 67004 486500 GetPrivateProfileStringW 67003->67004 67005 528180 67004->67005 67006 486537 GetPrivateProfileStringW 67005->67006 67007 528180 67006->67007 67008 48657a GetPrivateProfileStringW 67007->67008 67009 528180 67008->67009 67010 4865bd GetPrivateProfileStringW 67009->67010 67011 528180 67010->67011 67012 486600 GetPrivateProfileStringW 67011->67012 67013 528180 67012->67013 67014 486643 GetPrivateProfileStringW 67013->67014 67015 528180 67014->67015 67016 486686 GetPrivateProfileStringW 67015->67016 67017 528180 67016->67017 67018 4866c9 GetPrivateProfileStringW 67017->67018 67019 528180 67018->67019 67020 48670c GetPrivateProfileStringW 67019->67020 67021 528180 67020->67021 67022 48674f GetPrivateProfileStringW 67021->67022 67023 528180 67022->67023 67024 486792 GetPrivateProfileStringW 67023->67024 67025 528180 67024->67025 67026 4867d5 GetPrivateProfileStringW 67025->67026 67027 528180 67026->67027 67028 486818 GetPrivateProfileStringW GetPrivateProfileStringW 67027->67028 67029 528180 67028->67029 67030 486890 GetPrivateProfileStringW 67029->67030 67031 4868dd 67030->67031 67032 486924 GetPrivateProfileStringW 67031->67032 67033 4868e4 GetPrivateProfileStringW 67031->67033 67035 528180 67032->67035 67034 486918 67033->67034 67034->67032 67036 486958 GetPrivateProfileStringW 67035->67036 67037 528180 67036->67037 67038 486998 GetPrivateProfileStringW 67037->67038 67039 528180 67038->67039 67040 4869d8 GetPrivateProfileStringW 67039->67040 67041 528474 _wcscpy 67040->67041 67042 486a27 GetPrivateProfileStringW 67041->67042 67043 528474 _wcscpy 67042->67043 67044 486a6b GetPrivateProfileStringW 67043->67044 67045 528180 67044->67045 67046 486aa2 GetPrivateProfileStringW 67045->67046 67047 528180 67046->67047 67048 486ae5 GetPrivateProfileStringW 67047->67048 67049 528474 _wcscpy 67048->67049 67050 486b35 GetPrivateProfileStringW 67049->67050 67051 42da50 105 API calls 67050->67051 67052 486b6c _wcscpy 67051->67052 67053 486b88 GetPrivateProfileStringW 67052->67053 67054 415e60 _DebugHeapAllocator 72 API calls 67053->67054 67055 486bcb GetPrivateProfileStringW 67054->67055 67056 415e60 _DebugHeapAllocator 72 API calls 67055->67056 67057 486c0b GetPrivateProfileStringW 67056->67057 67058 528180 67057->67058 67059 486c3f GetPrivateProfileStringW 67058->67059 67060 528474 _wcscpy 67059->67060 67061 486c8e GetPrivateProfileStringW 67060->67061 67062 528474 _wcscpy 67061->67062 67063 486cd2 GetPrivateProfileStringW 67062->67063 67064 528180 67063->67064 67065 486d09 GetPrivateProfileStringW 67064->67065 67066 528180 67065->67066 67067 486d4c GetPrivateProfileStringW 67066->67067 67068 528474 _wcscpy 67067->67068 67069 486d9c GetPrivateProfileStringW 67068->67069 67070 42da50 105 API calls 67069->67070 67071 486dd3 _wcscpy 67070->67071 67072 486def GetPrivateProfileStringW 67071->67072 67073 415e60 _DebugHeapAllocator 72 API calls 67072->67073 67074 486e32 GetPrivateProfileStringW 67073->67074 67075 415e60 _DebugHeapAllocator 72 API calls 67074->67075 67076 486e72 GetPrivateProfileStringW 67075->67076 67077 528180 67076->67077 67078 486ea6 GetPrivateProfileStringW 67077->67078 67079 528474 _wcscpy 67078->67079 67080 486ef5 GetPrivateProfileStringW 67079->67080 67081 528474 _wcscpy 67080->67081 67082 486f39 GetPrivateProfileStringW 67081->67082 67083 528180 67082->67083 67084 486f70 GetPrivateProfileStringW 67083->67084 67085 528180 67084->67085 67086 486fb3 GetPrivateProfileStringW 67085->67086 67087 528474 _wcscpy 67086->67087 67088 487003 GetPrivateProfileStringW 67087->67088 67089 42da50 105 API calls 67088->67089 67090 48703a _wcscpy 67089->67090 67091 487056 GetPrivateProfileStringW 67090->67091 67092 415e60 _DebugHeapAllocator 72 API calls 67091->67092 67093 487099 GetPrivateProfileStringW 67092->67093 67094 415e60 _DebugHeapAllocator 72 API calls 67093->67094 67095 4870d9 GetPrivateProfileStringW 67094->67095 67096 528180 67095->67096 67097 48710d GetPrivateProfileStringW 67096->67097 67098 528474 _wcscpy 67097->67098 67099 48715c GetPrivateProfileStringW 67098->67099 67100 528474 _wcscpy 67099->67100 67101 4871a0 GetPrivateProfileStringW 67100->67101 67102 528180 67101->67102 67103 4871d7 GetPrivateProfileStringW 67102->67103 67104 528180 67103->67104 67105 48721a GetPrivateProfileStringW 67104->67105 67106 528474 _wcscpy 67105->67106 67107 48726a GetPrivateProfileStringW 67106->67107 67108 42da50 105 API calls 67107->67108 67109 4872a1 _wcscpy 67108->67109 67110 4872bd GetPrivateProfileStringW 67109->67110 67111 415e60 _DebugHeapAllocator 72 API calls 67110->67111 67112 487300 GetPrivateProfileStringW 67111->67112 67113 415e60 _DebugHeapAllocator 72 API calls 67112->67113 67114 487340 GetPrivateProfileStringW 67113->67114 67115 528180 67114->67115 67116 487374 GetPrivateProfileStringW 67115->67116 67117 528474 _wcscpy 67116->67117 67817 527c67 IsDebuggerPresent 67816->67817 67818 527c65 67816->67818 70789 53bcdc 67817->70789 67818->66824 67821 536a39 SetUnhandledExceptionFilter UnhandledExceptionFilter 67822 536a5e GetCurrentProcess TerminateProcess 67821->67822 67823 536a56 __invoke_watson 67821->67823 67822->66824 67823->67822 68268 43acc0 67824->68268 67827 43acc0 106 API calls 67829 4ca9b9 67827->67829 67828 4caa20 68282 4959c0 72 API calls 3 library calls 67828->68282 67831 52f41c __wcsnicmp 81 API calls 67829->67831 67834 4ca9c2 67831->67834 67832 4caa31 68283 495a40 67832->68283 67833 4ca9ed 67833->67828 68271 52b0bc 67833->68271 67834->67833 67837 4ca9c9 67834->67837 67838 43acc0 106 API calls 67837->67838 67840 4ca9ce 67838->67840 67839 4caa39 67839->66980 67845 4cde50 67839->67845 68274 4cab90 179 API calls 8 library calls 67840->68274 67842 4ca9d7 68275 4d0fa0 67842->68275 67846 4cde6b __ftelli64_nolock 67845->67846 68678 415da0 67846->68678 67849 4cdee9 67851 5280be __wcsicoll 81 API calls 67849->67851 67850 4cdeb5 67852 4cdebb LocalFree 67850->67852 67874 4cdec5 codecvt 67850->67874 67853 4cdefa 67851->67853 67852->67874 67854 4cdf01 LocalFree 67853->67854 67882 4cdf2f codecvt _wcslen 67853->67882 67854->67874 67855 527c5d __putwch_nolock 5 API calls 67857 4d05a8 67855->67857 67856 4ce100 LocalFree 67858 4ce112 Concurrency::details::ContextBase::GetWorkQueueIdentity 67856->67858 67857->66870 67857->66980 68703 415e80 67858->68703 67860 52f41c __wcsnicmp 81 API calls 67860->67882 67862 415e40 _DebugHeapAllocator 72 API calls 67864 4ce14c codecvt 67862->67864 67863 4ce045 68698 4cb680 106 API calls Concurrency::cancellation_token::_FromImpl 67863->68698 67868 4ce15b InternetGetConnectedState 67864->67868 67866 4ce061 68699 4115f0 72 API calls _DebugHeapAllocator 67866->68699 67871 4ce16b 67868->67871 67872 4ce1b1 task 67868->67872 67870 4ce089 codecvt 68700 424520 67870->68700 67871->67874 68712 49ad90 211 API calls 2 library calls 67871->68712 68713 49d8b0 154 API calls 13 library calls 67872->68713 67874->67855 67879 4ce1ce 67884 4ce1e7 67879->67884 67888 4ce23c task 67879->67888 67881 5280be __wcsicoll 81 API calls 67883 4ce0bf 67881->67883 67882->67856 67882->67860 67882->67863 68686 4cb9e0 112 API calls 5 library calls 67882->68686 68687 43b310 67882->68687 68695 415e40 67882->68695 67885 5280be __wcsicoll 81 API calls 67883->67885 68029 4ce206 codecvt 67884->68029 68714 49ad90 211 API calls 2 library calls 67884->68714 67887 4ce0ea 67885->67887 67887->67856 68715 4a7390 __VEC_memcpy 67888->68715 67890 4ce26b 68716 4aa660 67890->68716 67892 4ce284 SafeRWList 67893 4ce306 67892->67893 67894 4ce2a2 67892->67894 67895 415d60 task 72 API calls 67893->67895 67894->68029 68721 49ad90 211 API calls 2 library calls 67894->68721 67896 4ce30e 67895->67896 68722 416520 72 API calls 2 library calls 67896->68722 67899 4ce3a1 task 67900 5280be __wcsicoll 81 API calls 67899->67900 67901 4ce3b4 67900->67901 67902 4ce42b 67901->67902 67903 4ce3bb 67901->67903 68727 416520 72 API calls 2 library calls 67902->68727 67903->68029 68726 49ad90 211 API calls 2 library calls 67903->68726 67905 4ce31a SafeRWList 67905->67899 68723 415e60 67905->68723 67908 4ce4ba task 67909 5280be __wcsicoll 81 API calls 67908->67909 67910 4ce4cd 67909->67910 67911 415d60 task 72 API calls 67910->67911 67916 4ce4e2 SafeRWList 67911->67916 67912 4ce433 SafeRWList 67912->67908 67913 415e60 _DebugHeapAllocator 72 API calls 67912->67913 67913->67908 67914 4ce56d 67915 415d60 task 72 API calls 67914->67915 67925 4ce575 SafeRWList 67915->67925 67916->67914 67917 415e60 _DebugHeapAllocator 72 API calls 67916->67917 67917->67914 67918 4ce600 task 68728 528196 80 API calls __wcstoi64 67918->68728 67920 4ce60e 67921 4ce62f CreateMutexW 67920->67921 67922 4cf809 task 67920->67922 67923 4ce65b 67921->67923 67924 4ce6e3 GetLastError 67921->67924 67928 4cf81d FindWindowW 67922->67928 68005 4cfca0 _memset codecvt 67922->68005 67923->68029 68729 49ad90 211 API calls 2 library calls 67923->68729 67926 4ce6f4 CloseHandle 67924->67926 67927 4ce793 67924->67927 67925->67918 67932 415e60 _DebugHeapAllocator 72 API calls 67925->67932 67930 4ce714 67926->67930 67926->68029 68731 499b00 67927->68731 67934 4cfade 67928->67934 67935 4cf837 67928->67935 68730 49ad90 211 API calls 2 library calls 67930->68730 67932->67918 67933 42d9b0 107 API calls 67938 4cfd7a 67933->67938 67940 499b00 204 API calls 67934->67940 67935->67934 67939 4cf844 67935->67939 67937 4ce7a4 67941 411930 72 API calls 67937->67941 68786 496050 105 API calls __vswprintf 67938->68786 67943 499b00 204 API calls 67939->67943 67944 4cfaef 67940->67944 67945 4ce7d9 67941->67945 67949 4cf855 task 67943->67949 67946 411930 72 API calls 67944->67946 67947 43b310 72 API calls 67945->67947 67950 4cfb24 67946->67950 67957 4ce805 codecvt 67947->67957 67948 4cfdad codecvt 67952 4cfdbf PathFileExistsW 67948->67952 67953 4cf869 SetDlgItemTextW 67949->67953 67951 43b310 72 API calls 67950->67951 67959 4cfb50 codecvt 67951->67959 67954 4cfddc 67952->67954 67955 4cfdd0 67952->67955 67953->68029 68788 416520 72 API calls 2 library calls 67954->68788 68787 4584a0 155 API calls 5 library calls 67955->68787 68736 416520 72 API calls 2 library calls 67957->68736 68783 416520 72 API calls 2 library calls 67959->68783 67962 4cfe6e 67963 415d80 _DebugHeapAllocator 72 API calls 67962->67963 67964 4cfe7d 67963->67964 68789 4118f0 72 API calls Concurrency::details::ContextBase::GetWorkQueueIdentity 67964->68789 67966 4ce8b5 task _wcslen 67971 4ce8fe _memset 67966->67971 67972 424520 _DebugHeapAllocator 72 API calls 67966->67972 67967 4cfde7 SafeRWList 67967->67962 67977 415e60 _DebugHeapAllocator 72 API calls 67967->67977 67968 4cfea4 67969 415e40 _DebugHeapAllocator 72 API calls 67968->67969 67974 4cfecc codecvt 67969->67974 67970 4cfc00 task _wcslen 67975 4cfc49 67970->67975 67978 424520 _DebugHeapAllocator 72 API calls 67970->67978 67982 42d9b0 107 API calls 67971->67982 67976 4ce8da 67972->67976 67973 4ce82e SafeRWList 67973->67966 67985 415e60 _DebugHeapAllocator 72 API calls 67973->67985 68790 532181 69 API calls __wfsopen 67974->68790 67980 411930 72 API calls 67975->67980 68737 4115f0 72 API calls _DebugHeapAllocator 67976->68737 67977->67962 67983 4cfc25 67978->67983 67996 4cfc63 task 67980->67996 67981 4cfb79 SafeRWList 67981->67970 67993 415e60 _DebugHeapAllocator 72 API calls 67981->67993 67986 4ce929 67982->67986 68784 4115f0 72 API calls _DebugHeapAllocator 67983->68784 67984 4ce8e9 68738 424600 67984->68738 67985->67966 68747 496050 105 API calls __vswprintf 67986->68747 67988 4cfef1 task 68791 532181 69 API calls __wfsopen 67988->68791 67992 4cfc34 67995 424600 72 API calls 67992->67995 67993->67970 67994 4ce95c codecvt 67998 4ce96e PathFileExistsW 67994->67998 67995->67975 68785 49ad90 211 API calls 2 library calls 67996->68785 68001 4ce98b 67998->68001 68002 4ce97f 67998->68002 67999 4cff11 68792 416520 72 API calls 2 library calls 67999->68792 68749 416520 72 API calls 2 library calls 68001->68749 68748 4584a0 155 API calls 5 library calls 68002->68748 68005->67933 68005->68029 68007 4cea1d 68750 415d80 68007->68750 68008 4cffaa task 68011 4cffb4 FindWindowW 68008->68011 68012 4cffcf GlobalAlloc 68011->68012 68013 4d03f8 68011->68013 68015 4d0088 GlobalLock 68012->68015 68012->68029 68794 416520 72 API calls 2 library calls 68013->68794 68017 411930 72 API calls 68015->68017 68021 4d0151 task 68017->68021 68018 4ce996 SafeRWList 68018->68007 68025 415e60 _DebugHeapAllocator 72 API calls 68018->68025 68019 4cff23 SafeRWList 68019->68008 68026 415e60 _DebugHeapAllocator 72 API calls 68019->68026 68793 4cb650 106 API calls Concurrency::cancellation_token::_FromImpl 68021->68793 68025->68007 68026->68008 68029->67874 68030 4d0487 task 68795 49d030 164 API calls 11 library calls 68030->68795 68036 4d04a6 68039 4d04c5 68036->68039 68043 4d04bb DestroyWindow 68036->68043 68044 4d04cd 68039->68044 68045 4d0503 68039->68045 68043->68039 68048 4d04e9 68044->68048 68796 532181 69 API calls __wfsopen 68044->68796 68045->68029 68797 49ad90 211 API calls 2 library calls 68045->68797 68046 4d0400 SafeRWList 68046->68030 68061 415e60 _DebugHeapAllocator 72 API calls 68046->68061 68055 496090 114 API calls 68048->68055 68055->68029 68061->68030 68073 4d0182 6 library calls 68075 4d02f5 GlobalUnlock 68073->68075 68076 43aa10 106 API calls 68075->68076 68077 4d0341 CreateDialogIndirectParamW GlobalFree 68076->68077 68077->68029 68078 4d03d3 ShowWindow SetForegroundWindow GetDlgItem 68077->68078 68078->68013 68097 4f897d 68096->68097 68098 4de52f 68097->68098 69709 4f882c 106 API calls std::bad_exception::~bad_exception 68097->69709 68101 502997 68098->68101 68100 4f8994 InterlockedExchange 68100->68098 68102 5029a6 __EH_prolog3_GS 68101->68102 68103 503a45 std::bad_exception::~bad_exception 106 API calls 68102->68103 68104 5029b8 68103->68104 68105 5029cc 68104->68105 68106 4eb9e9 ~ctype RaiseException 68104->68106 68107 5029fd 68105->68107 68108 5029db WSAStartup 68105->68108 68106->68105 69713 4fab63 68107->69713 68110 5029f2 68108->68110 68111 5029eb 68108->68111 68110->68107 68113 502a30 WSACleanup WSASetLastError 68110->68113 69710 5323dc 68111->69710 68113->68111 68114 502a17 ~ctype 68117 4debc2 _Allocate 69 API calls 68114->68117 68120 502a58 ~ctype 68114->68120 68116 4debc2 _Allocate 69 API calls 68116->68114 68117->68120 68119 4debc2 _Allocate 69 API calls 68119->68111 68120->68111 68120->68119 68294 4faaee 68268->68294 68455 52b080 68271->68455 68273 52b0c9 68273->67828 68274->67842 68578 5282c0 68275->68578 68280 527c5d __putwch_nolock 5 API calls 68281 4ca9e6 68280->68281 68281->67839 68282->67832 68620 530ab3 68283->68620 68287 495a5a 68626 53050b 71 API calls 9 library calls 68287->68626 68289 495a69 68627 53050b 71 API calls 9 library calls 68289->68627 68291 495a78 68628 53050b 71 API calls 9 library calls 68291->68628 68293 495a87 68293->67839 68299 503fcc 68294->68299 68296 4faafd 68297 43acc8 68296->68297 68310 503a45 68296->68310 68297->67827 68297->67833 68301 503fd8 __EH_prolog3 68299->68301 68302 504026 68301->68302 68318 503ce2 TlsAlloc 68301->68318 68322 503b93 EnterCriticalSection 68301->68322 68344 4eb9e9 68301->68344 68337 503994 EnterCriticalSection 68302->68337 68307 504039 68347 503d89 80 API calls 5 library calls 68307->68347 68308 50404c ~_Task_impl 68308->68296 68311 503a51 __EH_prolog3_catch 68310->68311 68312 503a7a ~_Task_impl 68311->68312 68356 50419c 68311->68356 68312->68296 68314 503a60 68315 503a6d 68314->68315 68366 4faa57 68314->68366 68369 50420e LeaveCriticalSection RaiseException ~ctype 68315->68369 68319 503d13 InitializeCriticalSection 68318->68319 68320 503d0e 68318->68320 68319->68301 68348 4eb9b1 RaiseException __CxxThrowException@8 68320->68348 68328 503bb6 68322->68328 68323 503c75 _memset 68324 503c8c LeaveCriticalSection 68323->68324 68324->68301 68325 503c04 GlobalHandle GlobalUnlock 68327 4ebeb5 std::bad_exception::~bad_exception 72 API calls 68325->68327 68326 503bef 68349 4ebeb5 68326->68349 68331 503c22 GlobalReAlloc 68327->68331 68328->68323 68328->68325 68328->68326 68332 503c2e 68331->68332 68333 503c55 GlobalLock 68332->68333 68334 503c47 LeaveCriticalSection 68332->68334 68335 503c39 GlobalHandle GlobalLock 68332->68335 68333->68323 68353 4eb9b1 RaiseException __CxxThrowException@8 68334->68353 68335->68334 68338 5039d6 LeaveCriticalSection 68337->68338 68339 5039af 68337->68339 68341 5039df 68338->68341 68339->68338 68340 5039b4 TlsGetValue 68339->68340 68340->68338 68342 5039c0 68340->68342 68341->68307 68341->68308 68342->68338 68343 5039c5 LeaveCriticalSection 68342->68343 68343->68341 68355 528881 RaiseException 68344->68355 68346 4eba04 68346->68301 68347->68308 68350 4ebeca std::bad_exception::~bad_exception 68349->68350 68351 4ebed7 GlobalAlloc 68350->68351 68354 4117c0 72 API calls Concurrency::details::HardwareAffinity::ApplyTo 68350->68354 68351->68332 68354->68351 68355->68346 68357 5041b1 68356->68357 68358 5041ac 68356->68358 68360 5041bf 68357->68360 68370 504133 InitializeCriticalSection 68357->68370 68359 4eb9e9 ~ctype RaiseException 68358->68359 68359->68357 68362 5041d1 EnterCriticalSection 68360->68362 68363 5041fb EnterCriticalSection 68360->68363 68364 5041f0 LeaveCriticalSection 68362->68364 68365 5041dd InitializeCriticalSection 68362->68365 68363->68314 68364->68363 68365->68364 68371 4fa91c 68366->68371 68368 4faa63 68368->68315 68369->68312 68370->68360 68372 4fa928 __EH_prolog3_catch 68371->68372 68391 415d60 68372->68391 68376 4fa988 68399 4debc2 68376->68399 68380 4fa9d1 68381 4fa9e3 68380->68381 68404 4fa5bf 106 API calls 4 library calls 68380->68404 68405 503961 LocalAlloc RaiseException Concurrency::details::HardwareAffinity::ApplyTo 68381->68405 68384 4fa9f6 68385 4faa08 68384->68385 68406 4fa808 106 API calls 4 library calls 68384->68406 68407 503961 LocalAlloc RaiseException Concurrency::details::HardwareAffinity::ApplyTo 68385->68407 68388 4faa1c 68390 4faa2e ~_Task_impl 68388->68390 68408 4fa8b0 106 API calls 4 library calls 68388->68408 68390->68368 68392 415d6c Concurrency::cancellation_token::_FromImpl 68391->68392 68409 4163a0 68392->68409 68394 415d75 68395 4165d0 68394->68395 68396 4165e1 _DebugHeapAllocator 68395->68396 68397 416612 68396->68397 68414 416a30 68396->68414 68397->68376 68402 4debca 68399->68402 68401 4debec 68403 503961 LocalAlloc RaiseException Concurrency::details::HardwareAffinity::ApplyTo 68401->68403 68402->68401 68428 52b981 68402->68428 68403->68380 68404->68381 68405->68384 68406->68385 68407->68388 68408->68390 68410 4163a9 68409->68410 68412 4163c9 _DebugHeapAllocator 68410->68412 68413 4117c0 72 API calls Concurrency::details::HardwareAffinity::ApplyTo 68410->68413 68412->68394 68413->68410 68415 416a41 _DebugHeapAllocator Concurrency::details::ContextBase::GetWorkQueueIdentity 68414->68415 68416 416a67 68415->68416 68419 416a75 68415->68419 68421 416e80 68416->68421 68417 416a73 68417->68397 68419->68417 68427 416f40 72 API calls _DebugHeapAllocator 68419->68427 68422 416e91 _DebugHeapAllocator 68421->68422 68423 416e70 _DebugHeapAllocator 72 API calls 68422->68423 68424 416ed1 _DebugHeapAllocator 68422->68424 68423->68424 68425 416df0 _wmemcpy_s 69 API calls 68424->68425 68426 416f0f _DebugHeapAllocator 68425->68426 68426->68417 68427->68417 68429 52ba34 68428->68429 68439 52b993 68428->68439 68454 530a8b 7 API calls __decode_pointer 68429->68454 68431 52ba3a 68433 532497 __wfsopen 68 API calls 68431->68433 68445 52ba2c 68433->68445 68436 52b9f0 RtlAllocateHeap 68436->68439 68437 52b9a4 68437->68439 68446 534680 69 API calls 2 library calls 68437->68446 68447 5344af 69 API calls 7 library calls 68437->68447 68448 533a54 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 68437->68448 68439->68436 68439->68437 68440 52ba20 68439->68440 68443 52ba25 68439->68443 68439->68445 68449 52b8b8 69 API calls 4 library calls 68439->68449 68450 530a8b 7 API calls __decode_pointer 68439->68450 68451 532497 68440->68451 68444 532497 __wfsopen 68 API calls 68443->68444 68444->68445 68445->68402 68446->68437 68447->68437 68449->68439 68450->68439 68452 535191 __getptd_noexit 69 API calls 68451->68452 68453 53249c 68452->68453 68453->68443 68454->68431 68456 52b08c __wfsopen 68455->68456 68463 533a6c 68456->68463 68462 52b0ad __wfsopen 68462->68273 68487 544676 68463->68487 68465 52b091 68466 52af95 68465->68466 68549 534f81 TlsGetValue 68466->68549 68469 534f81 __decode_pointer 7 API calls 68470 52afb9 68469->68470 68481 52b03c 68470->68481 68561 5340de 70 API calls 4 library calls 68470->68561 68472 52afd7 68475 52aff2 68472->68475 68476 52b001 68472->68476 68485 52b023 68472->68485 68473 534f06 __encode_pointer 7 API calls 68474 52b031 68473->68474 68477 534f06 __encode_pointer 7 API calls 68474->68477 68562 54438e 75 API calls _realloc 68475->68562 68479 52affb 68476->68479 68476->68481 68477->68481 68479->68476 68482 52b017 68479->68482 68563 54438e 75 API calls _realloc 68479->68563 68486 52b0b6 LeaveCriticalSection 68481->68486 68564 534f06 TlsGetValue 68482->68564 68483 52b011 68483->68481 68483->68482 68485->68473 68486->68462 68488 54469e EnterCriticalSection 68487->68488 68489 54468b 68487->68489 68488->68465 68494 5445b3 68489->68494 68491 544691 68491->68488 68522 533a00 69 API calls 3 library calls 68491->68522 68493 54469d 68493->68488 68495 5445bf __wfsopen 68494->68495 68496 5445e7 68495->68496 68497 5445cf 68495->68497 68505 5445f5 __wfsopen 68496->68505 68526 5442fd 68496->68526 68523 534680 69 API calls 2 library calls 68497->68523 68500 5445d4 68524 5344af 69 API calls 7 library calls 68500->68524 68503 544616 68508 544676 __lock 69 API calls 68503->68508 68504 544607 68507 532497 __wfsopen 69 API calls 68504->68507 68505->68491 68506 5445db 68525 533a54 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 68506->68525 68507->68505 68510 54461d 68508->68510 68512 544625 68510->68512 68513 544651 68510->68513 68532 54c33a InitializeCriticalSectionAndSpinCount __wfsopen 68512->68532 68514 52b370 __freea 69 API calls 68513->68514 68521 544642 68514->68521 68516 544630 68516->68521 68533 52b370 68516->68533 68519 54463c 68520 532497 __wfsopen 69 API calls 68519->68520 68520->68521 68546 54466d LeaveCriticalSection __initptd 68521->68546 68522->68493 68523->68500 68524->68506 68528 544306 68526->68528 68527 52b981 _malloc 68 API calls 68527->68528 68528->68527 68529 54433c 68528->68529 68530 54431d Sleep 68528->68530 68529->68503 68529->68504 68531 544332 68530->68531 68531->68528 68531->68529 68532->68516 68535 52b37c __wfsopen 68533->68535 68534 52b3f5 __wfsopen __dosmaperr 68534->68519 68535->68534 68537 544676 __lock 67 API calls 68535->68537 68545 52b3bb 68535->68545 68536 52b3d0 RtlFreeHeap 68536->68534 68538 52b3e2 68536->68538 68541 52b393 ___sbh_find_block 68537->68541 68539 532497 __wfsopen 67 API calls 68538->68539 68540 52b3e7 GetLastError 68539->68540 68540->68534 68542 52b3ad 68541->68542 68547 5447d4 __VEC_memcpy VirtualFree VirtualFree HeapFree __fptostr 68541->68547 68548 52b3c6 LeaveCriticalSection __initptd 68542->68548 68545->68534 68545->68536 68546->68505 68547->68542 68548->68545 68550 534fba GetModuleHandleW 68549->68550 68551 534f99 68549->68551 68552 534fd5 GetProcAddress 68550->68552 68553 534fca 68550->68553 68551->68550 68554 534fa3 TlsGetValue 68551->68554 68556 534fb2 68552->68556 68576 5339d0 Sleep GetModuleHandleW 68553->68576 68560 534fae 68554->68560 68558 534fe5 RtlDecodePointer 68556->68558 68559 52afa9 68556->68559 68557 534fd0 68557->68552 68557->68559 68558->68559 68559->68469 68560->68550 68560->68556 68561->68472 68562->68479 68563->68483 68565 534f3f GetModuleHandleW 68564->68565 68566 534f1e 68564->68566 68567 534f5a GetProcAddress 68565->68567 68568 534f4f 68565->68568 68566->68565 68569 534f28 TlsGetValue 68566->68569 68575 534f37 68567->68575 68577 5339d0 Sleep GetModuleHandleW 68568->68577 68571 534f33 68569->68571 68571->68565 68571->68575 68572 534f55 68572->68567 68573 534f72 68572->68573 68573->68485 68574 534f6a RtlEncodePointer 68574->68573 68575->68573 68575->68574 68576->68557 68577->68572 68579 4d0fad GetLastError 68578->68579 68580 4d5a10 68579->68580 68583 52987e 68580->68583 68586 529772 68583->68586 68587 52979f 68586->68587 68588 52977f 68586->68588 68590 5297ad 68587->68590 68593 5297d4 68587->68593 68589 532497 __wfsopen 69 API calls 68588->68589 68591 529784 68589->68591 68594 532497 __wfsopen 69 API calls 68590->68594 68595 4d0fdf 68590->68595 68616 5287bd 7 API calls 2 library calls 68591->68616 68596 532497 __wfsopen 69 API calls 68593->68596 68614 5297c9 68594->68614 68595->68280 68597 5297d9 68596->68597 68599 5297e7 68597->68599 68600 529814 68597->68600 68617 52957f 103 API calls 2 library calls 68599->68617 68618 52957f 103 API calls 2 library calls 68600->68618 68603 5297f9 68605 529801 68603->68605 68607 52984a 68603->68607 68604 529822 68604->68607 68608 529837 68604->68608 68606 532497 __wfsopen 69 API calls 68605->68606 68609 529806 68606->68609 68607->68595 68613 532497 __wfsopen 69 API calls 68607->68613 68610 532497 __wfsopen 69 API calls 68608->68610 68609->68595 68612 532497 __wfsopen 69 API calls 68609->68612 68611 52983c 68610->68611 68611->68595 68615 532497 __wfsopen 69 API calls 68611->68615 68612->68595 68613->68614 68619 5287bd 7 API calls 2 library calls 68614->68619 68615->68595 68617->68603 68618->68604 68629 53520a 68620->68629 68623 53520a __getptd 69 API calls 68624 495a4d 68623->68624 68625 530ada 69 API calls __getptd 68624->68625 68625->68287 68626->68289 68627->68291 68628->68293 68634 535191 GetLastError 68629->68634 68631 535212 68632 530abe 68631->68632 68648 533a00 69 API calls 3 library calls 68631->68648 68632->68623 68649 53501c TlsGetValue 68634->68649 68637 5351fe SetLastError 68637->68631 68640 534f81 __decode_pointer 7 API calls 68641 5351d6 68640->68641 68642 5351f5 68641->68642 68643 5351dd 68641->68643 68645 52b370 __freea 66 API calls 68642->68645 68660 5350aa 69 API calls 5 library calls 68643->68660 68647 5351fb 68645->68647 68646 5351e5 GetCurrentThreadId 68646->68637 68647->68637 68648->68632 68650 535031 68649->68650 68651 53504c 68649->68651 68652 534f81 __decode_pointer 7 API calls 68650->68652 68651->68637 68654 544342 68651->68654 68653 53503c TlsSetValue 68652->68653 68653->68651 68656 54434b 68654->68656 68657 5351bc 68656->68657 68658 544369 Sleep 68656->68658 68661 549336 68656->68661 68657->68637 68657->68640 68659 54437e 68658->68659 68659->68656 68659->68657 68660->68646 68662 549342 __wfsopen 68661->68662 68663 54935a 68662->68663 68671 549379 _memset 68662->68671 68664 532497 __wfsopen 68 API calls 68663->68664 68665 54935f 68664->68665 68674 5287bd 7 API calls 2 library calls 68665->68674 68667 5493eb RtlAllocateHeap 68667->68671 68668 54936f __wfsopen 68668->68656 68670 544676 __lock 68 API calls 68670->68671 68671->68667 68671->68668 68671->68670 68675 5453e3 5 API calls 2 library calls 68671->68675 68676 549432 LeaveCriticalSection __initptd 68671->68676 68677 530a8b 7 API calls __decode_pointer 68671->68677 68675->68671 68676->68671 68677->68671 68679 415dcb Concurrency::cancellation_token::_FromImpl 68678->68679 68680 4163a0 _DebugHeapAllocator 72 API calls 68679->68680 68681 415dd4 68680->68681 68798 4160b0 68681->68798 68684 415dfa GetCommandLineW CommandLineToArgvW 68684->67849 68684->67850 68685 415e60 _DebugHeapAllocator 72 API calls 68685->68684 68686->67882 68688 43b344 68687->68688 68814 4121f0 68688->68814 68690 43b34d Concurrency::details::ContextBase::GetWorkQueueIdentity task 68817 412560 68690->68817 68693 415d80 _DebugHeapAllocator 72 API calls 68694 43b390 codecvt 68693->68694 68694->67882 68850 416450 68695->68850 68697 415e53 68697->67882 68698->67866 68699->67870 68882 425630 68700->68882 68704 415e97 68703->68704 68903 4171f0 68704->68903 68706 415eb8 Concurrency::details::ContextBase::GetWorkQueueIdentity 68707 415f1d Concurrency::details::ContextBase::GetWorkQueueIdentity 68706->68707 68708 415f03 68706->68708 68907 416040 72 API calls 68707->68907 68709 415d80 _DebugHeapAllocator 72 API calls 68708->68709 68711 415f0f 68709->68711 68711->67862 68712->67874 68713->67879 68714->68029 68715->67890 68909 4a9da0 68716->68909 68718 4aa698 68918 4aa6e0 68718->68918 68720 4aa6af 68720->67892 68721->68029 68722->67905 68939 416500 68723->68939 68726->68029 68727->67912 68728->67920 68729->68029 68730->68029 68946 499420 68731->68946 68733 499b35 task 69015 499b90 68733->69015 68735 499b5e codecvt 68735->67937 68736->67973 68737->67984 68740 424612 Concurrency::details::ContextBase::GetWorkQueueIdentity 68738->68740 68739 42461e 68739->67971 68740->68739 68741 415f70 Concurrency::details::ContextBase::GetWorkQueueIdentity 72 API calls 68740->68741 68745 4246ee 68741->68745 68742 4247ca 68743 416590 Concurrency::details::ContextBase::GetWorkQueueIdentity 72 API calls 68742->68743 68743->68739 68745->68742 69703 412460 70 API calls 2 library calls 68745->69703 69704 4247e0 70 API calls 2 library calls 68745->69704 68747->67994 68748->68001 68749->68018 69705 4163f0 68750->69705 68783->67981 68784->67992 68785->68005 68786->67948 68787->67954 68788->67967 68789->67968 68790->67988 68791->67999 68792->68019 68793->68073 68794->68046 68795->68036 68796->68048 68797->68029 68799 4160c3 68798->68799 68801 415de7 68798->68801 68799->68801 68802 416100 68799->68802 68801->68684 68801->68685 68807 416670 68802->68807 68805 41611e 68805->68801 68811 4ebccb 68807->68811 68810 416140 76 API calls 2 library calls 68810->68805 68812 4faaee std::bad_exception::~bad_exception 106 API calls 68811->68812 68813 416112 68812->68813 68813->68805 68813->68810 68815 4163a0 _DebugHeapAllocator 72 API calls 68814->68815 68816 412203 68815->68816 68816->68690 68826 415f70 68817->68826 68822 416df0 _wmemcpy_s 69 API calls 68823 4125b1 68822->68823 68832 416590 68823->68832 68827 4165d0 Concurrency::details::ContextBase::GetWorkQueueIdentity 72 API calls 68826->68827 68828 41257b 68827->68828 68829 416df0 68828->68829 68835 52937b 68829->68835 68831 412593 68831->68822 68845 416620 68832->68845 68834 4125c0 68834->68693 68838 52938f _memset 68835->68838 68841 52938b _signal 68835->68841 68836 529394 68837 532497 __wfsopen 69 API calls 68836->68837 68843 529399 68837->68843 68838->68836 68840 5293de 68838->68840 68838->68841 68840->68841 68842 532497 __wfsopen 69 API calls 68840->68842 68841->68831 68842->68843 68844 5287bd 7 API calls 2 library calls 68843->68844 68846 41662d _DebugHeapAllocator 68845->68846 68848 416647 _DebugHeapAllocator 68846->68848 68849 4117c0 72 API calls Concurrency::details::HardwareAffinity::ApplyTo 68846->68849 68848->68834 68849->68848 68851 416461 _DebugHeapAllocator 68850->68851 68852 4164ae 68851->68852 68854 416492 Concurrency::details::ContextBase::GetWorkQueueIdentity 68851->68854 68856 4164ac _DebugHeapAllocator 68851->68856 68872 416af0 68852->68872 68857 416930 68854->68857 68856->68697 68858 41694c 68857->68858 68859 41693f 68857->68859 68863 41695c Concurrency::details::ContextBase::GetWorkQueueIdentity 68858->68863 68879 4117c0 72 API calls Concurrency::details::HardwareAffinity::ApplyTo 68858->68879 68878 416520 72 API calls 2 library calls 68859->68878 68861 416947 68861->68856 68864 415f70 Concurrency::details::ContextBase::GetWorkQueueIdentity 72 API calls 68863->68864 68865 416985 68864->68865 68866 416990 _DebugHeapAllocator 68865->68866 68867 4169b5 _DebugHeapAllocator 68865->68867 68880 416e20 69 API calls _memmove_s 68866->68880 68868 416df0 _wmemcpy_s 69 API calls 68867->68868 68870 4169b0 68868->68870 68871 416590 Concurrency::details::ContextBase::GetWorkQueueIdentity 72 API calls 68870->68871 68871->68861 68873 416b10 _DebugHeapAllocator 68872->68873 68874 416b2c _DebugHeapAllocator 68873->68874 68876 416b5f _DebugHeapAllocator 68873->68876 68881 416e70 72 API calls Concurrency::details::HardwareAffinity::ApplyTo 68873->68881 68874->68856 68877 416df0 _wmemcpy_s 69 API calls 68876->68877 68877->68874 68878->68861 68879->68863 68880->68870 68881->68876 68885 4264d0 68882->68885 68886 4264e0 _DebugHeapAllocator 68885->68886 68889 413ec0 68886->68889 68890 413ed1 Concurrency::details::ContextBase::GetWorkQueueIdentity 68889->68890 68892 413f13 _DebugHeapAllocator 68890->68892 68901 4117c0 72 API calls Concurrency::details::HardwareAffinity::ApplyTo 68890->68901 68894 413f65 68892->68894 68902 4117c0 72 API calls Concurrency::details::HardwareAffinity::ApplyTo 68892->68902 68895 415f70 Concurrency::details::ContextBase::GetWorkQueueIdentity 72 API calls 68894->68895 68896 413f7a 68895->68896 68897 416df0 _wmemcpy_s 69 API calls 68896->68897 68898 413fac 68897->68898 68899 416590 Concurrency::details::ContextBase::GetWorkQueueIdentity 72 API calls 68898->68899 68900 413fbb 68899->68900 68900->67881 68901->68890 68902->68892 68904 417207 68903->68904 68905 41721c 68904->68905 68908 4117c0 72 API calls Concurrency::details::HardwareAffinity::ApplyTo 68904->68908 68905->68706 68907->68711 68908->68905 68910 4a9ddc DNameNode::DNameNode 68909->68910 68911 4a9dea std::bad_alloc::bad_alloc 68910->68911 68912 4a9e02 _Smanip 68910->68912 68922 528881 RaiseException 68911->68922 68923 4b1520 81 API calls __putwch_nolock 68912->68923 68915 4a9e35 68916 4a9e00 68915->68916 68924 4b10f0 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 68915->68924 68916->68718 68919 4aa6f5 68918->68919 68925 4aa390 68919->68925 68922->68916 68923->68915 68924->68916 68926 4aa3ab __ftelli64_nolock 68925->68926 68933 4a9060 68926->68933 68928 4aa3d3 68932 4aa3e5 SafeRWList 68928->68932 68937 4b0380 82 API calls 68928->68937 68929 527c5d __putwch_nolock 5 API calls 68930 4aa46f 68929->68930 68930->68720 68932->68929 68934 4a906c 68933->68934 68935 4a9070 DNameNode::DNameNode 68933->68935 68934->68928 68935->68934 68938 528881 RaiseException 68935->68938 68937->68932 68938->68934 68942 416900 68939->68942 68943 416910 _DebugHeapAllocator 68942->68943 68944 416930 _DebugHeapAllocator 72 API calls 68943->68944 68945 415e73 68944->68945 68945->67899 68947 499471 _memset 68946->68947 69058 499290 68947->69058 68950 411930 72 API calls 68951 4994b4 task 68950->68951 68952 4994c8 GetPrivateProfileStringW 68951->68952 68953 4994f5 codecvt 68952->68953 68954 49953c 68953->68954 68955 49950f 68953->68955 68956 499290 107 API calls 68954->68956 68957 415da0 Concurrency::cancellation_token::_FromImpl 106 API calls 68955->68957 68958 49954d 68956->68958 69014 49951e codecvt 68957->69014 68959 411930 72 API calls 68958->68959 68960 49957c task 68959->68960 68963 499590 PathFileExistsW 68960->68963 68961 527c5d __putwch_nolock 5 API calls 68962 499a64 68961->68962 68962->68733 68964 4995af codecvt 68963->68964 68965 4995cd 68964->68965 68966 49967c 68964->68966 68967 499290 107 API calls 68965->68967 68969 499290 107 API calls 68966->68969 68968 4995de 68967->68968 68970 411930 72 API calls 68968->68970 68972 4996a3 68969->68972 68971 49960d task 68970->68971 68974 499621 WritePrivateProfileStringW 68971->68974 68973 411930 72 API calls 68972->68973 68975 4996cf task 68973->68975 68977 499642 codecvt 68974->68977 69075 4a7410 68975->69075 68978 415da0 Concurrency::cancellation_token::_FromImpl 106 API calls 68977->68978 68978->69014 68979 499706 codecvt 68980 49974a 68979->68980 68981 4997fe _memset 68979->68981 68982 499290 107 API calls 68980->68982 68983 49981a GetLocaleInfoW 68981->68983 68984 49975b 68982->68984 68985 49985e 68983->68985 68986 499842 GetLocaleInfoW 68983->68986 68986->68985 69014->68961 69016 415d60 task 72 API calls 69015->69016 69017 499bd0 69016->69017 69018 415e60 _DebugHeapAllocator 72 API calls 69017->69018 69019 499be6 69018->69019 69020 499bf8 69019->69020 69021 499c30 69019->69021 69022 415d80 _DebugHeapAllocator 72 API calls 69020->69022 69023 424600 72 API calls 69021->69023 69057 499c07 codecvt 69022->69057 69024 499c45 69023->69024 69025 424600 72 API calls 69024->69025 69026 499c5a 69025->69026 69027 415da0 Concurrency::cancellation_token::_FromImpl 106 API calls 69026->69027 69030 499c66 69027->69030 69028 527c5d __putwch_nolock 5 API calls 69029 499ed4 69028->69029 69029->68735 69031 415e60 _DebugHeapAllocator 72 API calls 69030->69031 69032 499c86 _memset task 69030->69032 69031->69032 69533 498ea0 69032->69533 69035 499290 107 API calls 69036 499ceb 69035->69036 69037 411930 72 API calls 69036->69037 69038 499d17 69037->69038 69039 43b310 72 API calls 69038->69039 69040 499d43 task 69039->69040 69577 49a300 69040->69577 69057->69028 69084 5283a0 69058->69084 69060 4992e1 GetModuleFileNameW 69061 415da0 Concurrency::cancellation_token::_FromImpl 106 API calls 69060->69061 69062 49930a 69061->69062 69063 415d60 task 72 API calls 69062->69063 69064 49932f 69063->69064 69065 415e80 72 API calls 69064->69065 69066 499353 69065->69066 69067 411930 72 API calls 69066->69067 69068 49937c 69067->69068 69069 415e40 _DebugHeapAllocator 72 API calls 69068->69069 69070 4993a7 codecvt 69069->69070 69071 415d80 _DebugHeapAllocator 72 API calls 69070->69071 69072 4993d4 codecvt 69071->69072 69073 527c5d __putwch_nolock 5 API calls 69072->69073 69074 49941c 69073->69074 69074->68950 69076 4a7421 task 69075->69076 69086 4a2fa0 69076->69086 69080 4a744e 69080->68979 69085 5283ac __VEC_memzero 69084->69085 69085->69060 69105 52a44d 69086->69105 69089 4a2e50 69090 4a2e74 69089->69090 69102 4a2e5c 69089->69102 69172 4a2d60 69090->69172 69102->69080 69108 52a387 69105->69108 69107 4a2fb0 69107->69089 69111 52a393 __wfsopen 69108->69111 69109 52a3a6 69110 532497 __wfsopen 69 API calls 69109->69110 69112 52a3ab 69110->69112 69111->69109 69113 52a3dc 69111->69113 69127 5287bd 7 API calls 2 library calls 69112->69127 69128 5413ca 69113->69128 69116 52a3e1 69118 52a3f5 69116->69118 69119 52a3e8 69116->69119 69117 52a3bb __wfsopen @_EH4_CallFilterFunc@8 69117->69107 69121 52a41d 69118->69121 69122 52a3fd 69118->69122 69120 532497 __wfsopen 69 API calls 69119->69120 69120->69117 69146 541116 69121->69146 69123 532497 __wfsopen 69 API calls 69122->69123 69123->69117 69129 5413d6 __wfsopen 69128->69129 69130 544676 __lock 69 API calls 69129->69130 69141 5413e4 69130->69141 69131 541460 69133 5442fd __malloc_crt 69 API calls 69131->69133 69132 541459 69165 5414f9 69132->69165 69135 54146a 69133->69135 69135->69132 69164 54c33a InitializeCriticalSectionAndSpinCount __wfsopen 69135->69164 69136 5414ee __wfsopen 69136->69116 69138 5445b3 __mtinitlocknum 69 API calls 69138->69141 69140 54148f 69142 5414ad EnterCriticalSection 69140->69142 69143 54149a 69140->69143 69141->69131 69141->69132 69141->69138 69162 5405a4 70 API calls __lock 69141->69162 69163 540612 LeaveCriticalSection LeaveCriticalSection __initptd 69141->69163 69142->69132 69144 52b370 __freea 69 API calls 69143->69144 69144->69132 69147 541139 __wopenfile 69146->69147 69148 541153 69147->69148 69155 52f41c __wcsnicmp 81 API calls 69147->69155 69160 541327 69147->69160 69149 532497 __wfsopen 69 API calls 69148->69149 69150 541158 69149->69150 69168 5287bd 7 API calls 2 library calls 69150->69168 69152 541385 69169 55797e 69152->69169 69156 541320 69155->69156 69157 52f41c __wcsnicmp 81 API calls 69156->69157 69156->69160 69158 54133f 69157->69158 69159 52f41c __wcsnicmp 81 API calls 69158->69159 69158->69160 69159->69160 69160->69148 69160->69152 69161 52a443 LeaveCriticalSection LeaveCriticalSection _fseek 69161->69117 69162->69141 69163->69141 69164->69140 69166 544584 __initptd LeaveCriticalSection 69165->69166 69167 541500 69166->69167 69167->69136 69170 557880 __sopen_helper 134 API calls 69169->69170 69171 52a428 69170->69171 69171->69161 69199 53142c 69172->69199 69200 531438 __wfsopen 69199->69200 69215 540563 69200->69215 69534 498ee0 69533->69534 69535 499290 107 API calls 69534->69535 69536 498ef8 69535->69536 69537 411930 72 API calls 69536->69537 69538 498f24 task 69537->69538 69539 498f38 PathFileExistsW 69538->69539 69540 498f57 codecvt 69539->69540 69541 498f71 69540->69541 69542 498fa4 69540->69542 69544 415da0 Concurrency::cancellation_token::_FromImpl 106 API calls 69541->69544 69543 499290 107 API calls 69542->69543 69545 498fb9 69543->69545 69576 498f7e codecvt 69544->69576 69546 411930 72 API calls 69545->69546 69547 498fe5 task 69546->69547 69550 4a7410 142 API calls 69547->69550 69548 527c5d __putwch_nolock 5 API calls 69549 499288 69548->69549 69549->69035 69551 49901c codecvt 69550->69551 69552 49905c 69551->69552 69553 49908f 69551->69553 69554 415da0 Concurrency::cancellation_token::_FromImpl 106 API calls 69552->69554 69555 415d60 task 72 API calls 69553->69555 69554->69576 69556 499097 69555->69556 69557 4171c0 106 API calls 69556->69557 69558 4990ad task 69557->69558 69559 4aa660 82 API calls 69558->69559 69576->69548 69578 49a345 _memset 69577->69578 69703->68745 69704->68745 69706 416401 _DebugHeapAllocator 69705->69706 69707 416af0 _DebugHeapAllocator 72 API calls 69706->69707 69708 41640d _DebugHeapAllocator 69707->69708 69709->68100 69711 527c5d __putwch_nolock 5 API calls 69710->69711 69712 5323e6 69711->69712 69712->69712 69714 4faaee std::bad_exception::~bad_exception 106 API calls 69713->69714 69715 4fab68 69714->69715 69718 4f7578 69715->69718 69719 503fcc std::bad_exception::~bad_exception 96 API calls 69718->69719 69720 4f7582 69719->69720 69720->68114 69720->68116 69861 527d75 69860->69861 69862 527d58 69860->69862 69861->69862 69863 527d7c 69861->69863 69864 532497 __wfsopen 69 API calls 69862->69864 69928 53700f 105 API calls 12 library calls 69863->69928 69865 527d5d 69864->69865 69927 5287bd 7 API calls 2 library calls 69865->69927 69868 527da2 69869 527dac 69868->69869 69929 536ddc 103 API calls 6 library calls 69868->69929 69871 486394 GetPrivateProfileStringW 69869->69871 69930 536ddc 103 API calls 6 library calls 69869->69930 69873 528180 69871->69873 69874 528151 __wcstoi64 69873->69874 69874->66997 69876 52847f 69875->69876 69876->67001 69876->69876 69881 42da5d _memset _wcscat __ftelli64_nolock _wcslen _wcscpy 69877->69881 69878 42dbba _wcscpy 69879 527c5d __putwch_nolock 5 API calls 69878->69879 69880 42dbd7 69879->69880 69880->67003 69881->69878 69882 527d48 __swprintf 105 API calls 69881->69882 69882->69881 69928->69868 69929->69869 69930->69871 70789->67821 70790 43c4e0 70795 43be90 70790->70795 70793 527c5d __putwch_nolock 5 API calls 70794 43c969 70793->70794 70796 4862a0 343 API calls 70795->70796 70797 43be9e 70796->70797 70843 43cdc0 70797->70843 70800 4c9fe0 91 API calls 70801 43bebb 70800->70801 70802 4c9fe0 91 API calls 70801->70802 70803 43bece task 70802->70803 70804 4c9fe0 91 API calls 70803->70804 70806 43bf29 task 70803->70806 70805 43bf0f 70804->70805 70805->70806 70849 4d7ff0 238 API calls 5 library calls 70805->70849 70808 4c9fe0 91 API calls 70806->70808 70809 43bf69 task 70806->70809 70811 43bf50 70808->70811 70810 43bfaa task 70809->70810 70812 4c9fe0 91 API calls 70809->70812 70813 43c021 task 70810->70813 70814 4c9fe0 91 API calls 70810->70814 70811->70809 70850 4d7ff0 238 API calls 5 library calls 70811->70850 70815 43bf90 70812->70815 70816 4c9fe0 91 API calls 70813->70816 70820 43c062 task 70813->70820 70817 43bfd0 70814->70817 70815->70810 70851 4d7ff0 238 API calls 5 library calls 70815->70851 70822 43c048 70816->70822 70823 43bfea task 70817->70823 70852 4d7ff0 238 API calls 5 library calls 70817->70852 70819 43c102 70825 43c135 70819->70825 70826 43c10b 70819->70826 70821 43c0a2 task 70820->70821 70824 4c9fe0 91 API calls 70820->70824 70830 43c0e0 task 70821->70830 70846 4849e0 70821->70846 70822->70820 70854 4d7ff0 238 API calls 5 library calls 70822->70854 70837 4c9fe0 91 API calls 70823->70837 70831 43c088 70824->70831 70825->70793 70857 472350 121 API calls 3 library calls 70826->70857 70830->70819 70835 4c9fe0 91 API calls 70830->70835 70831->70821 70855 4d7ff0 238 API calls 5 library calls 70831->70855 70835->70819 70836 43c117 70836->70825 70858 4d7ff0 238 API calls 5 library calls 70836->70858 70841 43c008 70837->70841 70841->70813 70853 4d7ff0 238 API calls 5 library calls 70841->70853 70844 420dc0 258 API calls 70843->70844 70845 43bea8 70844->70845 70845->70800 70847 4c9fe0 91 API calls 70846->70847 70848 43c0c7 70847->70848 70848->70830 70856 4d7ff0 238 API calls 5 library calls 70848->70856 70849->70806 70850->70809 70851->70810 70852->70823 70853->70813 70854->70820 70855->70821 70856->70830 70857->70836 70858->70825 70859 4392e0 70860 4392fb __ftelli64_nolock 70859->70860 70942 497fb0 70860->70942 70863 439349 70865 439841 70863->70865 70866 4dbe30 246 API calls 70863->70866 70864 43932f GetTickCount 70864->70863 70867 527c5d __putwch_nolock 5 API calls 70865->70867 70868 439368 70866->70868 70869 439856 70867->70869 70870 4393a7 70868->70870 70986 43b4c0 SendMessageW 70868->70986 70871 4393e0 70870->70871 70988 43b4c0 SendMessageW 70870->70988 70874 4dbe30 246 API calls 70871->70874 70877 4393f5 _memset 70874->70877 70875 43938f 70987 43b4c0 SendMessageW 70875->70987 70876 4393c8 70989 43b4c0 SendMessageW 70876->70989 70880 4dbe30 246 API calls 70877->70880 70881 43942c 70880->70881 70882 527d48 __swprintf 105 API calls 70881->70882 70883 439442 70882->70883 70955 4e71c2 70883->70955 70887 439463 70888 439469 70887->70888 70889 4394bd 70887->70889 70890 439498 70888->70890 70892 439483 70888->70892 70893 43949a 70888->70893 70992 4460b0 RaiseException 70889->70992 70914 439545 codecvt 70890->70914 70966 411a00 70890->70966 70990 4460b0 RaiseException 70892->70990 70991 4460b0 RaiseException 70893->70991 70898 439592 _memset 70902 4395ae GetLocalTime 70898->70902 70903 527d48 __swprintf 105 API calls 70902->70903 70905 4395db 70903->70905 70904 4dbe30 246 API calls 70906 439521 70904->70906 70907 4e71c2 task 108 API calls 70905->70907 70908 439530 70906->70908 70909 439547 70906->70909 70910 4395f5 SetWindowTextW 70907->70910 70993 4460b0 RaiseException 70908->70993 70994 4460b0 RaiseException 70909->70994 70913 4e71c2 task 108 API calls 70910->70913 70915 43960f 70913->70915 70977 4467c0 70914->70977 70982 43b1f0 IsWindowVisible 70915->70982 70917 439616 70918 4e71c2 task 108 API calls 70917->70918 70919 439631 70918->70919 70983 4e74a5 70919->70983 70921 439638 70922 43964e 70921->70922 70923 43963e GetTickCount 70921->70923 70924 43971c Shell_NotifyIconW 70922->70924 70925 43965b 70922->70925 70923->70924 70926 4397bb 70924->70926 70995 45eb00 7 API calls 2 library calls 70925->70995 70926->70865 70929 4397ce _memset 70926->70929 70928 439660 70930 439677 GetTickCount 70928->70930 70931 439667 GetTickCount 70928->70931 70932 4397ea GetLocalTime 70929->70932 70930->70924 70933 43969a 70930->70933 70931->70924 70934 527d48 __swprintf 105 API calls 70932->70934 70996 45eb00 7 API calls 2 library calls 70933->70996 70937 43981b task 70934->70937 70936 439711 GetTickCount 70936->70924 70937->70865 70998 43b120 11 API calls __putwch_nolock 70937->70998 70938 43969f _memset 70938->70936 70997 45ed50 109 API calls 3 library calls 70938->70997 70940 43970e 70940->70936 70943 497fbf 70942->70943 70944 497fd0 _memset 70942->70944 70945 430520 96 API calls 70943->70945 70947 43aa10 106 API calls 70944->70947 70946 439324 70945->70946 70946->70863 70946->70864 70948 498041 LoadImageW 70947->70948 70949 43cff0 106 API calls 70948->70949 70950 49805b 70949->70950 70951 499b00 204 API calls 70950->70951 70952 498065 codecvt task _wcsncpy 70951->70952 70953 49808d Shell_NotifyIconW 70952->70953 70999 430520 70953->70999 70956 4e71cd GetDlgItem 70955->70956 70957 4e71e3 70955->70957 71007 4e3180 70956->71007 70960 4e73da 70961 4e73eb IsWindow 70960->70961 70962 4e73e6 70960->70962 70961->70962 70964 4e73fd SetWindowTextW 70961->70964 70963 4eb9e9 ~ctype RaiseException 70962->70963 70962->70964 70963->70961 70964->70887 70967 411a33 70966->70967 71046 4128b0 70967->71046 70969 411a3b 71050 412730 70969->71050 70972 41dc50 70973 41dca0 EnterCriticalSection 70972->70973 70974 41dc65 70973->70974 71063 424eb0 70974->71063 70976 41dc76 70976->70904 71071 446250 70977->71071 70979 4467cf 71111 446ee0 InvalidateRect 70979->71111 70981 4467d9 70981->70898 70982->70917 70984 4e74c0 70983->70984 70985 4e74b0 ShowWindow 70983->70985 70985->70921 70986->70875 70987->70870 70988->70876 70989->70871 70990->70890 70991->70890 70992->70890 70993->70914 70994->70914 70995->70928 70996->70938 70997->70940 70998->70865 71002 4e30da 70999->71002 71003 503fcc std::bad_exception::~bad_exception 96 API calls 71002->71003 71004 4e30ee 71003->71004 71005 43052f 71004->71005 71006 4eb9e9 ~ctype RaiseException 71004->71006 71005->70946 71006->71005 71014 4e310c 71007->71014 71009 4e318e 71022 5049ac 71009->71022 71011 4e319a 71034 4e785b 71011->71034 71015 4e3118 __EH_prolog3 71014->71015 71016 4fab63 std::bad_exception::~bad_exception 106 API calls 71015->71016 71017 4e311d ~ctype 71016->71017 71018 4debc2 _Allocate 69 API calls 71017->71018 71020 4e3164 ~ctype ~_Task_impl 71017->71020 71019 4e313e 71018->71019 71019->71020 71039 504910 70 API calls 3 library calls 71019->71039 71020->71009 71023 5049b8 __EH_prolog3_catch 71022->71023 71033 5049c1 ~ctype ~_Task_impl 71023->71033 71040 504326 RaiseException ~ctype 71023->71040 71025 5049d4 71025->71033 71041 504326 RaiseException ~ctype 71025->71041 71027 5049e1 ~ctype 71027->71033 71042 51fb8b 70 API calls task 71027->71042 71029 504a10 71030 504a1b 71029->71030 71043 4eb9b1 RaiseException __CxxThrowException@8 71029->71043 71044 5044ed 70 API calls 2 library calls 71030->71044 71033->71011 71035 4e7867 71034->71035 71038 43945c 71034->71038 71036 4e786d GetParent 71035->71036 71035->71038 71045 504326 RaiseException ~ctype 71036->71045 71038->70960 71039->71020 71040->71025 71041->71027 71042->71029 71044->71033 71045->71038 71047 4128c8 71046->71047 71057 4136f0 71047->71057 71049 4128d0 71049->70969 71051 412761 71050->71051 71056 411a4c 71050->71056 71052 412775 71051->71052 71053 41276e 71051->71053 71062 4137e0 70 API calls allocator 71052->71062 71061 4134d0 70 API calls 4 library calls 71053->71061 71056->70972 71058 413720 71057->71058 71059 414010 allocator 70 API calls 71058->71059 71060 413743 allocator 71059->71060 71060->71049 71061->71056 71062->71056 71064 424ec6 71063->71064 71067 424eda codecvt ctype 71063->71067 71065 424ed2 71064->71065 71068 424edf codecvt 71064->71068 71070 425100 7 API calls 71065->71070 71067->70976 71068->71067 71069 412730 70 API calls 71068->71069 71069->71067 71070->71067 71072 44628d 71071->71072 71112 43b020 GetClientRect 71072->71112 71074 44665f 71074->70979 71075 4462a1 71075->71074 71113 446ea0 BitBlt 71075->71113 71077 4462ee 71114 4f6545 107 API calls 2 library calls 71077->71114 71079 44633a 71115 446e40 FillRect 71079->71115 71081 44635c 71086 446441 71081->71086 71116 4f646a 107 API calls 2 library calls 71081->71116 71083 44638c 71117 4f607d 108 API calls 71083->71117 71085 4463a2 _Smanip 71118 446df0 MoveToEx MoveToEx 71085->71118 71088 446484 71086->71088 71089 44663a 71086->71089 71122 4468f0 RaiseException 71088->71122 71129 446c60 107 API calls std::bad_exception::~bad_exception 71089->71129 71090 4463e0 _Smanip 71119 446e20 MoveToEx LineTo 71090->71119 71094 446423 71120 4f607d 108 API calls 71094->71120 71096 446435 71121 446a40 107 API calls std::bad_exception::~bad_exception 71096->71121 71098 446496 71123 4f646a 107 API calls 2 library calls 71098->71123 71100 446589 71124 4f607d 108 API calls 71100->71124 71102 4465a5 71125 446df0 MoveToEx MoveToEx 71102->71125 71104 4465e9 71126 446e20 MoveToEx LineTo 71104->71126 71106 446617 71127 4f607d 108 API calls 71106->71127 71108 446629 71128 446a40 107 API calls std::bad_exception::~bad_exception 71108->71128 71110 446635 71110->70979 71111->70981 71112->71075 71113->71077 71114->71079 71115->71081 71116->71083 71117->71085 71118->71090 71119->71094 71120->71096 71121->71086 71122->71098 71123->71100 71124->71102 71125->71104 71126->71106 71127->71108 71128->71110 71129->71074 71130 534f78 71131 534f06 __encode_pointer 7 API calls 71130->71131 71132 534f7f 71131->71132 71133 43c66f 71134 43c68b _memset 71133->71134 71139 478170 71134->71139 71136 43c6a1 _wcsncpy 71137 527c5d __putwch_nolock 5 API calls 71136->71137 71138 43c969 71137->71138 71140 47818b __ftelli64_nolock 71139->71140 71141 41dca0 EnterCriticalSection 71140->71141 71142 4781aa _memset 71141->71142 71143 4781c6 GetModuleFileNameW 71142->71143 71144 4781eb _memset Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 71143->71144 71145 527d48 __swprintf 105 API calls 71144->71145 71146 47822a _memset 71145->71146 71147 478268 GetPrivateProfileStringW 71146->71147 71148 5283a0 _memset 71147->71148 71149 4782af GetPrivateProfileStringW StrTrimW StrTrimW 71148->71149 71150 415d60 task 72 API calls 71149->71150 71151 478309 71150->71151 71215 476be0 71151->71215 71153 47832f Concurrency::details::ContextBase::GetWorkQueueIdentity task 71155 4d8300 221 API calls 71153->71155 71157 478369 Concurrency::details::ContextBase::GetWorkQueueIdentity task _wcslen _wcsncpy 71153->71157 71154 52f41c __wcsnicmp 81 API calls 71156 4783bf 71154->71156 71155->71157 71158 4783ed _memset 71156->71158 71169 47854f _memset _wcscat 71156->71169 71157->71154 71159 478412 GetWindowsDirectoryW 71158->71159 71377 528446 71159->71377 71161 478438 GetPrivateProfileIntW GetSystemTime 71379 46e7c0 72 API calls 71161->71379 71163 47847d 71380 43a400 101 API calls 71163->71380 71165 478488 71381 478f00 101 API calls 71165->71381 71167 47849b 71382 455a70 101 API calls 71167->71382 71170 478669 71169->71170 71171 4786c8 71169->71171 71174 499b00 204 API calls 71170->71174 71173 499b00 204 API calls 71171->71173 71172 478518 71172->71169 71179 4786d9 codecvt task _wcscpy 71173->71179 71178 47867a codecvt task _wcscpy 71174->71178 71175 4784ab _memset 71175->71172 71176 527d48 __swprintf 105 API calls 71175->71176 71177 4784f3 WritePrivateProfileStringW 71176->71177 71177->71169 71181 527d48 __swprintf 105 API calls 71178->71181 71180 527d48 __swprintf 105 API calls 71179->71180 71182 4786c3 71180->71182 71181->71182 71183 415d60 task 72 API calls 71182->71183 71184 47873b 71183->71184 71185 4171c0 106 API calls 71184->71185 71186 47875a task 71185->71186 71301 43b970 71186->71301 71190 478792 71191 415e40 _DebugHeapAllocator 72 API calls 71190->71191 71192 4787ba codecvt _wcscat task 71191->71192 71193 478926 71192->71193 71352 4d8300 71192->71352 71194 4d8300 221 API calls 71193->71194 71196 47893f 71194->71196 71376 43d630 LeaveCriticalSection 71196->71376 71199 42d9b0 107 API calls 71200 478830 71199->71200 71202 411930 72 API calls 71200->71202 71201 478949 codecvt 71204 527c5d __putwch_nolock 5 API calls 71201->71204 71203 47885c task 71202->71203 71205 478870 WritePrivateProfileStringW 71203->71205 71206 478992 71204->71206 71207 478891 codecvt 71205->71207 71206->71136 71208 42d9b0 107 API calls 71207->71208 71209 4788b1 71208->71209 71210 411930 72 API calls 71209->71210 71211 4788dd task 71210->71211 71212 4788f1 WritePrivateProfileStringW 71211->71212 71213 478912 codecvt 71212->71213 71383 43c140 6 API calls codecvt 71213->71383 71216 476bfb __ftelli64_nolock 71215->71216 71217 415e60 _DebugHeapAllocator 72 API calls 71216->71217 71218 476c1c _memset 71217->71218 71219 476c38 GetModuleFileNameW 71218->71219 71220 476c5d _memset Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 71219->71220 71221 527d48 __swprintf 105 API calls 71220->71221 71223 476c9c _memset _wcslen 71221->71223 71222 476cd8 codecvt 71224 527c5d __putwch_nolock 5 API calls 71222->71224 71223->71222 71225 476e17 GetLocaleInfoW 71223->71225 71226 476cfd 71223->71226 71227 4775ac 71224->71227 71232 476e61 _memset 71225->71232 71228 499b00 204 API calls 71226->71228 71227->71153 71229 476d0e 71228->71229 71230 499b00 204 API calls 71229->71230 71231 476d47 71230->71231 71233 411930 72 API calls 71231->71233 71384 43a610 125 API calls 2 library calls 71232->71384 71236 476d73 71233->71236 71235 476e99 71240 527d48 __swprintf 105 API calls 71235->71240 71281 477201 71235->71281 71237 43b310 72 API calls 71236->71237 71238 476d9f 71237->71238 71239 415e40 _DebugHeapAllocator 72 API calls 71238->71239 71239->71222 71242 476f80 71240->71242 71241 5280be __wcsicoll 81 API calls 71243 477231 71241->71243 71385 4775b0 148 API calls 9 library calls 71242->71385 71245 47724a 71243->71245 71389 4775b0 148 API calls 9 library calls 71243->71389 71248 477285 71245->71248 71249 47739d 71245->71249 71300 4770d3 codecvt 71245->71300 71246 476f97 _memset 71386 477b90 193 API calls 9 library calls 71246->71386 71250 499b00 204 API calls 71248->71250 71251 5280be __wcsicoll 81 API calls 71249->71251 71252 477298 71250->71252 71253 4773ae 71251->71253 71254 499b00 204 API calls 71252->71254 71255 47748c 71253->71255 71256 4773b9 71253->71256 71258 4772d1 71254->71258 71259 499b00 204 API calls 71255->71259 71260 499b00 204 API calls 71256->71260 71262 411930 72 API calls 71258->71262 71263 47749d 71259->71263 71264 4773d4 71260->71264 71261 476fd5 71265 4771bc 71261->71265 71269 476ff7 71261->71269 71270 477134 _wcsncpy 71261->71270 71266 4772fd 71262->71266 71267 499b00 204 API calls 71263->71267 71268 411930 72 API calls 71264->71268 71274 5280be __wcsicoll 81 API calls 71265->71274 71265->71300 71271 43b310 72 API calls 71266->71271 71272 4774d6 71267->71272 71273 477403 71268->71273 71280 499b00 204 API calls 71269->71280 71269->71300 71387 4775b0 148 API calls 9 library calls 71270->71387 71277 477329 71271->71277 71278 411930 72 API calls 71272->71278 71279 411930 72 API calls 71273->71279 71275 4771e8 71274->71275 71275->71281 71388 4775b0 148 API calls 9 library calls 71275->71388 71283 415e40 _DebugHeapAllocator 72 API calls 71277->71283 71284 477502 71278->71284 71285 47742f 71279->71285 71286 47701a 71280->71286 71281->71241 71281->71300 71282 477182 71282->71265 71289 477192 WritePrivateProfileStringW 71282->71289 71283->71300 71290 43b310 72 API calls 71284->71290 71291 415e40 _DebugHeapAllocator 72 API calls 71285->71291 71287 499b00 204 API calls 71286->71287 71292 477053 71287->71292 71289->71222 71293 47752e 71290->71293 71291->71300 71294 411930 72 API calls 71292->71294 71295 415e40 _DebugHeapAllocator 72 API calls 71293->71295 71296 47707f 71294->71296 71295->71300 71297 43b310 72 API calls 71296->71297 71298 4770ab 71297->71298 71299 415e40 _DebugHeapAllocator 72 API calls 71298->71299 71299->71300 71300->71222 71302 43b97e task 71301->71302 71303 43b9b2 VarDateFromStr 71302->71303 71304 43b9db 71303->71304 71305 43ba5f 71303->71305 71306 43b9e4 71304->71306 71307 43ba08 71304->71307 71393 43bd10 69 API calls 71305->71393 71390 43bd10 69 API calls 71306->71390 71310 43ba11 71307->71310 71311 43ba39 71307->71311 71391 43bd10 69 API calls 71310->71391 71392 43bd10 69 API calls 71311->71392 71312 43ba01 71315 43ba90 71312->71315 71316 43babf 71315->71316 71318 43badf 71316->71318 71394 4117c0 72 API calls Concurrency::details::HardwareAffinity::ApplyTo 71316->71394 71319 43bb0a 71318->71319 71320 43baec 71318->71320 71323 43bb92 VarUdateFromDate 71319->71323 71324 43bb17 71319->71324 71321 415da0 Concurrency::cancellation_token::_FromImpl 106 API calls 71320->71321 71322 43baf9 codecvt 71321->71322 71322->71190 71325 43bc28 71323->71325 71326 43bbad 71323->71326 71327 415d60 task 72 API calls 71324->71327 71328 415d60 task 72 API calls 71325->71328 71329 415d60 task 72 API calls 71326->71329 71330 43bb1f 71327->71330 71331 43bc7a 71328->71331 71332 43bbb5 71329->71332 71333 416100 Concurrency::cancellation_token::_FromImpl 106 API calls 71330->71333 71395 43bdf0 71331->71395 71335 416100 Concurrency::cancellation_token::_FromImpl 106 API calls 71332->71335 71336 43bb33 71333->71336 71338 43bbc9 71335->71338 71339 43bb63 71336->71339 71340 43bb37 71336->71340 71337 43bc8e Concurrency::details::ContextBase::GetWorkQueueIdentity 71400 52ab64 107 API calls __wcsftime_l 71337->71400 71341 43bbf9 71338->71341 71342 43bbcd 71338->71342 71344 415da0 Concurrency::cancellation_token::_FromImpl 106 API calls 71339->71344 71343 415d80 _DebugHeapAllocator 72 API calls 71340->71343 71346 415da0 Concurrency::cancellation_token::_FromImpl 106 API calls 71341->71346 71345 415d80 _DebugHeapAllocator 72 API calls 71342->71345 71343->71322 71344->71322 71345->71322 71346->71322 71348 43bcab 71401 43be20 71348->71401 71351 415d80 _DebugHeapAllocator 72 API calls 71351->71322 71353 4d831b __ftelli64_nolock 71352->71353 71354 41dca0 EnterCriticalSection 71353->71354 71355 4d8346 71354->71355 71357 4d8392 _memset 71355->71357 71409 455eb0 72 API calls 71355->71409 71359 52ab81 _sprintf 105 API calls 71357->71359 71366 4d84ec 71357->71366 71358 527c5d __putwch_nolock 5 API calls 71360 478805 71358->71360 71361 4d8401 71359->71361 71360->71193 71360->71199 71405 4d86e0 71361->71405 71363 4d8420 71364 4c8380 219 API calls 71363->71364 71365 4d842e 71364->71365 71365->71366 71367 4cb190 110 API calls 71365->71367 71366->71358 71368 4d8467 task 71367->71368 71369 4d86e0 7 API calls 71368->71369 71370 4d84a4 71369->71370 71371 4c8380 219 API calls 71370->71371 71372 4d84b2 task 71371->71372 71373 4d86e0 7 API calls 71372->71373 71374 4d84de 71373->71374 71375 4c8380 219 API calls 71374->71375 71375->71366 71376->71201 71378 528456 71377->71378 71378->71161 71378->71378 71379->71163 71380->71165 71381->71167 71382->71175 71383->71193 71384->71235 71385->71246 71386->71261 71387->71282 71388->71281 71389->71245 71390->71312 71391->71312 71392->71312 71393->71312 71394->71316 71396 415f70 Concurrency::details::ContextBase::GetWorkQueueIdentity 72 API calls 71395->71396 71397 43be05 71396->71397 71398 416620 Concurrency::details::ContextBase::GetWorkQueueIdentity 72 API calls 71397->71398 71399 43be14 71398->71399 71399->71337 71400->71348 71402 43be2f _DebugHeapAllocator 71401->71402 71403 416620 Concurrency::details::ContextBase::GetWorkQueueIdentity 72 API calls 71402->71403 71404 43bcb8 71403->71404 71404->71351 71407 4d86ef 71405->71407 71406 4d86f9 71406->71363 71406->71406 71407->71406 71410 5287e3 7 API calls __wfsopen 71407->71410 71409->71357 71410->71406 71411 43c512 71412 4862a0 343 API calls 71411->71412 71413 43c51c 71412->71413 71414 527c5d __putwch_nolock 5 API calls 71413->71414 71415 43c969 71414->71415 71416 4398f0 71417 43993e 71416->71417 71418 415d60 task 72 API calls 71417->71418 71419 43994d 71418->71419 71420 499ee0 204 API calls 71419->71420 71421 43995c 71420->71421 71422 415e40 _DebugHeapAllocator 72 API calls 71421->71422 71426 439978 codecvt 71422->71426 71423 411660 106 API calls 71423->71426 71424 415e40 _DebugHeapAllocator 72 API calls 71424->71426 71425 4399e3 task 71427 439a45 lstrcpyW 71425->71427 71428 439a66 codecvt 71425->71428 71426->71423 71426->71424 71426->71425 71427->71428 71429 437970 71530 497300 71429->71530 71710 4963f0 71530->71710 71535 4ca540 179 API calls 71536 497345 task 71535->71536 71537 4d0fa0 104 API calls 71536->71537 71538 497368 codecvt 71537->71538 71727 43b090 GetSystemMenu 71538->71727 71823 4df81c 71710->71823 71712 4963ff 71841 49a6a0 71712->71841 71717 485d30 71718 485d5e 71717->71718 71725 485d67 71717->71725 71719 4304d0 69 API calls 71718->71719 71718->71725 71720 485d73 71719->71720 71721 485d8b 71720->71721 71943 485c20 106 API calls Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 71720->71943 71932 485ea0 71721->71932 71725->71535 72011 4fad04 71727->72011 71824 4df828 71823->71824 71825 4df830 71823->71825 71892 4e64c6 728 API calls 2 library calls 71824->71892 71893 4e694e 732 API calls std::bad_exception::~bad_exception 71825->71893 71828 4df82e 71829 4df83e 71828->71829 71895 4e29af 96 API calls 3 library calls 71828->71895 71894 4df49f EndDialog 71829->71894 71832 4df845 71832->71712 71833 4df850 71833->71829 71834 4df856 71833->71834 71835 4e71c2 task 108 API calls 71834->71835 71836 4df860 71835->71836 71837 4df87a 71836->71837 71896 4df7c4 106 API calls std::bad_exception::~bad_exception 71836->71896 71837->71712 71839 4df86b 71840 4e74a5 ShowWindow 71839->71840 71840->71837 71842 49a6e7 _memset 71841->71842 71843 415d60 task 72 API calls 71842->71843 71844 49a6f5 71843->71844 71845 415d60 task 72 API calls 71844->71845 71846 49a704 71845->71846 71847 49a70e codecvt 71846->71847 71897 4e48fe 71846->71897 71852 527c5d __putwch_nolock 5 API calls 71847->71852 71849 49a740 task 71850 499b00 204 API calls 71849->71850 71851 49a758 71850->71851 71853 415e40 _DebugHeapAllocator 72 API calls 71851->71853 71854 49640f 71852->71854 71855 49a783 codecvt task 71853->71855 71889 42dcb0 IsWindow 71854->71889 71856 4e73da 3 API calls 71855->71856 71857 49a7a6 71856->71857 71858 49a7e3 71857->71858 71904 4f4b05 71857->71904 71907 49f1f0 GetWindow 71858->71907 71862 49ab9b 71862->71847 71868 49abd1 IsMenu 71862->71868 71863 49a7cc 71910 49f310 SendMessageW 71863->71910 71865 49a813 GetClassNameW 71867 5280be __wcsicoll 81 API calls 71865->71867 71866 49a7d6 71911 49f3a0 SendMessageW 71866->71911 71883 49a7ed _memset codecvt task 71867->71883 71868->71847 71870 49ac02 71868->71870 71871 49ac60 210 API calls 71870->71871 71871->71847 71872 5280be 81 API calls __wcsicoll 71872->71883 71873 49a901 GetClassNameW 71874 5280be __wcsicoll 81 API calls 71873->71874 71874->71883 71875 49f1f0 108 API calls 71875->71883 71876 49a6a0 226 API calls 71876->71883 71877 4e48fe 74 API calls 71877->71883 71878 4e7382 GetWindowLongW SetWindowLongW SetWindowPos 71878->71883 71879 499b00 204 API calls 71879->71883 71880 415e40 _DebugHeapAllocator 72 API calls 71880->71883 71881 4e73da 3 API calls 71881->71883 71882 415d80 _DebugHeapAllocator 72 API calls 71882->71883 71883->71862 71883->71865 71883->71872 71883->71873 71883->71875 71883->71876 71883->71877 71883->71878 71883->71879 71883->71880 71883->71881 71883->71882 71887 49aaee codecvt task 71883->71887 71886 415e40 _DebugHeapAllocator 72 API calls 71886->71887 71887->71883 71887->71886 71888 4e73da 3 API calls 71887->71888 71912 44b1a0 72 API calls 2 library calls 71887->71912 71913 4f4398 72 API calls 2 library calls 71887->71913 71888->71887 71890 42dcc5 GetClientRect 71889->71890 71891 42dce4 71889->71891 71890->71891 71891->71717 71892->71828 71893->71828 71894->71832 71895->71833 71896->71839 71898 4e490c GetWindowTextLengthW 71897->71898 71899 4e493b 71897->71899 71900 43bdf0 72 API calls 71898->71900 71901 4e4922 GetWindowTextW 71900->71901 71902 43be20 72 API calls 71901->71902 71903 4e4936 71902->71903 71903->71849 71914 4f4a69 71904->71914 71908 4e3180 task 107 API calls 71907->71908 71909 49f20e 71908->71909 71909->71883 71910->71866 71911->71858 71912->71887 71913->71887 71915 4fab63 std::bad_exception::~bad_exception 106 API calls 71914->71915 71916 4f4a7b 71915->71916 71917 4f4ae4 71916->71917 71918 4f4a84 71916->71918 71919 49a7b6 71917->71919 71921 4faaee std::bad_exception::~bad_exception 106 API calls 71917->71921 71918->71919 71920 4f4a98 71918->71920 71925 4e1a47 71918->71925 71919->71863 71920->71919 71923 4f4aa2 _memset 71920->71923 71921->71919 71924 4f4aaf SendMessageW 71923->71924 71924->71919 71926 4fab63 std::bad_exception::~bad_exception 106 API calls 71925->71926 71927 4e1a52 71926->71927 71928 4e1a72 71927->71928 71930 4e1a62 SendMessageW 71927->71930 71929 4e1a8c 71928->71929 71931 4e1a7f GetKeyState 71928->71931 71929->71920 71930->71928 71931->71929 71945 486150 71932->71945 71936 485ed0 71937 43acc0 106 API calls 71936->71937 71938 485efe 71937->71938 71951 486240 LoadCursorW 71938->71951 71940 485f05 71952 4e63c1 71940->71952 71942 485dbc 71942->71725 71944 486200 UpdateWindow 71942->71944 71943->71721 71944->71725 71946 43b230 106 API calls 71945->71946 71947 486161 LoadBitmapW 71946->71947 71985 4f5f0d 71947->71985 71950 486180 GetObjectW 71950->71936 71951->71940 71993 4fa46a 71952->71993 71955 4faaee std::bad_exception::~bad_exception 106 API calls 71956 4e63db 71955->71956 71957 4e6418 71956->71957 71960 4e63ef 71956->71960 71958 532497 __wfsopen 69 API calls 71957->71958 71959 4e641d 71958->71959 71961 532497 __wfsopen 69 API calls 71959->71961 71962 532497 __wfsopen 69 API calls 71960->71962 71963 4e6427 71961->71963 71964 4e63f4 71962->71964 72006 527e1a 103 API calls __vsnwprintf_s_l 71963->72006 71966 532497 __wfsopen 69 API calls 71964->71966 71967 4e63fe 71966->71967 72005 527e1a 103 API calls __vsnwprintf_s_l 71967->72005 71968 4e6413 71970 532497 __wfsopen 69 API calls 71968->71970 71971 4e644d 71970->71971 71972 4e6460 71971->71972 71973 4e6451 71971->71973 71974 532497 __wfsopen 69 API calls 71972->71974 71975 532497 __wfsopen 69 API calls 71973->71975 71978 4e645d 71974->71978 71976 4e6456 71975->71976 72007 4dfe3d 72 API calls Concurrency::details::HardwareAffinity::ApplyTo 71976->72007 71996 4e146b 71978->71996 71980 4e6475 71981 4e64bd 71980->71981 72008 4e6334 112 API calls 4 library calls 71980->72008 71981->71942 71983 4e64b4 71983->71981 72009 4f525c RaiseException __CxxThrowException@8 71983->72009 71986 4f5f1c 71985->71986 71987 485eb9 71985->71987 71991 4f5e85 106 API calls 5 library calls 71986->71991 71987->71942 71987->71950 71989 4f5f26 71992 4e18d4 70 API calls task 71989->71992 71991->71989 71992->71987 71994 503fcc std::bad_exception::~bad_exception 96 API calls 71993->71994 71995 4e63d1 71994->71995 71995->71955 71997 4e1477 __wfsopen 71996->71997 71998 4faaee std::bad_exception::~bad_exception 106 API calls 71997->71998 71999 4e1485 71998->71999 72000 4f9d9e RaiseException 71999->72000 72001 4e1490 72000->72001 72002 4e149e GetClassInfoW 72001->72002 72004 4e149a __wfsopen 72001->72004 72010 4e14ca GetLastError SetLastError 72002->72010 72004->71980 72005->71968 72006->71968 72007->71978 72008->71983 72010->72004 72014 4fac90 106 API calls 5 library calls 72011->72014 72013 4fad10 72014->72013 72378 435d30 72379 5283a0 _memset 72378->72379 72380 435d69 GetModuleFileNameW 72379->72380 72381 435d8e Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 72380->72381 72382 415da0 Concurrency::cancellation_token::_FromImpl 106 API calls 72381->72382 72383 435dcb 72382->72383 72384 527c5d __putwch_nolock 5 API calls 72383->72384 72385 435de7 72384->72385 72386 44c430 72427 4e29af 96 API calls 3 library calls 72386->72427 72388 44c462 72389 4e74e7 task KiUserCallbackDispatcher 72388->72389 72390 44c480 72389->72390 72391 4e71c2 task 108 API calls 72390->72391 72392 44c49d 72391->72392 72393 4e74e7 task KiUserCallbackDispatcher 72392->72393 72394 44c4a4 72393->72394 72432 415470 SendMessageW 72394->72432 72396 44c4b2 72397 44c4d3 72396->72397 72428 48c0f0 gethostbyname 72396->72428 72398 44c4e3 gethostbyname 72397->72398 72399 44c69c gethostbyname 72397->72399 72433 415470 SendMessageW 72398->72433 72440 415470 SendMessageW 72399->72440 72403 44c630 inet_ntoa 72437 49a150 108 API calls 72403->72437 72406 44c6d9 inet_ntoa 72441 49a150 108 API calls 72406->72441 72407 44c520 inet_ntoa 72434 49a150 108 API calls 72407->72434 72408 44c64d task 72438 431000 SendMessageW 72408->72438 72412 44c785 72414 44c679 72439 415410 SendMessageW 72414->72439 72418 44c688 codecvt 72445 44cb60 111 API calls task 72418->72445 72421 44c748 codecvt 72444 415410 SendMessageW 72421->72444 72422 44c6b5 codecvt task 72422->72406 72422->72421 72442 415440 SendMessageW 72422->72442 72443 44ccb0 SendMessageW 72422->72443 72423 44c60b codecvt 72423->72403 72424 49a060 task 110 API calls 72426 44c4fc codecvt task 72424->72426 72425 44c5af inet_addr 72425->72426 72426->72403 72426->72407 72426->72423 72426->72424 72426->72425 72435 415440 SendMessageW 72426->72435 72436 44ccb0 SendMessageW 72426->72436 72427->72388 72430 48c117 72428->72430 72431 48c19d 72430->72431 72446 48c370 72430->72446 72431->72397 72432->72396 72433->72426 72434->72426 72435->72426 72436->72426 72437->72408 72438->72414 72439->72418 72440->72422 72441->72422 72442->72422 72443->72422 72444->72418 72445->72412 72447 415da0 Concurrency::cancellation_token::_FromImpl 106 API calls 72446->72447 72457 48c3a8 codecvt task 72447->72457 72448 411660 106 API calls 72448->72457 72449 48c3e1 lstrlenW 72452 48c3fd socket htons 72449->72452 72458 48c3ec codecvt 72449->72458 72450 527c5d __putwch_nolock 5 API calls 72451 48c586 72450->72451 72451->72431 72452->72457 72453 48c448 inet_addr 72453->72457 72454 48c4b6 connect 72455 48c4ca shutdown closesocket 72454->72455 72456 48c4f1 getsockname shutdown closesocket 72454->72456 72455->72457 72456->72458 72457->72448 72457->72449 72457->72453 72457->72454 72457->72458 72459 49a060 110 API calls task 72457->72459 72460 48c480 gethostbyname 72457->72460 72458->72450 72459->72457 72460->72457 72461 446190 72472 4f5df1 72461->72472 72463 4461c7 72479 43b020 GetClientRect 72463->72479 72465 446224 72481 4f5e45 108 API calls 2 library calls 72465->72481 72467 4461e7 72467->72465 72480 446ea0 BitBlt 72467->72480 72468 446233 72469 527c5d __putwch_nolock 5 API calls 72468->72469 72470 446248 72469->72470 72482 5322f0 72472->72482 72474 4f5dfd BeginPaint 72475 4f5c3b 106 API calls 72474->72475 72476 4f5e32 72475->72476 72477 4f5e3b ~_Task_impl 72476->72477 72483 4f525c RaiseException __CxxThrowException@8 72476->72483 72477->72463 72479->72467 72480->72465 72481->72468 72482->72474 72484 4e2bfa 72485 4e2c18 72484->72485 72486 4e2c1d GetParent 72484->72486 72487 4e734e GetWindowLongW 72485->72487 72504 4f6f7e 96 API calls Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 72486->72504 72487->72486 72490 4e2c4a PeekMessageW 72502 4e2c3f 72490->72502 72492 4e2d25 72516 4f8653 107 API calls 72492->72516 72493 4e74a5 ShowWindow 72495 4e2c69 UpdateWindow 72493->72495 72495->72502 72496 4e2c99 SendMessageW 72496->72502 72497 4e2d2b 72498 4e2c81 SendMessageW 72498->72502 72499 4e74a5 ShowWindow 72500 4e2ce5 UpdateWindow 72499->72500 72500->72502 72502->72490 72502->72492 72502->72493 72502->72496 72502->72497 72502->72498 72502->72499 72503 4e2d12 PeekMessageW 72502->72503 72505 4f75d5 72502->72505 72515 4f73bf 106 API calls 2 library calls 72502->72515 72503->72502 72504->72502 72506 4fab63 std::bad_exception::~bad_exception 106 API calls 72505->72506 72507 4f758f 72506->72507 72508 4fa46a Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 96 API calls 72507->72508 72509 4f7598 KiUserCallbackDispatcher 72508->72509 72510 4f75cf 72509->72510 72511 4f75ad 72509->72511 72510->72502 72511->72510 72517 4f739e 72511->72517 72513 4f75bc 72513->72510 72514 4f75c1 TranslateMessage DispatchMessageW 72513->72514 72514->72510 72515->72502 72518 4fab63 std::bad_exception::~bad_exception 106 API calls 72517->72518 72519 4f732b 72518->72519 72520 4f73af 72519->72520 72521 4fab63 std::bad_exception::~bad_exception 106 API calls 72519->72521 72520->72513 72523 4f7336 72521->72523 72522 42f6b0 106 API calls 72524 4f735c 72522->72524 72523->72522 72530 4f7351 72523->72530 72531 4e36e5 72524->72531 72527 4e3180 task 107 API calls 72528 4f7380 72527->72528 72537 4e4bc0 111 API calls task 72528->72537 72530->72513 72532 4e36f3 72531->72532 72534 4e3711 GetParent 72532->72534 72535 4e371e 72532->72535 72538 4e31ac 72532->72538 72541 4385e0 72532->72541 72534->72532 72535->72527 72535->72530 72537->72530 72539 4e310c ~ctype 106 API calls 72538->72539 72540 4e31b8 72539->72540 72540->72532 72543 4385fb __ftelli64_nolock 72541->72543 72542 438bf1 72550 4e71c2 task 108 API calls 72542->72550 72567 438d83 codecvt 72542->72567 72544 43864e 72543->72544 72545 438641 72543->72545 72560 43863f 72543->72560 72548 527c5d __putwch_nolock 5 API calls 72544->72548 72547 4e74a5 ShowWindow 72545->72547 72546 438eec 72645 4980c0 72546->72645 72547->72544 72552 438f10 72548->72552 72549 438862 72553 4e71c2 task 108 API calls 72549->72553 72554 438c2b 72550->72554 72552->72532 72555 43887b 72553->72555 72557 438c35 ShellExecuteW 72554->72557 72558 438c4d 72554->72558 72559 438b30 72555->72559 72564 43889b _memset 72555->72564 72569 43891b 72555->72569 72556 43876b 72556->72549 72652 43b020 GetClientRect 72556->72652 72557->72558 72561 4e71c2 task 108 API calls 72558->72561 72563 4e71c2 task 108 API calls 72559->72563 72560->72542 72560->72556 72648 43b020 GetClientRect 72560->72648 72562 438c5d 72561->72562 72566 438cac codecvt 72562->72566 72572 43c9e0 108 API calls 72562->72572 72568 438b40 72563->72568 72583 42d9b0 107 API calls 72564->72583 72575 4e71c2 task 108 API calls 72566->72575 72567->72546 72666 43b020 GetClientRect 72567->72666 72568->72542 72580 438b5a _memset 72568->72580 72581 438be9 72568->72581 72569->72559 72573 438927 GetLocalTime 72569->72573 72571 4386d2 72649 4f5862 GetWindowLongW ClientToScreen ClientToScreen 72571->72649 72577 438c78 task 72572->72577 72656 433b70 GetSystemTime 72573->72656 72582 438cd1 72575->72582 72576 4387c9 72653 4f5862 GetWindowLongW ClientToScreen ClientToScreen 72576->72653 72596 4d05b0 214 API calls 72577->72596 72579 438e11 72667 4f5862 GetWindowLongW ClientToScreen ClientToScreen 72579->72667 72598 527d48 __swprintf 105 API calls 72580->72598 72581->72542 72586 438bf3 ShellExecuteW 72581->72586 72582->72567 72592 415d60 task 72 API calls 72582->72592 72587 4388c6 72583->72587 72585 43893f 72657 433f00 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 72585->72657 72586->72542 72588 527d48 __swprintf 105 API calls 72587->72588 72593 4388e9 codecvt 72588->72593 72590 4386ec ScreenToClient ScreenToClient 72650 42f6a0 72590->72650 72599 438cea 72592->72599 72605 4388f7 ShellExecuteW 72593->72605 72594 4387e3 ScreenToClient ScreenToClient 72654 42f6a0 72594->72654 72596->72566 72603 438b8f 72598->72603 72664 4e62ba 113 API calls 2 library calls 72599->72664 72601 43874c PtInRect 72601->72556 72607 438757 72601->72607 72602 438e2e ScreenToClient ScreenToClient 72668 42f6a0 72602->72668 72662 4ea340 121 API calls std::bad_exception::~bad_exception 72603->72662 72605->72559 72606 438843 PtInRect 72606->72549 72610 43884e 72606->72610 72651 43b060 PostMessageW 72607->72651 72655 43b060 PostMessageW 72610->72655 72612 438ecd PtInRect 72612->72546 72615 438ed8 72612->72615 72613 438ba0 72616 438ba5 DeleteFileW 72613->72616 72617 438bbe 72613->72617 72669 43b060 PostMessageW 72615->72669 72616->72617 72663 488ef0 351 API calls 10 library calls 72617->72663 72618 438d08 72618->72567 72621 43c9e0 108 API calls 72618->72621 72625 438d2b task 72621->72625 72622 438993 _memset 72658 434430 105 API calls __swprintf 72622->72658 72624 438bd2 72627 4dbe30 246 API calls 72624->72627 72631 4d05b0 214 API calls 72625->72631 72626 438a07 72659 434590 105 API calls 2 library calls 72626->72659 72629 438be7 72627->72629 72629->72542 72630 438a20 72660 434660 105 API calls __swprintf 72630->72660 72633 438d5c codecvt 72631->72633 72665 4e72c6 SetDlgItemTextW 72633->72665 72634 438a37 _memset 72636 5280be __wcsicoll 81 API calls 72634->72636 72637 438a68 72636->72637 72638 438aca 72637->72638 72639 438a6f 72637->72639 72641 527d48 __swprintf 105 API calls 72638->72641 72640 527d48 __swprintf 105 API calls 72639->72640 72642 438ac5 72640->72642 72641->72642 72661 4ea340 121 API calls std::bad_exception::~bad_exception 72642->72661 72644 438b1e codecvt 72644->72559 72670 496430 72645->72670 72648->72571 72649->72590 72650->72601 72651->72556 72652->72576 72653->72594 72654->72606 72655->72549 72656->72585 72657->72622 72658->72626 72659->72630 72660->72634 72661->72644 72662->72613 72663->72624 72664->72618 72665->72567 72666->72579 72667->72602 72668->72612 72669->72546 72675 42f780 SendMessageW 72670->72675 72672 496446 72676 4df54a 72672->72676 72675->72672 72691 4e0b24 72676->72691 72679 496452 72679->72544 72681 4df5dc 72701 4e1275 72681->72701 72683 4df56c 72683->72679 72683->72681 72684 4df590 GetWindowLongW 72683->72684 72684->72681 72685 4df59e 72684->72685 72705 5030af 7 API calls __putwch_nolock 72685->72705 72687 4df5aa 72687->72681 72688 4df5ae GetDlgItem 72687->72688 72689 4df5bd IsWindowEnabled 72688->72689 72690 4df5c8 SendMessageW 72688->72690 72689->72681 72689->72690 72690->72679 72692 4faaee std::bad_exception::~bad_exception 106 API calls 72691->72692 72693 4df55c 72692->72693 72693->72679 72694 4e3e18 72693->72694 72695 4e3e27 72694->72695 72696 4e3e21 72694->72696 72695->72683 72696->72695 72700 4e3e3e 72696->72700 72706 4e3dd9 108 API calls task 72696->72706 72698 4e3e55 72698->72683 72700->72698 72707 4e3dd9 108 API calls task 72700->72707 72702 4e1287 72701->72702 72703 4e12a2 72702->72703 72708 4e7317 72702->72708 72703->72679 72705->72687 72706->72700 72707->72700 72709 4e733d IsDialogMessageW 72708->72709 72710 4e7328 72708->72710 72712 4e732d 72709->72712 72711 4faaee std::bad_exception::~bad_exception 106 API calls 72710->72711 72711->72712 72712->72703 72713 458990 72714 415d60 task 72 API calls 72713->72714 72715 4589de _memset 72714->72715 72716 458a41 GetModuleFileNameW 72715->72716 72717 458a66 Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 72716->72717 72718 415e60 _DebugHeapAllocator 72 API calls 72717->72718 72719 458a86 lstrcpyW 72718->72719 72720 527c5d __putwch_nolock 5 API calls 72719->72720 72721 458abd 72720->72721 72722 4e33d6 72723 4e33e5 72722->72723 72724 4e310c ~ctype 106 API calls 72723->72724 72725 4e340c 72723->72725 72731 4e33ea 72723->72731 72726 4e33f8 72724->72726 72730 4e341d DestroyWindow 72725->72730 72725->72731 72727 4e3401 72726->72727 72728 4eb9e9 ~ctype RaiseException 72726->72728 72732 504326 RaiseException ~ctype 72727->72732 72728->72727 72730->72731 72732->72725

                                                    Executed Functions

                                                    Function 004862A0, Relevance: 1028.1, APIs: 248, Strings: 338, Instructions: 2582memoryregistryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 0 4862a0-4868e2 call 5282c0 call 5283a0 * 2 GetModuleFileNameW PathRemoveFileSpecW call 415da0 call 424520 call 5283a0 call 527d48 GetPrivateProfileStringW call 528180 GetPrivateProfileStringW call 528180 GetPrivateProfileIntW GetPrivateProfileStringW * 2 call 528474 GetPrivateProfileStringW call 42da50 call 528474 GetPrivateProfileStringW call 528180 GetPrivateProfileStringW call 528180 GetPrivateProfileStringW call 528180 GetPrivateProfileStringW call 528180 GetPrivateProfileStringW call 528180 GetPrivateProfileStringW call 528180 GetPrivateProfileStringW call 528180 GetPrivateProfileStringW call 528180 GetPrivateProfileStringW call 528180 GetPrivateProfileStringW call 528180 GetPrivateProfileStringW call 528180 GetPrivateProfileStringW call 528180 GetPrivateProfileStringW * 2 call 528180 GetPrivateProfileStringW call 528180 53 486924-487c36 GetPrivateProfileStringW call 528180 GetPrivateProfileStringW call 528180 GetPrivateProfileStringW call 528180 GetPrivateProfileStringW call 528474 GetPrivateProfileStringW call 528474 GetPrivateProfileStringW call 528180 GetPrivateProfileStringW call 528180 GetPrivateProfileStringW call 528474 GetPrivateProfileStringW call 42da50 call 528474 GetPrivateProfileStringW call 415e60 GetPrivateProfileStringW call 415e60 GetPrivateProfileStringW call 528180 GetPrivateProfileStringW call 528474 GetPrivateProfileStringW call 528474 GetPrivateProfileStringW call 528180 GetPrivateProfileStringW call 528180 GetPrivateProfileStringW call 528474 GetPrivateProfileStringW call 42da50 call 528474 GetPrivateProfileStringW call 415e60 GetPrivateProfileStringW call 415e60 GetPrivateProfileStringW call 528180 GetPrivateProfileStringW call 528474 GetPrivateProfileStringW call 528474 GetPrivateProfileStringW call 528180 GetPrivateProfileStringW call 528180 GetPrivateProfileStringW call 528474 GetPrivateProfileStringW call 42da50 call 528474 GetPrivateProfileStringW call 415e60 GetPrivateProfileStringW call 415e60 GetPrivateProfileStringW call 528180 GetPrivateProfileStringW call 528474 GetPrivateProfileStringW call 528474 GetPrivateProfileStringW call 528180 GetPrivateProfileStringW call 528180 GetPrivateProfileStringW call 528474 GetPrivateProfileStringW call 42da50 call 528474 GetPrivateProfileStringW call 415e60 GetPrivateProfileStringW call 415e60 GetPrivateProfileStringW call 528180 GetPrivateProfileStringW call 528474 GetPrivateProfileStringW call 528474 GetPrivateProfileStringW call 528180 GetPrivateProfileStringW call 528180 GetPrivateProfileStringW call 528474 GetPrivateProfileStringW call 42da50 call 528474 GetPrivateProfileStringW call 415e60 GetPrivateProfileStringW call 415e60 GetPrivateProfileStringW call 528180 GetPrivateProfileStringW call 528474 GetPrivateProfileStringW call 528474 GetPrivateProfileStringW call 528180 GetPrivateProfileStringW call 528180 GetPrivateProfileStringW call 528474 GetPrivateProfileStringW call 42da50 call 528474 GetPrivateProfileStringW call 415e60 GetPrivateProfileStringW call 415e60 GetPrivateProfileStringW call 528180 call 527d48 GetPrivateProfileStringW call 528474 GetPrivateProfileStringW call 528180 GetPrivateProfileStringW call 528180 GetPrivateProfileStringW call 528180 GetPrivateProfileStringW call 528180 GetPrivateProfileStringW call 528180 GetPrivateProfileStringW call 528474 GetPrivateProfileStringW call 52bded call 52ba50 GetPrivateProfileStringW call 528180 GetPrivateProfileStringW call 528180 GetPrivateProfileStringW call 42da50 call 528474 GetPrivateProfileStringW call 528180 GetPrivateProfileStringW call 528474 GetPrivateProfileIntW RegOpenKeyExW 0->53 54 4868e4-486921 GetPrivateProfileStringW call 528180 0->54 215 487d48-488171 GetPrivateProfileIntW * 23 GetPrivateProfileStringW * 4 call 528474 53->215 216 487c3c-487c90 call 5283a0 RegQueryValueExW call 5284d4 53->216 54->53 221 4882ba-4883c7 GetPrivateProfileIntW * 2 GetPrivateProfileStringW call 415e60 call 424600 call 415e60 call 411930 call 415f60 call 52a44d call 415e20 215->221 222 488177-4881a7 call 415da0 215->222 226 487c95-487c9a 216->226 269 4883cd-4884d4 call 52a302 call 52a20a call 4debfc call 52a302 call 52a050 call 529d17 call 49a120 call 415e40 call 415e20 call 4dec07 221->269 270 4884d7-48853f call 415e60 call 411930 call 415f60 call 52a44d call 415e20 221->270 232 4881b1-4881b8 222->232 229 487c9c-487ca9 226->229 230 487cbf-487ccc 226->230 233 487cab-487cb7 RegDeleteValueW 229->233 234 487cbd 229->234 235 487d3b-487d42 RegCloseKey 230->235 236 487cce-487d35 call 5283a0 GetModuleFileNameW call 5284d4 RegSetValueExW 230->236 238 4881be-4881ed call 411660 call 415f90 232->238 239 488294-4882b5 call 415e20 232->239 233->234 234->235 235->215 236->235 254 4881ef-4881fe call 415e20 238->254 255 488203-48826d call 415f60 call 49a060 call 412150 inet_addr call 412130 238->255 239->221 254->239 279 48826f-48827e call 415e20 255->279 280 488280-48828f call 415e20 255->280 269->270 300 48864f-4886b7 call 415e60 call 411930 call 415f60 call 52a44d call 415e20 270->300 301 488545-48864c call 52a302 call 52a20a call 4debfc call 52a302 call 52a050 call 529d17 call 49a120 call 415e40 call 415e20 call 4dec07 270->301 279->239 280->232 332 4886bd-4887c4 call 52a302 call 52a20a call 4debfc call 52a302 call 52a050 call 529d17 call 49a120 call 415e40 call 415e20 call 4dec07 300->332 333 4887c7-48882f call 5283a0 call 527d48 call 52a44d 300->333 301->300 332->333 354 4888cd-4889e4 GetPrivateProfileIntW * 4 GetPrivateProfileStringW call 415e60 call 442280 GetPrivateProfileIntW 333->354 355 488835-488867 call 52a302 call 52a20a 333->355 373 4889f6-488a23 354->373 374 4889e6-4889ec 354->374 370 488869 355->370 371 488873-4888ca call 52a302 call 52a050 call 529d17 355->371 370->371 371->354 378 488a29-488c3f call 5283a0 call 527d48 GetPrivateProfileStringW call 527d48 GetPrivateProfileIntW call 527d48 GetPrivateProfileIntW call 527d48 GetPrivateProfileIntW call 527d48 GetPrivateProfileStringW call 527d48 GetPrivateProfileIntW 373->378 379 488c4b-488eef GetPrivateProfileIntW * 4 GetPrivateProfileStringW call 528235 GetPrivateProfileIntW GetPrivateProfileStringW call 415e60 GetPrivateProfileStringW call 415e60 GetPrivateProfileIntW * 4 call 415e60 GetPrivateProfileIntW call 415e20 call 527c5d 373->379 374->373 378->379
                                                    APIs
                                                    • _memset.LIBCMT ref: 004862EC
                                                    • _memset.LIBCMT ref: 0048630B
                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000105,?,?,?,00000078,00000000,00000064), ref: 00486321
                                                    • PathRemoveFileSpecW.SHLWAPI(?,?,?,?,00000078,00000000,00000064), ref: 0048632E
                                                      • Part of subcall function 00415DA0: _DebugHeapAllocator.LIBCPMTD ref: 00415DF5
                                                    • _DebugHeapAllocator.LIBCPMTD ref: 00486358
                                                      • Part of subcall function 00424520: _DebugHeapAllocator.LIBCPMTD ref: 0042452E
                                                    • _memset.LIBCMT ref: 00486374
                                                    • __swprintf.LIBCMT ref: 0048638F
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 004863B9
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 004863FC
                                                    • GetPrivateProfileIntW.KERNEL32 ref: 00486430
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00486467
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 0048648F
                                                    • _wcscpy.LIBCMT ref: 004864A9
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 004864D3
                                                      • Part of subcall function 0042DA50: _memset.LIBCMT ref: 0042DA7E
                                                      • Part of subcall function 0042DA50: _memset.LIBCMT ref: 0042DA9D
                                                      • Part of subcall function 0042DA50: _memset.LIBCMT ref: 0042DABC
                                                      • Part of subcall function 0042DA50: _wcscpy.LIBCMT ref: 0042DACF
                                                      • Part of subcall function 0042DA50: _wcslen.LIBCMT ref: 0042DAF9
                                                      • Part of subcall function 0042DA50: _memset.LIBCMT ref: 0042DB2D
                                                      • Part of subcall function 0042DA50: _wcscpy.LIBCMT ref: 0042DB4D
                                                      • Part of subcall function 0042DA50: __swprintf.LIBCMT ref: 0042DB97
                                                      • Part of subcall function 0042DA50: _wcscat.LIBCMT ref: 0042DBAD
                                                      • Part of subcall function 0042DA50: _wcscpy.LIBCMT ref: 0042DBC5
                                                    • _wcscpy.LIBCMT ref: 004864FB
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00486525
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00486568
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 004865AB
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 004865EE
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00486631
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00486674
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 004866B7
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 004866FA
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 0048673D
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00486780
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 004867C3
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00486806
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00486849
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 0048687E
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 004868CB
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00486906
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00486946
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00486986
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 004869C6
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00486A09
                                                    • _wcscpy.LIBCMT ref: 00486A22
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00486A4C
                                                    • _wcscpy.LIBCMT ref: 00486A66
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00486A90
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00486AD3
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00486B16
                                                    • _wcscpy.LIBCMT ref: 00486B30
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00486B5A
                                                    • _wcscpy.LIBCMT ref: 00486B83
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00486BAD
                                                    • _DebugHeapAllocator.LIBCPMTD ref: 00486BC6
                                                      • Part of subcall function 00415E60: _DebugHeapAllocator.LIBCPMTD ref: 00415E6E
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00486BED
                                                    • _DebugHeapAllocator.LIBCPMTD ref: 00486C06
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00486C2D
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00486C70
                                                    • _wcscpy.LIBCMT ref: 00486C89
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00486CB3
                                                    • _wcscpy.LIBCMT ref: 00486CCD
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00486CF7
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00486D3A
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00486D7D
                                                    • _wcscpy.LIBCMT ref: 00486D97
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00486DC1
                                                    • _wcscpy.LIBCMT ref: 00486DEA
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00486E14
                                                    • _DebugHeapAllocator.LIBCPMTD ref: 00486E2D
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00486E54
                                                    • _DebugHeapAllocator.LIBCPMTD ref: 00486E6D
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00486E94
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00486ED7
                                                    • _wcscpy.LIBCMT ref: 00486EF0
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00486F1A
                                                    • _wcscpy.LIBCMT ref: 00486F34
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00486F5E
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00486FA1
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00486FE4
                                                    • _wcscpy.LIBCMT ref: 00486FFE
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00487028
                                                    • _wcscpy.LIBCMT ref: 00487051
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 0048707B
                                                    • _DebugHeapAllocator.LIBCPMTD ref: 00487094
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 004870BB
                                                    • _DebugHeapAllocator.LIBCPMTD ref: 004870D4
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 004870FB
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 0048713E
                                                    • _wcscpy.LIBCMT ref: 00487157
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00487181
                                                    • _wcscpy.LIBCMT ref: 0048719B
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 004871C5
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00487208
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 0048724B
                                                    • _wcscpy.LIBCMT ref: 00487265
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 0048728F
                                                    • _wcscpy.LIBCMT ref: 004872B8
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 004872E2
                                                    • _DebugHeapAllocator.LIBCPMTD ref: 004872FB
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00487322
                                                    • _DebugHeapAllocator.LIBCPMTD ref: 0048733B
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00487362
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 004873A5
                                                    • _wcscpy.LIBCMT ref: 004873BE
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 004873E8
                                                    • _wcscpy.LIBCMT ref: 00487402
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 0048742C
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 0048746F
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 004874B2
                                                    • _wcscpy.LIBCMT ref: 004874CC
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 004874F6
                                                    • _wcscpy.LIBCMT ref: 0048751F
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00487549
                                                    • _DebugHeapAllocator.LIBCPMTD ref: 00487562
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00487589
                                                    • _DebugHeapAllocator.LIBCPMTD ref: 004875A2
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 004875C9
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 0048760C
                                                    • _wcscpy.LIBCMT ref: 00487625
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 0048764F
                                                    • _wcscpy.LIBCMT ref: 00487669
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00487693
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 004876D6
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00487719
                                                    • _wcscpy.LIBCMT ref: 00487733
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 0048775D
                                                    • _wcscpy.LIBCMT ref: 00487786
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 004877B0
                                                    • _DebugHeapAllocator.LIBCPMTD ref: 004877C9
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 004877F0
                                                    • _DebugHeapAllocator.LIBCPMTD ref: 00487809
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00487830
                                                    • __swprintf.LIBCMT ref: 00487864
                                                      • Part of subcall function 00527D48: __woutput_l.LIBCMT ref: 00527D9D
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00487890
                                                    • _wcscpy.LIBCMT ref: 004878A9
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 004878D3
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00487916
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00487959
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 0048799C
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 004879DF
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00487A22
                                                    • _wcscpy.LIBCMT ref: 00487A3C
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00487A66
                                                      • Part of subcall function 0052BDED: __wtof_l.LIBCMT ref: 0052BDF7
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00487AB4
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00487AF7
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00487B3A
                                                    • _wcscpy.LIBCMT ref: 00487B62
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00487B8C
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00487BCF
                                                    • _wcscpy.LIBCMT ref: 00487BE9
                                                    • GetPrivateProfileIntW.KERNEL32 ref: 00487C04
                                                    • RegOpenKeyExW.KERNEL32(80000001,Software\Microsoft\Windows\CurrentVersion\Run,00000000,000F003F,?), ref: 00487C2E
                                                    • _memset.LIBCMT ref: 00487C53
                                                    • RegQueryValueExW.KERNEL32(?,CCProxy,00000000,00000000,?,00000800), ref: 00487C83
                                                    • _wcslen.LIBCMT ref: 00487C90
                                                    • RegDeleteValueW.ADVAPI32(?,CCProxy), ref: 00487CB7
                                                    • _memset.LIBCMT ref: 00487CE5
                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000400), ref: 00487D04
                                                    • _wcslen.LIBCMT ref: 00487D11
                                                    • RegSetValueExW.ADVAPI32(?,CCProxy,00000000,00000001,?,00000002), ref: 00487D35
                                                    • RegCloseKey.ADVAPI32(?), ref: 00487D42
                                                    • GetPrivateProfileIntW.KERNEL32 ref: 00487D5B
                                                    • GetPrivateProfileIntW.KERNEL32 ref: 00487D80
                                                    • GetPrivateProfileIntW.KERNEL32 ref: 00487DA2
                                                    • GetPrivateProfileIntW.KERNEL32 ref: 00487DCC
                                                    • GetPrivateProfileIntW.KERNEL32 ref: 00487DEE
                                                    • GetPrivateProfileIntW.KERNEL32 ref: 00487E10
                                                    • GetPrivateProfileIntW.KERNEL32 ref: 00487E32
                                                    • GetPrivateProfileIntW.KERNEL32 ref: 00487E53
                                                    • GetPrivateProfileIntW.KERNEL32 ref: 00487E75
                                                    • GetPrivateProfileIntW.KERNEL32 ref: 00487E97
                                                    • GetPrivateProfileIntW.KERNEL32 ref: 00487EB9
                                                    • GetPrivateProfileIntW.KERNEL32 ref: 00487EDB
                                                    • GetPrivateProfileIntW.KERNEL32 ref: 00487EFD
                                                    • GetPrivateProfileIntW.KERNEL32 ref: 00487F1F
                                                    • GetPrivateProfileIntW.KERNEL32 ref: 00487F41
                                                    • GetPrivateProfileIntW.KERNEL32 ref: 00487F66
                                                    • GetPrivateProfileIntW.KERNEL32 ref: 00487F8B
                                                    • GetPrivateProfileIntW.KERNEL32 ref: 00487FB0
                                                    • GetPrivateProfileIntW.KERNEL32 ref: 00487FD2
                                                    • GetPrivateProfileIntW.KERNEL32 ref: 00487FF4
                                                    • GetPrivateProfileIntW.KERNEL32 ref: 00488016
                                                    • GetPrivateProfileIntW.KERNEL32 ref: 0048803B
                                                    • GetPrivateProfileIntW.KERNEL32 ref: 0048805D
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00488091
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 004880CC
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00488107
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00488142
                                                    • _wcscpy.LIBCMT ref: 0048815C
                                                    • inet_addr.WS2_32(00000000), ref: 00488230
                                                    • GetPrivateProfileIntW.KERNEL32 ref: 004882CD
                                                    • GetPrivateProfileIntW.KERNEL32 ref: 004882F2
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00488326
                                                    • _DebugHeapAllocator.LIBCPMTD ref: 0048833F
                                                    • _DebugHeapAllocator.LIBCPMTD ref: 00488370
                                                    • _fseek.LIBCMT ref: 004883D8
                                                    • _ftell.LIBCMT ref: 004883E7
                                                    • _fseek.LIBCMT ref: 00488433
                                                    • __fread_nolock.LIBCMT ref: 00488452
                                                    • _DebugHeapAllocator.LIBCPMTD ref: 004884A8
                                                    • _DebugHeapAllocator.LIBCPMTD ref: 004884E8
                                                      • Part of subcall function 00411930: _DebugHeapAllocator.LIBCPMTD ref: 00411968
                                                      • Part of subcall function 00411930: _DebugHeapAllocator.LIBCPMTD ref: 004119AA
                                                      • Part of subcall function 0052A44D: __wfsopen.LIBCMT ref: 0052A45A
                                                    • _ftell.LIBCMT ref: 0048855F
                                                    • _fseek.LIBCMT ref: 004885AB
                                                    • _DebugHeapAllocator.LIBCPMTD ref: 00488620
                                                    • __swprintf.LIBCMT ref: 004887F9
                                                      • Part of subcall function 00527D48: __flsbuf.LIBCMT ref: 00527DBB
                                                      • Part of subcall function 00527D48: __flsbuf.LIBCMT ref: 00527DD3
                                                    • _fseek.LIBCMT ref: 00488840
                                                    • _ftell.LIBCMT ref: 0048884F
                                                      • Part of subcall function 0052A20A: __lock_file.LIBCMT ref: 0052A244
                                                      • Part of subcall function 0052A20A: __ftell_nolock.LIBCMT ref: 0052A250
                                                    • _fseek.LIBCMT ref: 0048887E
                                                    • __fread_nolock.LIBCMT ref: 004888A3
                                                    • __fread_nolock.LIBCMT ref: 004885CA
                                                      • Part of subcall function 00529D17: __lock_file.LIBCMT ref: 00529D67
                                                      • Part of subcall function 00529D17: __fclose_nolock.LIBCMT ref: 00529D71
                                                    • _fseek.LIBCMT ref: 00488550
                                                      • Part of subcall function 0052A302: __lock_file.LIBCMT ref: 0052A34D
                                                      • Part of subcall function 0052A302: __fseek_nolock.LIBCMT ref: 0052A35D
                                                    • _DebugHeapAllocator.LIBCPMTD ref: 00488660
                                                    • _fseek.LIBCMT ref: 004886C8
                                                    • _ftell.LIBCMT ref: 004886D7
                                                    • _fseek.LIBCMT ref: 00488723
                                                    • __fread_nolock.LIBCMT ref: 00488742
                                                    • _DebugHeapAllocator.LIBCPMTD ref: 00488798
                                                    • _memset.LIBCMT ref: 004887DE
                                                    • GetPrivateProfileIntW.KERNEL32 ref: 004888E0
                                                    • GetPrivateProfileIntW.KERNEL32 ref: 00488905
                                                    • GetPrivateProfileIntW.KERNEL32 ref: 0048892A
                                                    • GetPrivateProfileIntW.KERNEL32 ref: 0048894F
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00488983
                                                    • _DebugHeapAllocator.LIBCPMTD ref: 0048899C
                                                    • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004889AD
                                                    • GetPrivateProfileIntW.KERNEL32 ref: 004889C5
                                                    • _memset.LIBCMT ref: 00488A40
                                                    • __swprintf.LIBCMT ref: 00488A5E
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 00488A9D
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: PrivateProfile$String$_wcscpy$AllocatorDebugHeap$_memset$_fseek$__swprintf$__fread_nolock_ftell$FileValue__lock_file_wcslen$ModuleName__flsbuf$Base::CloseConcurrency::details::ContextDeleteIdentityOpenPathQueryQueueRemoveSpecWork__fclose_nolock__fseek_nolock__ftell_nolock__wfsopen__woutput_l__wtof_l_wcscatinet_addr
                                                    • String ID: %s\AutoProxy.pac$%s\CCProxy.ini$%s\Log$0.0.0.0$00:00$10000$110$808$808$808$808$808$808$<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /></head><body><h1>Unauthorized ...</h1><h2$<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /></head><body><h1>Web content unauthorized..$<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /></head><body><h1>Web site unauthorized...</$Admin$AntiSpamRBL$AuthMethod$AutoDetect$AutoDial$AutoDisconnect$AutoHide$AutoStartup$AutoUpdate$Basic$Basic$Basic$Basic$Basic$Basic$BugTrace$CCProxy$CCProxy$CCProxy$CCProxy Authorization$CTRL+ALT+%c$CTRL+ALT+C$Cache$Cache$CacheTimeout$CascadingOTHERS$CascadingPOP3$CascadingProxy$CascadingProxy$CascadingProxy$CascadingProxy$CascadingProxy$CascadingProxy$CascadingProxy$CascadingProxy$CascadingProxy$CascadingProxy$CascadingProxy$CascadingProxy$CascadingProxy$CascadingProxy$CascadingProxy$CascadingProxy$CascadingProxy$CascadingProxy$CascadingProxy$CascadingProxy$CascadingProxy$CascadingProxy$CascadingProxy$CascadingProxy$CascadingProxy$CascadingProxy$CascadingProxy$CascadingProxy$CascadingProxy$CascadingProxy$CascadingProxy$CascadingProxy$CascadingProxy$CascadingProxy$CascadingProxy$CascadingProxy$CascadingProxy$CascadingProxy$CascadingProxy$CascadingProxy$CascadingProxy$CascadingProxy$CascadingProxy$CascadingProxy$CascadingProxy$CascadingProxy$CascadingProxy$CascadingProxy$CascadingProxy$CascadingProxy$CascadingProxy$CascadingProxy$CascadingProxy$CascadingProxy$CascadingSMTP$CascadingSOCKS$CascadingWWW$ChangeHost%d$CloseConfirm$Control$Count$Dial$Dial$Dial$Dial$Dial$Dial$Dial$Dial$Dial$Dial$Dial$Dial$Dial$Dial$Dial$Dial$DialWhenStartup$DisableExternalUser$DisconnectWhenShutdown$Domain$Enable$EnableHotKey$EnableReferer$English$EntrySelected$FTP$FTP$FTP$HTTP$HTTP$HTTP$HTTP$HTTP$HTTP$HTTP$HTTPXFORWARD$Host%d$HostSource%d$HotKey$IdleTimeout$IgnoreAgentNTLM$Language$LimitMultipleLogin$LoadFromCache$LocalIP$LockTime$Log$Log$Log$Log$Log$Log$Log$Log$Log$Log$Log$LogPath$Mail$Mail$Mail$Mail$Map$Map$Map$Map$Map$Map$Map$MaxLine$MaxSaveDays$MaxVerificationTimes$MaximumBandwidthChart$MaximumConnectionsChart$NTService$NeedAuth$Networks$Networks$Networks$Networks$Networks$NewLogDaily$News$News$News$OTHERSAuthMethod$OTHERSDomain$OTHERSNeedAuth$OTHERSPassword$OTHERSPort$OTHERSProtocol$OTHERSProxyAddr$OTHERSUserName$Others$POP3$POP3AuthMethod$POP3Domain$POP3NeedAuth$POP3Password$POP3Port$POP3Protocol$POP3ProxyAddr$POP3UserName$Password$Password$Password$PasswordProtect$PasswordProtectStartup$PicInfo$Port$Port$Port$Port$Port$Port$Port$Port$PortIn%d$PortOut%d$PortPOP3$PortSMTP$PortType%d$Protocol$ProxyAddr$RequestURL$RunAsInternetProxyServer$SMTPAuthMethod$SMTPDomain$SMTPNeedAuth$SMTPPassword$SMTPPort$SMTPProtocol$SMTPProxyAddr$SMTPUserName$SOCKS$SOCKS$SOCKSAuthMethod$SOCKSDomain$SOCKSNeedAuth$SOCKSPassword$SOCKSPort$SOCKSProtocol$SOCKSProxyAddr$SOCKSUserName$SaveLogs$SaveUserData$SaveUserDataInterval$SaveWebTitleEx$ServerBindIPAddress$ShutDown$ShutDown$ShutDownTime$SocketIdleTimeout$Software\Microsoft\Windows\CurrentVersion\Run$StartAdmin$StartDNS$StartFTPWeb$StartFtp$StartGopher$StartHttp$StartMail$StartMap$StartNews$StartSecure$StartSocks$StartSocks4$StartTelnet$StringEx$System$System$System$System$System$System$System$System$System$System$System$System$System$System$System$System$System$System$System$System$System$TELNET$Telnet$TimeoutMAC$Token$Token$Token$UserName$UserName$WWWAuthMethod$WWWDomain$WWWNeedAuth$WWWPassword$WWWPort$WWWProtocol$WWWProxyAddr$WWWUserName$Web$WebAuthTitleEx$WebCacheEx$WebCached$WebSitesCheckInternet$\r\n$iTunes;net_http_transaction_impl_manager;$system$system$system$system$system$system$system$system$system$system$system$system$system$system$system$system$system$system$web\authinfo-account.htm$web\authinfo-content.htm$web\authinfo-site.htm$www.yahoo.com;www.icq.com;www.internic.net
                                                    • API String ID: 274475604-1563537684
                                                    • Opcode ID: a00645b6217c373d5f6b28e9308ab83a4e628853a5bcd0af9751a90a8af924ef
                                                    • Instruction ID: 61ad15c087904d98e4b6509c87c484e5115e82648fd67ccee3d5b78e12a0c00d
                                                    • Opcode Fuzzy Hash: a00645b6217c373d5f6b28e9308ab83a4e628853a5bcd0af9751a90a8af924ef
                                                    • Instruction Fuzzy Hash: C33392B1A40228AFDB15EB90DC46FE97B79BB94700F0081D9F909661C1EFB15B89CF51
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00420DC0, Relevance: 243.7, APIs: 83, Strings: 55, Instructions: 2208COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • _memset.LIBCMT ref: 00420E18
                                                    • _memset.LIBCMT ref: 00420E37
                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000105,?,?,?,000000FF,?,0041B6A0), ref: 00420E4D
                                                    • PathRemoveFileSpecW.SHLWAPI(?,?,?,?,000000FF,?,0041B6A0), ref: 00420E5A
                                                    • __swprintf.LIBCMT ref: 00420E73
                                                    • GetPrivateProfileIntW.KERNEL32 ref: 00420E8E
                                                    • GetPrivateProfileIntW.KERNEL32 ref: 00420EAD
                                                    • GetPrivateProfileIntW.KERNEL32 ref: 00420EE8
                                                    • GetPrivateProfileIntW.KERNEL32 ref: 00420F0A
                                                    • GetPrivateProfileIntW.KERNEL32 ref: 00420F29
                                                    • _memset.LIBCMT ref: 00420F81
                                                    • _memset.LIBCMT ref: 00420FA0
                                                    • __swprintf.LIBCMT ref: 00421031
                                                    • __swprintf.LIBCMT ref: 0042105F
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: PrivateProfile$_memset$__swprintf$File$ModuleNamePathRemoveSpec
                                                    • String ID: %s\AccInfo.ini$00:00-24:00$1$AuthModel$AuthType$AutoDisable$BandWidth$BandWidth2$BandwidthQuota$BandwidthQuotaPeriod$BelongsGroup$BelongsGroupName$ContentFilter$DNSFilter$DisableDateTime$Enable$EnableBandwidthQuota$EnableContentFilter$EnableIPAddress$EnableLeftTime$EnableMACAddress$EnableSiteFilter$EnableURLFilter$EnableUserPassword$Filter%03d$Filter%d$IPAddressHigh$IPAddressLow$IsGroup$LeftTime$MACAddress$Mask%d$MaxConn$NTDomain$NTUserAuth$Name$Password$ServiceMask$SiteFilter$SiteFilterModel$System$Time%03d$Time%d$TimeSchedule$TimeScheduleCount$URLFilter$User%03d$User%d$UserCount$UserName$WebFilter$WebFilterCount$\CCProxy.ini$\LeftTime.ini$_NT_USER_AUTH
                                                    • API String ID: 3698595619-311345086
                                                    • Opcode ID: e7e2f544f89b4e6d3554e71235ecbac8059c7d78ea288448652139ad8f14b53c
                                                    • Instruction ID: 258314493c27a8f4e58f1be27f8f8735560796022e3272ece5c38665f2d56e71
                                                    • Opcode Fuzzy Hash: e7e2f544f89b4e6d3554e71235ecbac8059c7d78ea288448652139ad8f14b53c
                                                    • Instruction Fuzzy Hash: 30235BB1D001289BCB24EB64EDA5EEEB7B5BF44304F4480DAA14DA7281EB745BC4CF95
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00478170, Relevance: 102.0, APIs: 36, Strings: 22, Instructions: 498memorytimeCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 1172 478170-478345 call 5282c0 call 41dca0 call 5283a0 GetModuleFileNameW call 4111d0 call 5283a0 call 527d48 call 5283a0 * 2 GetPrivateProfileStringW call 5283a0 GetPrivateProfileStringW StrTrimW * 2 call 415d60 call 476be0 call 415f90 1197 478347-47834b 1172->1197 1198 478369-47836d 1172->1198 1197->1198 1199 47834d-478364 call 415f60 call 4d8300 1197->1199 1200 4783a0-4783c4 call 5284d4 call 52f41c 1198->1200 1201 47836f-478373 1198->1201 1199->1198 1213 4783c6 1200->1213 1214 4783d0-4783d7 1200->1214 1201->1200 1204 478375-478382 call 415f90 1201->1204 1204->1200 1212 478384-47839d call 415f60 call 52a646 1204->1212 1212->1200 1213->1214 1216 47854f-478667 call 5283a0 call 528446 call 5283a0 call 528446 call 5283a0 * 2 1214->1216 1217 4783dd-4783e7 1214->1217 1246 478669-4786c6 call 499b00 call 415f60 call 528474 call 415e20 call 527d48 1216->1246 1247 4786c8-4786d4 call 499b00 1216->1247 1217->1216 1220 4783ed-4784ba call 5283a0 GetWindowsDirectoryW call 528446 GetPrivateProfileIntW GetSystemTime call 46e7c0 call 43a400 call 478f00 call 455a70 1217->1220 1248 4784bc-478516 call 5283a0 call 527d48 WritePrivateProfileStringW 1220->1248 1249 478518-478524 1220->1249 1278 478725-4787e8 call 4154c0 call 415d60 call 4171c0 call 415f60 call 43b970 call 43ba90 call 415e40 call 415e20 call 415f60 call 528446 1246->1278 1253 4786d9-478722 call 415f60 call 528474 call 415e20 call 527d48 1247->1253 1248->1216 1254 478526-478543 call 528180 1249->1254 1255 478545 1249->1255 1253->1278 1254->1216 1254->1255 1255->1216 1299 478926-47895f call 4d8300 call 43d630 call 415e20 1278->1299 1300 4787ee-478800 call 4d8300 1278->1300 1311 478964-478995 call 415e20 call 527c5d 1299->1311 1304 478805-47880c 1300->1304 1304->1299 1306 478812-478819 1304->1306 1306->1299 1308 47881f-478921 call 42d9b0 call 411930 call 415f60 WritePrivateProfileStringW call 415e20 * 2 call 42d9b0 call 411930 call 415f60 WritePrivateProfileStringW call 415e20 * 2 call 43c140 1306->1308 1308->1299
                                                    APIs
                                                      • Part of subcall function 0041DCA0: EnterCriticalSection.KERNEL32(?,221F11CB), ref: 0041DCE4
                                                    • _memset.LIBCMT ref: 004781C1
                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,?,00000400), ref: 004781D7
                                                      • Part of subcall function 004111D0: _wcsrchr.LIBCMT ref: 004111DC
                                                    • _memset.LIBCMT ref: 0047820A
                                                    • __swprintf.LIBCMT ref: 00478225
                                                    • _memset.LIBCMT ref: 00478244
                                                    • _memset.LIBCMT ref: 00478263
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 0047828D
                                                    • _memset.LIBCMT ref: 004782AA
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 004782D4
                                                    • StrTrimW.SHLWAPI(?,0058329C), ref: 004782E6
                                                    • StrTrimW.SHLWAPI(?,005832A0), ref: 004782F8
                                                      • Part of subcall function 00476BE0: _DebugHeapAllocator.LIBCPMTD ref: 00476C17
                                                      • Part of subcall function 00476BE0: _memset.LIBCMT ref: 00476C33
                                                      • Part of subcall function 00476BE0: GetModuleFileNameW.KERNEL32(00000000,?,00000105,?,?,005CAFC0), ref: 00476C49
                                                      • Part of subcall function 00476BE0: _memset.LIBCMT ref: 00476C7C
                                                      • Part of subcall function 00476BE0: __swprintf.LIBCMT ref: 00476C97
                                                      • Part of subcall function 00476BE0: _memset.LIBCMT ref: 00476CC0
                                                      • Part of subcall function 00476BE0: _wcslen.LIBCMT ref: 00476CCC
                                                    • _wcsncpy.LIBCMT ref: 00478398
                                                    • _wcslen.LIBCMT ref: 004783A5
                                                    • __wcsnicmp.LIBCMT ref: 004783BA
                                                    • _memset.LIBCMT ref: 0047840D
                                                    • GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 00478421
                                                    • _wcscat.LIBCMT ref: 00478433
                                                    • GetPrivateProfileIntW.KERNEL32 ref: 00478450
                                                    • GetSystemTime.KERNEL32(?), ref: 00478463
                                                    • _memset.LIBCMT ref: 004784D3
                                                    • __swprintf.LIBCMT ref: 004784EE
                                                    • WritePrivateProfileStringW.KERNEL32(Product,?,?,?), ref: 00478510
                                                    • _memset.LIBCMT ref: 00478566
                                                    • _wcscat.LIBCMT ref: 004785D7
                                                    • _memset.LIBCMT ref: 00478604
                                                    • _wcscat.LIBCMT ref: 0047861A
                                                    • _memset.LIBCMT ref: 00478639
                                                    • _memset.LIBCMT ref: 00478658
                                                    • _wcscpy.LIBCMT ref: 00478696
                                                    • _wcscpy.LIBCMT ref: 004786F5
                                                    • __swprintf.LIBCMT ref: 0047871D
                                                    • _DebugHeapAllocator.LIBCPMTD ref: 004787B5
                                                    • _wcscat.LIBCMT ref: 004787DC
                                                    • WritePrivateProfileStringW.KERNEL32(System,RegCode,005833B0,00000000), ref: 00478880
                                                    • WritePrivateProfileStringW.KERNEL32(System,UserName,005833F0,00000000), ref: 00478901
                                                    • __swprintf.LIBCMT ref: 004786BE
                                                      • Part of subcall function 004D8300: _memset.LIBCMT ref: 004D83D8
                                                      • Part of subcall function 004D8300: _sprintf.LIBCMT ref: 004D83FC
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: _memset$PrivateProfile$String__swprintf$_wcscat$Write$AllocatorDebugFileHeapModuleNameTrim_wcscpy_wcslen$CriticalDirectoryEnterSectionSystemTimeWindows__wcsnicmp_sprintf_wcsncpy_wcsrchr
                                                    • String ID: Build %Y%m%d$%s %s$%s (Unregistered)$%s\CCProxy.ini$09:57:26$8.0$Bondevik$Bondevik$Jul 22 2016$Product$Product$RegCode$RegCode$System$System$System$System$UserName$UserName$\CCProxy.ini$\CCProxy.ini$\Win.ini
                                                    • API String ID: 1801667485-3887209922
                                                    • Opcode ID: a8006e06f01181c17150100a84238df7b2eb8c85831624a7e14c9394ee61e711
                                                    • Instruction ID: 9db145fd5bc1da9c564de827d3a6e2a062f8a15afdcde032075705bec79bc474
                                                    • Opcode Fuzzy Hash: a8006e06f01181c17150100a84238df7b2eb8c85831624a7e14c9394ee61e711
                                                    • Instruction Fuzzy Hash: 8F12B4B1D00628AEDB24EBA0EC46BEE7775AF58704F0040EAE50DA61C1EF755B88CF55
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004385E0, Relevance: 68.8, APIs: 25, Strings: 14, Instructions: 599filetimeCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 1336 4385e0-43861f call 5282c0 1339 438662-43866c 1336->1339 1340 438621-438634 1336->1340 1341 438672-438683 1339->1341 1342 438c0b-438c15 1339->1342 1343 438636-43863d 1340->1343 1344 438658-43865d 1340->1344 1348 43876b-43877c 1341->1348 1349 438689-438755 call 42f690 call 42f6a0 call 43b020 call 42f6a0 call 4f5862 ScreenToClient * 2 call 42f6a0 PtInRect 1341->1349 1350 438d95-438d9f 1342->1350 1351 438c1b-438c33 call 4e71c2 1342->1351 1345 438641-438653 call 4e74a5 1343->1345 1346 43863f 1343->1346 1347 438efb-438f13 call 527c5d 1344->1347 1345->1347 1346->1339 1356 438862-438883 call 4e71c2 1348->1356 1357 438782-43884c call 42f690 call 42f6a0 call 43b020 call 42f6a0 call 4f5862 ScreenToClient * 2 call 42f6a0 PtInRect 1348->1357 1349->1348 1449 438757-438766 call 43b060 1349->1449 1352 438da5-438db6 1350->1352 1353 438eec-438ef6 call 4980c0 1350->1353 1372 438c35-438c47 ShellExecuteW 1351->1372 1373 438c4d-438c65 call 4e71c2 1351->1373 1352->1353 1360 438dbc-438ed6 call 42f690 call 42f6a0 call 43b020 call 42f6a0 call 4f5862 ScreenToClient * 2 call 42f6a0 PtInRect 1352->1360 1353->1347 1375 438b30-438b48 call 4e71c2 1356->1375 1376 438889-43888f 1356->1376 1357->1356 1455 43884e-43885d call 43b060 1357->1455 1360->1353 1463 438ed8-438ee7 call 43b060 1360->1463 1372->1373 1387 438cc1-438cd9 call 4e71c2 1373->1387 1388 438c67-438cbc call 43c9e0 call 415f60 call 4d05b0 call 415e20 1373->1388 1375->1342 1398 438b4e-438b54 1375->1398 1383 438891-438895 1376->1383 1384 43889b-438916 call 5283a0 call 42d9b0 call 527d48 call 415e20 ShellExecuteW 1376->1384 1383->1384 1391 43891b-438921 1383->1391 1384->1375 1387->1350 1419 438cdf-438d18 call 415d60 call 4e62ba call 4119e0 1387->1419 1388->1387 1391->1375 1396 438927-438a6d GetLocalTime call 433b70 call 433f00 call 5283a0 * 3 call 434430 call 434590 call 434660 call 5283a0 call 5280be 1391->1396 1496 438aca-438b0b call 527d48 1396->1496 1497 438a6f-438ac8 call 527d48 1396->1497 1406 438b5a-438ba3 call 5283a0 call 527d48 call 4ea340 1398->1406 1407 438be9-438bef 1398->1407 1464 438ba5-438bbc DeleteFileW 1406->1464 1465 438bbe 1406->1465 1415 438bf3-438c05 ShellExecuteW 1407->1415 1416 438bf1 1407->1416 1415->1342 1416->1342 1467 438d83-438d90 call 415e20 1419->1467 1468 438d1a-438d7e call 43c9e0 call 415f60 call 4d05b0 call 415e20 call 4e72c6 1419->1468 1449->1348 1455->1356 1463->1353 1466 438bc8-438be7 call 488ef0 call 4dbe30 1464->1466 1465->1466 1466->1342 1467->1350 1468->1467 1502 438b0e-438b2b call 4ea340 call 433b90 1496->1502 1497->1502 1502->1375
                                                    APIs
                                                    • ScreenToClient.USER32 ref: 0043870E
                                                    • ScreenToClient.USER32 ref: 0043871E
                                                    • ScreenToClient.USER32 ref: 00438805
                                                    • ScreenToClient.USER32 ref: 00438815
                                                    • PtInRect.USER32(00000000,?,?), ref: 00438844
                                                    • _memset.LIBCMT ref: 004388B2
                                                    • __swprintf.LIBCMT ref: 004388E4
                                                    • ShellExecuteW.SHELL32(00000000,open,?,00000000,?,00000005), ref: 00438910
                                                    • GetLocalTime.KERNEL32(?,0000040A,221F11CB,?,00564DA8,000000FF), ref: 0043892E
                                                    • _memset.LIBCMT ref: 004389AD
                                                    • _memset.LIBCMT ref: 004389CC
                                                    • _memset.LIBCMT ref: 004389EB
                                                      • Part of subcall function 00434430: __swprintf.LIBCMT ref: 00434575
                                                      • Part of subcall function 00434590: _wcscpy.LIBCMT ref: 004345AE
                                                      • Part of subcall function 00434660: __swprintf.LIBCMT ref: 0043470B
                                                    • _memset.LIBCMT ref: 00438A51
                                                    • __wcsicoll.LIBCMT ref: 00438A63
                                                    • __swprintf.LIBCMT ref: 00438AC0
                                                    • __swprintf.LIBCMT ref: 00438B06
                                                    • _memset.LIBCMT ref: 00438B71
                                                    • __swprintf.LIBCMT ref: 00438B8A
                                                    • ShellExecuteW.SHELL32(00000000,open,taskmgr,00000000,00000000,00000005), ref: 00438C05
                                                    • ShellExecuteW.SHELL32(00000000,open,http://www.facebook.com/ccproxyhome,00000000,00000000,00000005), ref: 00438C47
                                                    • ScreenToClient.USER32 ref: 00438E6B
                                                    • ScreenToClient.USER32 ref: 00438E7E
                                                    • PtInRect.USER32(00000000,?,?), ref: 00438ECE
                                                    • DeleteFileW.KERNEL32(?,Save Debug Info to Log\log.dat?,00000024,00000000), ref: 00438BAC
                                                      • Part of subcall function 0043B060: PostMessageW.USER32(?,?,?,?), ref: 0043B07A
                                                    • PtInRect.USER32(00000000,?,?), ref: 0043874D
                                                      • Part of subcall function 004F5862: ClientToScreen.USER32(?,?), ref: 004F5873
                                                      • Part of subcall function 004F5862: ClientToScreen.USER32(?,?), ref: 004F5880
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: ClientScreen$__swprintf_memset$ExecuteRectShell$DeleteFileLocalMessagePostTime__wcsicoll_wcscpy
                                                    • String ID: %d-%d-%d%d-%d-%d$%s\$%s\log.dat$CCProxy$CCProxy$ChineseGB$Save Debug Info to Log\log.dat?$http://update.youngzsoft.com/updatesystem/update.php$http://update.youngzsoft.com/updatesystem/update.php$http://www.facebook.com/ccproxyhome$open$open$open$taskmgr
                                                    • API String ID: 856492309-3474688409
                                                    • Opcode ID: df1fc08bcca136e437a5bbeecdb391e7431fe81edf0f7d88c39718286eb8dbac
                                                    • Instruction ID: 2a14c2888862263a27f283f0e13ed12767e3d03e2401951d0db8a69d2defcea0
                                                    • Opcode Fuzzy Hash: df1fc08bcca136e437a5bbeecdb391e7431fe81edf0f7d88c39718286eb8dbac
                                                    • Instruction Fuzzy Hash: CF42AD70A00618ABCB14DF91DC95BEEB775FF49301F4081AAF50AAB681DB786E80CF55
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00499420, Relevance: 61.6, APIs: 11, Strings: 24, Instructions: 365COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    • _memset.LIBCMT ref: 0049946C
                                                      • Part of subcall function 00499290: _memset.LIBCMT ref: 004992DC
                                                      • Part of subcall function 00499290: GetModuleFileNameW.KERNEL32(00000000,?,00000400,?,?,221F11CB), ref: 004992F2
                                                      • Part of subcall function 00499290: _DebugHeapAllocator.LIBCPMTD ref: 004993A2
                                                      • Part of subcall function 00499290: _DebugHeapAllocator.LIBCPMTD ref: 004993CF
                                                      • Part of subcall function 00411930: _DebugHeapAllocator.LIBCPMTD ref: 00411968
                                                      • Part of subcall function 00411930: _DebugHeapAllocator.LIBCPMTD ref: 004119AA
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 004994E4
                                                    • PathFileExistsW.SHLWAPI(00000000,?,?,?,?,?,?,?,?,?,?,221F11CB), ref: 00499591
                                                    • WritePrivateProfileStringW.KERNEL32(Settings,Language,ENU,00000000), ref: 00499631
                                                      • Part of subcall function 00415DA0: _DebugHeapAllocator.LIBCPMTD ref: 00415DF5
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: AllocatorDebugHeap$FilePrivateProfileString_memset$ExistsModuleNamePathWrite
                                                    • String ID: //root/LANG[@ITEM='%s']$ENU$ENU$ENU$ENU$ENU$ENU$Language$Language$Language$Language$Language$Settings$Settings$Settings$Settings$Settings$\Language.ini$\Language.ini$\Language.ini$\Language.ini$\Language.ini$\Language.xml$\Language.xml
                                                    • API String ID: 3442697496-2972738269
                                                    • Opcode ID: 62e5ca74d845f9dc3d0b1cd5d6da2c04ee6800ef55a4cb97084ffa80c3848754
                                                    • Instruction ID: 231a0bea657dca03433a008ae41e35f5438a8d35dfd2ecff01bd123c7096d14c
                                                    • Opcode Fuzzy Hash: 62e5ca74d845f9dc3d0b1cd5d6da2c04ee6800ef55a4cb97084ffa80c3848754
                                                    • Instruction Fuzzy Hash: 28F15AB4D50218DADB24EB64DD56BDEBBB4AF54308F0040EEA40DA7292EB741F88CF55
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00434BB0, Relevance: 43.9, APIs: 13, Strings: 12, Instructions: 171COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    • _memset.LIBCMT ref: 00434BFC
                                                    • _wcscpy.LIBCMT ref: 00434C10
                                                      • Part of subcall function 0042D9B0: _memset.LIBCMT ref: 0042D9E4
                                                      • Part of subcall function 0042D9B0: GetModuleFileNameW.KERNEL32(00000000,?,00000400), ref: 0042D9FA
                                                      • Part of subcall function 00411930: _DebugHeapAllocator.LIBCPMTD ref: 00411968
                                                      • Part of subcall function 00411930: _DebugHeapAllocator.LIBCPMTD ref: 004119AA
                                                    • WritePrivateProfileStringW.KERNEL32(System,Ver,?,00000000), ref: 00434C7E
                                                    • _memset.LIBCMT ref: 00434CB8
                                                    • _wcscpy.LIBCMT ref: 00434CE8
                                                    • _memset.LIBCMT ref: 00434D12
                                                    • GetLocaleInfoW.KERNEL32(00001400,00000003,?,00000004), ref: 00434D42
                                                    • __swprintf.LIBCMT ref: 00434D54
                                                    • __wcsicoll.LIBCMT ref: 00434D68
                                                    • __swprintf.LIBCMT ref: 00434D80
                                                      • Part of subcall function 00527D48: __woutput_l.LIBCMT ref: 00527D9D
                                                    • __wcsicoll.LIBCMT ref: 00434D94
                                                    • __swprintf.LIBCMT ref: 00434DAC
                                                    • WritePrivateProfileStringW.KERNEL32(System,Language,?,00000000), ref: 00434E1A
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: _memset$__swprintf$AllocatorDebugHeapPrivateProfileStringWrite__wcsicoll_wcscpy$FileInfoLocaleModuleName__woutput_l
                                                    • String ID: 8.0$CHS$CHT$ChineseBig5$ChineseGB$English$Language$System$System$Ver$\CCProxy.ini$\CCProxy.ini
                                                    • API String ID: 3814533407-272968231
                                                    • Opcode ID: b8266a3a4cdbf9281493342104c7f743008e6768f56af178e298ae65aded84ed
                                                    • Instruction ID: 75fb87ba319b97a9f9ed097a78196d49e4a764703987e2faf13e381544578c74
                                                    • Opcode Fuzzy Hash: b8266a3a4cdbf9281493342104c7f743008e6768f56af178e298ae65aded84ed
                                                    • Instruction Fuzzy Hash: 9C61A2B1E502289BCB34EB60EC4AAEE7775BF59700F00419AF50D62181EE756B88CF56
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00434800, Relevance: 33.5, APIs: 15, Strings: 4, Instructions: 225COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: 8.0$System$Ver$\CCProxy.ini
                                                    • API String ID: 0-4076858167
                                                    • Opcode ID: a289a3b68f05e8794d5eceee273a0507ac10fc7c8898a03d40aac9a312614d88
                                                    • Instruction ID: e92fa9da62bb9a7e8ed15c5ddb80d7f49a54c3c8f774bcb52adbdbb6eb3a1b17
                                                    • Opcode Fuzzy Hash: a289a3b68f05e8794d5eceee273a0507ac10fc7c8898a03d40aac9a312614d88
                                                    • Instruction Fuzzy Hash: 109195B0D013189FDB24EBA0DD49BEFB774AF98314F1045A9E209A72D1DB746A84CF58
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004C7A40, Relevance: 13.7, APIs: 9, Instructions: 185COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: CountTick_memset
                                                    • String ID:
                                                    • API String ID: 2917666825-0
                                                    • Opcode ID: 0fea9bb6549a8d07a240e33b21a1eb61e2da49c6c205916c47e1931ff187977f
                                                    • Instruction ID: 6ed8348fdf4f63820fe2f75c52b22c990ff6a91ba891a89514237c9dc302e4ba
                                                    • Opcode Fuzzy Hash: 0fea9bb6549a8d07a240e33b21a1eb61e2da49c6c205916c47e1931ff187977f
                                                    • Instruction Fuzzy Hash: 45812979D0420AEFDB40CFA8D988FAEBBB1BF44304F10855AE415A7340D779AA45DF98
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004C9FE0, Relevance: 13.6, APIs: 9, Instructions: 141COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 63afecb64b528edae4859fc138dae8dcb162bdeca15e67d53d02110262f3db72
                                                    • Instruction ID: 26bfc82506b47a38f7f499d5cee81f84ca83f934204fe9eb16b648b656ef1acd
                                                    • Opcode Fuzzy Hash: 63afecb64b528edae4859fc138dae8dcb162bdeca15e67d53d02110262f3db72
                                                    • Instruction Fuzzy Hash: 46513874900208DBDB04DFE4C849BEEBBB5BF48318F108229E515AB3D5D7756989DB44
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00497300, Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 280COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 004CA540: _memset.LIBCMT ref: 004CA5A4
                                                      • Part of subcall function 004CA540: GetVersionExW.KERNEL32(0000011C,?,?,221F11CB), ref: 004CA5BD
                                                      • Part of subcall function 004CA540: GetVersionExW.KERNEL32(00000114,?,?,221F11CB), ref: 004CA5E3
                                                      • Part of subcall function 004D0FA0: GetLastError.KERNEL32(?,004DC241,00000001,*** ERROR *** serviceconrolclient client to server disconnect,?,?,?,?,?,?,?), ref: 004D0FB7
                                                      • Part of subcall function 0043B090: GetSystemMenu.USER32(?,00497384,?,?,00497384,00000000,?,?,?,221F11CB), ref: 0043B0A2
                                                    • GetPrivateProfileIntW.KERNEL32 ref: 004975FD
                                                      • Part of subcall function 00498950: AppendMenuW.USER32 ref: 0049896A
                                                      • Part of subcall function 0049AC60: _DebugHeapAllocator.LIBCPMTD ref: 0049AD06
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: MenuVersion$AllocatorAppendDebugErrorHeapLastPrivateProfileSystem_memset
                                                    • String ID: .ini$AutoUpdate$System$http://update.youngzsoft.com/updatesystem/update.php
                                                    • API String ID: 3820656938-815695822
                                                    • Opcode ID: 79272a90737a8a97af752ea3b61c7d5219829c46344f6a75173cbb0f6fe22381
                                                    • Instruction ID: fc6676dc7aaa2d4cc6c70d14e2139d6f08a168da8fa25b2d9087e9e647c8960c
                                                    • Opcode Fuzzy Hash: 79272a90737a8a97af752ea3b61c7d5219829c46344f6a75173cbb0f6fe22381
                                                    • Instruction Fuzzy Hash: 1BB15FB0E00208EBDB04EBE5DC52BEEBB75AF44308F54412EE505BB2D2DB782945CB59
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0043C9E0, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 70COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • _memset.LIBCMT ref: 0043CA2C
                                                      • Part of subcall function 0042D9B0: _memset.LIBCMT ref: 0042D9E4
                                                      • Part of subcall function 0042D9B0: GetModuleFileNameW.KERNEL32(00000000,?,00000400), ref: 0042D9FA
                                                      • Part of subcall function 00411930: _DebugHeapAllocator.LIBCPMTD ref: 00411968
                                                      • Part of subcall function 00411930: _DebugHeapAllocator.LIBCPMTD ref: 004119AA
                                                    • GetPrivateProfileStringW.KERNEL32 ref: 0043CAA4
                                                      • Part of subcall function 00415DA0: _DebugHeapAllocator.LIBCPMTD ref: 00415DF5
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: AllocatorDebugHeap$_memset$FileModuleNamePrivateProfileString
                                                    • String ID: UserName$\CCProxy.ini$system
                                                    • API String ID: 3105024401-1899421726
                                                    • Opcode ID: e6d2cf86a58cfd469e5bdabf6a8a825187b5e3a6ae920867a1c4810c3cdc7f9f
                                                    • Instruction ID: 13af1be6f21c034fb8e4742c27dd4245e131efd2d5858672bdeecf1def36ff8a
                                                    • Opcode Fuzzy Hash: e6d2cf86a58cfd469e5bdabf6a8a825187b5e3a6ae920867a1c4810c3cdc7f9f
                                                    • Instruction Fuzzy Hash: 982129B1D002189BCB14DF64EC42BEDB7F8BF88704F00C1A9A459A6281EF756A858FD5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004DE4C0, Relevance: 63.4, APIs: 26, Strings: 10, Instructions: 364COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 1506 4de4c0-4de4f2 call 4ca980 1509 4de4fb-4de503 call 4cde50 1506->1509 1510 4de4f4-4de4f6 1506->1510 1514 4de50c-4de538 InitCommonControlsEx call 4f8973 call 502997 1509->1514 1515 4de505-4de507 1509->1515 1511 4dea12-4dea20 1510->1511 1520 4de54f-4de568 call 50126f CoInitialize call 43cb10 1514->1520 1521 4de53a-4de54a call 49af20 1514->1521 1515->1511 1528 4de56a-4de56c 1520->1528 1529 4de571-4de58a call 5280be 1520->1529 1521->1511 1528->1511 1532 4de58c-4de59f call 49ae60 1529->1532 1533 4de5a4-4de5bd call 5280be 1529->1533 1532->1511 1538 4de6bd-4de6e4 call 5284d4 call 52f41c 1533->1538 1539 4de5c3-4de606 call 43cca0 FindWindowW SendMessageW call 4ddb80 call 4db860 1533->1539 1548 4de6ea-4de700 call 4ddb80 call 4db860 1538->1548 1549 4de783-4de79c call 5280be 1538->1549 1556 4de60d-4de619 call 4dead0 1539->1556 1565 4de707-4de713 call 4dead0 1548->1565 1558 4de826-4de83f call 5280be 1549->1558 1559 4de7a2-4de7b8 call 4ddb80 call 4db860 1549->1559 1567 4de639-4de67f call 4dbe30 call 4dbd50 call 4de0e0 RegOpenKeyExW 1556->1567 1568 4de61b-4de633 Sleep 1556->1568 1575 4de8c9-4de8e2 call 5280be 1558->1575 1576 4de845-4de85b call 4ddb80 call 4db860 1558->1576 1587 4de7bf-4de7cb call 4dead0 1559->1587 1585 4de715-4de72d Sleep 1565->1585 1586 4de733-4de77e call 4dbe30 * 2 Sleep call 4dbd50 call 4de0e0 1565->1586 1614 4de69b-4de6a7 call 43ce60 1567->1614 1615 4de681-4de695 call 43cff0 RegDeleteValueW RegCloseKey 1567->1615 1573 4de635 1568->1573 1574 4de637 1568->1574 1573->1567 1574->1556 1591 4de96c-4de971 call 43ce60 1575->1591 1592 4de8e8-4de8fe call 4ddb80 call 4db860 1575->1592 1605 4de862-4de86e call 4dead0 1576->1605 1593 4de72f 1585->1593 1594 4de731 1585->1594 1586->1511 1603 4de7cd-4de7e5 Sleep 1587->1603 1604 4de7eb-4de821 call 4dbe30 Sleep call 4dbd50 call 4de0e0 1587->1604 1608 4de976-4de98f call 5280be 1591->1608 1630 4de905-4de911 call 4dead0 1592->1630 1593->1586 1594->1565 1610 4de7e9 1603->1610 1611 4de7e7 1603->1611 1604->1511 1626 4de88e-4de8c4 call 4dbe30 Sleep call 4dbd50 call 4de0e0 1605->1626 1627 4de870-4de888 Sleep 1605->1627 1632 4de99f-4dea0c call 43aa10 GetClassInfoW call 4e6334 call 4f9051 call 4f855b call 485d20 call 4f9095 1608->1632 1633 4de991-4de99d call 43cc90 call 49f3d0 1608->1633 1610->1587 1611->1604 1641 4de6a9-4de6b4 Sleep 1614->1641 1642 4de6b6-4de6b8 1614->1642 1615->1614 1626->1511 1636 4de88c 1627->1636 1637 4de88a 1627->1637 1652 4de931-4de967 call 4dbe30 Sleep call 4dbd50 call 4de0e0 1630->1652 1653 4de913-4de92b Sleep 1630->1653 1632->1511 1633->1511 1636->1605 1637->1626 1641->1614 1642->1511 1652->1511 1658 4de92d 1653->1658 1659 4de92f 1653->1659 1658->1652 1659->1630
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: __wcsnicmp
                                                    • String ID: #32770$-restart$-restart$-service$-start$-stop$-uninstall$-uninstall: uninstall program-start: start service-stop: stop service-restart: restart service-update: update xml data$-update$Software\Microsoft\Windows\CurrentVersion\Run
                                                    • API String ID: 1038674560-1780307479
                                                    • Opcode ID: af14797be7f6c4d13be023d89b85f7e351b16cc330ed4f9bbeda0fcf61c0e0be
                                                    • Instruction ID: 4784ea35b9d075c9ddf1a3af68d09172de8d831f23d3eb24e349fd30c93f1049
                                                    • Opcode Fuzzy Hash: af14797be7f6c4d13be023d89b85f7e351b16cc330ed4f9bbeda0fcf61c0e0be
                                                    • Instruction Fuzzy Hash: 9AD1A670A40208DBDB14B7A2DC66B6E7A65BF40748F10442FF706AF3C1EF7999049B5A
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0049A6A0, Relevance: 49.4, APIs: 19, Strings: 9, Instructions: 368memoryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 1803 49a6a0-49a70c call 5283a0 call 415d60 * 2 1810 49a70e-49a72c call 415e20 * 2 1803->1810 1811 49a731-49a7aa call 4e48fe call 415f60 call 499b00 call 415e40 call 415e20 call 415f60 call 4e73da 1803->1811 1820 49ac3d-49ac55 call 527c5d 1810->1820 1833 49a7ac-49a7c4 call 4f4b05 1811->1833 1834 49a7e3-49a7ed call 49f1f0 1811->1834 1842 49a7cc-49a7de call 49f310 call 49f3a0 1833->1842 1839 49a7f3-49a7fa 1834->1839 1840 49ab9b-49abaf 1839->1840 1841 49a800-49a848 call 5283a0 GetClassNameW call 5280be 1839->1841 1849 49abd1-49abe0 IsMenu 1840->1849 1850 49abb1-49abcf call 415e20 * 2 1840->1850 1858 49a84a-49a85d call 49f1f0 1841->1858 1859 49a85f-49a875 call 5280be 1841->1859 1842->1834 1854 49ac02-49ac38 call 49ac60 call 415e20 * 2 1849->1854 1855 49abe2-49ac00 call 415e20 * 2 1849->1855 1850->1820 1854->1820 1855->1820 1858->1839 1872 49a88f-49a8a5 call 5280be 1859->1872 1873 49a877-49a88a call 49f1f0 1859->1873 1880 49a8bf-49a8d5 call 5280be 1872->1880 1881 49a8a7-49a8ba call 49f1f0 1872->1881 1873->1839 1887 49a8db-49a936 call 49f1f0 call 5283a0 GetClassNameW call 5280be 1880->1887 1888 49a961-49a977 call 5280be 1880->1888 1881->1839 1909 49a949-49a95c call 49f1f0 1887->1909 1910 49a938-49a946 call 49a6a0 1887->1910 1893 49a979-49a99d call 49ed30 call 49f1f0 1888->1893 1894 49a9a2-49a9b8 call 5280be 1888->1894 1893->1839 1902 49a9ea-49aa00 call 5280be 1894->1902 1903 49a9ba-49a9d0 call 5280be 1894->1903 1918 49aa32-49aaa8 call 4e48fe call 415f60 call 499b00 call 415e40 call 415e20 call 415f60 call 4e73da 1902->1918 1919 49aa02-49aa06 1902->1919 1903->1902 1916 49a9d2-49a9e5 call 49f1f0 1903->1916 1909->1839 1910->1909 1916->1839 1940 49aaad-49aab1 1918->1940 1922 49aa08-49aa1c call 4e7382 1919->1922 1923 49aa1e-49aa2d call 4e7382 1919->1923 1922->1918 1923->1918 1941 49ab83-49ab96 call 49f1f0 1940->1941 1942 49aab7-49aaec call 415d80 call 411820 1940->1942 1941->1839 1949 49aaee-49ab50 call 44b1a0 call 415e40 call 415e20 call 415f60 call 4e73da 1942->1949 1950 49ab55-49ab7e call 415f60 call 4f4398 call 415e20 1942->1950 1949->1950 1950->1941
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: __wcsicoll$_memset$AllocatorClassDebugHeapName
                                                    • String ID: Button$ComboBox$Edit$ReBarWindow32$Static$Static$SysIPAddress32$SysTreeView32$ToolbarWindow32
                                                    • API String ID: 1532573286-1467514715
                                                    • Opcode ID: 4dbcf53bb3fa65139468c0b8369f5e2b7e877019cf0d2001ded9eeb803314bbb
                                                    • Instruction ID: c300f13d239ba4fc7b98d32c1e90a748921980228409c90fa507e1b2e22a5dd3
                                                    • Opcode Fuzzy Hash: 4dbcf53bb3fa65139468c0b8369f5e2b7e877019cf0d2001ded9eeb803314bbb
                                                    • Instruction Fuzzy Hash: 0EF18271940219EBDB10EBA0EC5ABEDBB74BF58304F1040E9E50967292DB785F84CF95
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004CA540, Relevance: 42.2, APIs: 14, Strings: 10, Instructions: 247memoryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    • _memset.LIBCMT ref: 004CA5A4
                                                    • GetVersionExW.KERNEL32(0000011C,?,?,221F11CB), ref: 004CA5BD
                                                    • GetVersionExW.KERNEL32(00000114,?,?,221F11CB), ref: 004CA5E3
                                                    • _DebugHeapAllocator.LIBCPMTD ref: 004CA669
                                                    • _DebugHeapAllocator.LIBCPMTD ref: 004CA68B
                                                    • _DebugHeapAllocator.LIBCPMTD ref: 004CA6AD
                                                    • PathFileExistsW.SHLWAPI(C:\Windows\SysWOW64,?,?,221F11CB), ref: 004CA72D
                                                    • _DebugHeapAllocator.LIBCPMTD ref: 004CA742
                                                    • _DebugHeapAllocator.LIBCPMTD ref: 004CA754
                                                    • _DebugHeapAllocator.LIBCPMTD ref: 004CA7DB
                                                    • GetSystemInfo.KERNEL32(?,221F11CB,?,?,?,?,?, x86,?,?,221F11CB), ref: 004CA805
                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000400,?,?,?,?,?, x86,?,?,221F11CB), ref: 004CA819
                                                    • _DebugHeapAllocator.LIBCPMTD ref: 004CA8DA
                                                    • _DebugHeapAllocator.LIBCPMTD ref: 004CA8E9
                                                      • Part of subcall function 00415DA0: _DebugHeapAllocator.LIBCPMTD ref: 00415DF5
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: AllocatorDebugHeap$FileVersion$ExistsInfoModuleNamePathSystem_memset
                                                    • String ID: x64$ x86$, PageSize %d, %s$C:\Windows\SysWOW64$Microsoft Windows 2000 $Microsoft Windows NT $Microsoft Windows Server 2003, $Microsoft Windows XP $PlatformId %u$Windows %d.%d
                                                    • API String ID: 119416888-1680468093
                                                    • Opcode ID: 0dda4868db8a6099eda6a943d94d3671b3273fbdd224719b5be130cefb14c678
                                                    • Instruction ID: ef46df5fc63e603e719a1872ff8cb58286ebf50985f1cc286ee446cad56fd9eb
                                                    • Opcode Fuzzy Hash: 0dda4868db8a6099eda6a943d94d3671b3273fbdd224719b5be130cefb14c678
                                                    • Instruction Fuzzy Hash: 17B16971911218DAEB24EB60DC45BEEBBB4BF55308F4480DEE04962282DF395F89CF95
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004392E0, Relevance: 37.1, APIs: 16, Strings: 5, Instructions: 331timewindowCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 2120 4392e0-43932d call 5282c0 call 497fb0 2125 439349-43934d 2120->2125 2126 43932f-439344 GetTickCount 2120->2126 2127 439353-439375 call 4dbe30 2125->2127 2128 439841-439859 call 527c5d 2125->2128 2126->2125 2133 4393a7-4393ae 2127->2133 2134 439377-4393a2 call 43b4c0 * 2 2127->2134 2135 4393e0-439467 call 4dbe30 call 5283a0 call 4dbe30 call 527d48 call 4e71c2 call 4e73da 2133->2135 2136 4393b0-4393db call 43b4c0 * 2 2133->2136 2134->2133 2155 439469-439470 2135->2155 2156 4394bd-4394cd call 4460b0 2135->2156 2136->2135 2157 439472-439481 2155->2157 2158 4394bb 2155->2158 2162 4394d2-4394d9 2156->2162 2160 439483-439498 call 4460b0 2157->2160 2161 43949a-4394b6 call 4460b0 2157->2161 2158->2162 2160->2158 2161->2158 2165 439581-43963c call 4467c0 call 5283a0 GetLocalTime call 527d48 call 4e71c2 SetWindowTextW call 4e71c2 call 43b1f0 call 4e71c2 call 4e74a5 2162->2165 2166 4394df-43951c call 411a00 call 41dc50 call 4dbe30 2162->2166 2197 43964e-439655 2165->2197 2198 43963e-439649 GetTickCount 2165->2198 2179 439521-43952e 2166->2179 2181 439530-439545 call 4460b0 2179->2181 2182 439547-43956a call 4460b0 2179->2182 2188 43956f-43957c call 411a70 2181->2188 2182->2188 2188->2165 2199 43971c-4397b9 Shell_NotifyIconW 2197->2199 2200 43965b-439665 call 45eb00 2197->2200 2198->2199 2201 4397c5-4397cc 2199->2201 2202 4397bb 2199->2202 2207 439677-439694 GetTickCount 2200->2207 2208 439667-439672 GetTickCount 2200->2208 2201->2128 2205 4397ce-43983a call 5283a0 GetLocalTime call 527d48 call 415f60 call 52a690 2201->2205 2202->2201 2205->2128 2224 43983c call 43b120 2205->2224 2207->2199 2210 43969a-4396a4 call 45eb00 2207->2210 2208->2199 2216 439711-439717 GetTickCount 2210->2216 2217 4396a6-43970e call 5283a0 call 45ed50 2210->2217 2216->2199 2217->2216 2224->2128
                                                    APIs
                                                    • GetTickCount.KERNEL32 ref: 0043933E
                                                    • _memset.LIBCMT ref: 0043940F
                                                    • __swprintf.LIBCMT ref: 0043943D
                                                    • _memset.LIBCMT ref: 004395A9
                                                    • GetLocalTime.KERNEL32(00000000,00000000,0000042B), ref: 004395B5
                                                    • __swprintf.LIBCMT ref: 004395D6
                                                    • SetWindowTextW.USER32(?,0000040A), ref: 004395F9
                                                    • GetTickCount.KERNEL32 ref: 0043963E
                                                    • GetTickCount.KERNEL32 ref: 00439667
                                                    • GetTickCount.KERNEL32 ref: 00439677
                                                    • _memset.LIBCMT ref: 004396FA
                                                    • GetTickCount.KERNEL32 ref: 00439711
                                                    • Shell_NotifyIconW.SHELL32(00000001,?), ref: 0043979F
                                                    • _memset.LIBCMT ref: 004397E5
                                                    • GetLocalTime.KERNEL32(?,0000040C,-00000005,0000040C), ref: 004397F4
                                                    • __swprintf.LIBCMT ref: 00439816
                                                      • Part of subcall function 0045EB00: LoadLibraryW.KERNEL32(rasapi32.dll,?,00439660,0000040C), ref: 0045EB23
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: CountTick$_memset$__swprintf$LocalTime$IconLibraryLoadNotifyShell_TextWindow
                                                    • String ID: %02d:%02d:%02d$%02d:%02d$%d/%d$diconnected$l\
                                                    • API String ID: 1409800316-4098793081
                                                    • Opcode ID: e8b5923a78fddc6b19d27199be4a36bbae8fed09a52799a82363ad7f86a4f96c
                                                    • Instruction ID: 6167dc983c6f7d32ab8f60e4250c4838f7fe53cdf0e31f8e787605c6512c165f
                                                    • Opcode Fuzzy Hash: e8b5923a78fddc6b19d27199be4a36bbae8fed09a52799a82363ad7f86a4f96c
                                                    • Instruction Fuzzy Hash: D4D1C3B0A40214DFDB24DB61EC56BA973B9FF58704F00419EE20AAB2C1DB785984DF5D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004DBE30, Relevance: 35.3, APIs: 14, Strings: 6, Instructions: 321COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 2227 4dbe30-4dbe73 call 5282c0 2230 4dbe75-4dbe92 call 4dbd70 2227->2230 2231 4dbe97-4dbf13 call 41dca0 call 5283a0 call 52ab81 call 4c8380 2227->2231 2236 4dc320-4dc339 call 527c5d 2230->2236 2245 4dbf15-4dbf19 2231->2245 2246 4dbf34-4dbf38 2231->2246 2245->2246 2247 4dbf1b-4dbf1f 2245->2247 2248 4dbf9c-4dbfb4 call 4c8380 2246->2248 2249 4dbf3a-4dbf97 call 4cb190 call 412150 call 4c8380 call 412130 2246->2249 2247->2246 2251 4dbf21-4dbf28 2247->2251 2253 4dbfb9-4dbfbd 2248->2253 2249->2248 2251->2246 2254 4dbf2a-4dbf2e 2251->2254 2256 4dc09b-4dc0c7 call 4c7a40 2253->2256 2257 4dbfc3-4dbfc7 2253->2257 2254->2246 2254->2253 2265 4dc12c-4dc172 call 52a877 call 4debfc call 5283a0 2256->2265 2266 4dc0c9-4dc10e shutdown closesocket 2256->2266 2257->2256 2260 4dbfcd-4dbff8 call 4c7a40 2257->2260 2267 4dbffd-4dbfff 2260->2267 2289 4dc175-4dc182 2265->2289 2266->2265 2269 4dc110-4dc127 call 4d0fa0 call 4d3a40 2266->2269 2270 4dc064-4dc096 call 52a877 2267->2270 2271 4dc001-4dc046 shutdown closesocket 2267->2271 2269->2265 2270->2236 2271->2270 2275 4dc048-4dc05f call 4d0fa0 call 4d3a40 2271->2275 2275->2270 2290 4dc188-4dc1a5 call 5292f0 2289->2290 2291 4dc2a2-4dc2b4 call 4cb530 2289->2291 2296 4dc1ac-4dc1ec call 5292f0 call 4c7a40 2290->2296 2297 4dc1a7 2290->2297 2295 4dc2b9-4dc31d call 415f60 call 52a646 call 415e20 call 4dec07 2291->2295 2295->2236 2308 4dc1ee-4dc233 shutdown closesocket 2296->2308 2309 4dc253-4dc269 call 557aac 2296->2309 2297->2291 2308->2309 2312 4dc235-4dc251 call 4d0fa0 call 4d3a40 2308->2312 2316 4dc29d 2309->2316 2317 4dc26b-4dc27d call 5292f0 2309->2317 2312->2291 2316->2289 2324 4dc27f 2317->2324 2325 4dc281-4dc29b call 5292f0 2317->2325 2324->2291 2325->2291
                                                    APIs
                                                    Strings
                                                    • %u,%u,%u,%u, xrefs: 004DBEDC
                                                    • ., xrefs: 004DBF9C
                                                    • *** ERROR *** serviceconrolclient client to server disconnect, xrefs: 004DC048
                                                    • *** ERROR *** serviceconrolclient client to server disconnect, xrefs: 004DC235
                                                    • *** ERROR *** serviceconrolclient client to server disconnect, xrefs: 004DC110
                                                    • ., xrefs: 004DC253
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: _memset_sprintfclosesocketshutdown
                                                    • String ID: .$%u,%u,%u,%u$*** ERROR *** serviceconrolclient client to server disconnect$*** ERROR *** serviceconrolclient client to server disconnect$*** ERROR *** serviceconrolclient client to server disconnect$.
                                                    • API String ID: 4262161645-2172016983
                                                    • Opcode ID: 65c462f1f41103616f15398206bcca381cb081cd4965be860843d42888935ea7
                                                    • Instruction ID: 937612dcae23f01c317365e221ac7563b5eab4f7192fa35378f67c0da3bff912
                                                    • Opcode Fuzzy Hash: 65c462f1f41103616f15398206bcca381cb081cd4965be860843d42888935ea7
                                                    • Instruction Fuzzy Hash: 57E18DB49001599BCB24DF54DDD9BDAB3B5AF48304F0042EAE649A7381D7B8AEC0CF94
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004E2A3A, Relevance: 28.2, APIs: 13, Strings: 3, Instructions: 175windowCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 2408 4e2a3a-4e2a56 call 4e734e 2411 4e2a5d-4e2a64 2408->2411 2412 4e2a58-4e2a5b 2408->2412 2414 4e2a66-4e2a6f GetParent 2411->2414 2415 4e2a71-4e2a76 GetWindow 2411->2415 2413 4e2a98-4e2aaf GetWindowRect 2412->2413 2417 4e2ab5-4e2ab7 2413->2417 2418 4e2b40-4e2b67 GetParent GetClientRect * 2 MapWindowPoints 2413->2418 2416 4e2a7c-4e2a80 2414->2416 2415->2416 2416->2413 2419 4e2a82-4e2a94 SendMessageW 2416->2419 2420 4e2ab9-4e2ac7 GetWindowLongW 2417->2420 2421 4e2ad2-4e2adb 2417->2421 2422 4e2b6d-4e2bb4 2418->2422 2419->2413 2423 4e2a96 2419->2423 2424 4e2ac9-4e2ace 2420->2424 2425 4e2ad0 2420->2425 2426 4e2add-4e2ae4 call 42f6b0 2421->2426 2427 4e2b17-4e2b3e GetWindowRect call 4e00e5 call 4e0152 CopyRect 2421->2427 2428 4e2bbe-4e2bc2 2422->2428 2429 4e2bb6-4e2bbc 2422->2429 2423->2413 2424->2421 2424->2425 2425->2421 2439 4e2ae9-4e2b15 call 4e00e5 call 4e0152 CopyRect * 2 2426->2439 2440 4e2ae6 2426->2440 2427->2422 2432 4e2bc7-4e2bcf 2428->2432 2433 4e2bc4 2428->2433 2429->2428 2436 4e2bda-4e2bdd 2432->2436 2437 4e2bd1-4e2bd7 2432->2437 2433->2432 2441 4e2bdf 2436->2441 2442 4e2be2-4e2bf7 call 4e781d 2436->2442 2437->2436 2439->2422 2440->2439 2441->2442
                                                    APIs
                                                      • Part of subcall function 004E734E: GetWindowLongW.USER32(?,000000F0), ref: 004E7359
                                                    • GetParent.USER32(?), ref: 004E2A69
                                                    • SendMessageW.USER32(00000000,0000036B,00000000,00000000), ref: 004E2A8C
                                                    • GetWindowRect.USER32 ref: 004E2AA6
                                                    • GetWindowLongW.USER32(00000000,000000F0), ref: 004E2ABC
                                                    • CopyRect.USER32 ref: 004E2B09
                                                    • CopyRect.USER32 ref: 004E2B13
                                                    • GetWindowRect.USER32 ref: 004E2B1C
                                                      • Part of subcall function 004E00E5: MonitorFromWindow.USER32(00000002,00000000), ref: 004E00FC
                                                      • Part of subcall function 004E0152: GetMonitorInfoW.USER32(00000002,00000000), ref: 004E016C
                                                      • Part of subcall function 004E0152: MultiByteToWideChar.KERNEL32(00000000,00000000,00000028,000000FF,00000028,00000020), ref: 004E0192
                                                    • CopyRect.USER32 ref: 004E2B38
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: RectWindow$Copy$LongMonitor$ByteCharFromInfoMessageMultiParentSendWide
                                                    • String ID: ($6;N$6;N
                                                    • API String ID: 1958002487-1118960499
                                                    • Opcode ID: 821d7d7734c968268fda36cd07f2887027f5761b562c1e40178329df6f40caf9
                                                    • Instruction ID: ee1e50b825ffa59ecdb49145fbf113462323c8e8d7c745edf512ff661cd2ce65
                                                    • Opcode Fuzzy Hash: 821d7d7734c968268fda36cd07f2887027f5761b562c1e40178329df6f40caf9
                                                    • Instruction Fuzzy Hash: F251AB72900219AFCB10CFAADD89AEFBBBDAF48311F050126EA15F3250D774A9419B64
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00423A20, Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 287timeCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 2450 423a20-423b1d call 5282c0 call 5283a0 call 527d48 CreateDirectoryW call 5283a0 GetLocalTime call 527d48 * 2 call 52a44d 2464 423b22-423b2c 2450->2464 2465 423b32-423b6b call 52a302 call 52a20a call 52a302 2464->2465 2466 423ebf-423ed9 call 527c5d 2464->2466 2475 423eb3-423ebc call 529d17 2465->2475 2476 423b71-423b9c call 4debfc 2465->2476 2475->2466 2481 423ba2-423c07 call 52a050 call 529d17 2476->2481 2482 423ea5-423eae call 529d17 2476->2482 2490 423c0d-423c18 2481->2490 2488 423eb1 2482->2488 2488->2466 2491 423e88-423ea3 call 4dec07 2490->2491 2492 423c1e-423c3f call 420b60 2490->2492 2491->2488 2497 423c41 2492->2497 2498 423c46-423c7f call 420b60 2492->2498 2497->2491 2501 423c81 2498->2501 2502 423c86-423cbf call 420b60 2498->2502 2501->2491 2505 423cc1 2502->2505 2506 423cc6-423d01 call 411ad0 2502->2506 2505->2491 2510 423d07-423d8b call 49a150 call 415f60 call 411af0 call 5280be call 415e20 2506->2510 2511 423e74-423e83 2506->2511 2522 423d91-423e6d call 52a8bc call 411af0 call 52a8bc call 411af0 * 4 2510->2522 2523 423e6f 2510->2523 2511->2490 2522->2511 2523->2511
                                                    APIs
                                                    • _memset.LIBCMT ref: 00423A6E
                                                    • __swprintf.LIBCMT ref: 00423A87
                                                    • CreateDirectoryW.KERNEL32(?,00000000,?,?,?,000000FF,?,004234ED), ref: 00423A98
                                                    • _memset.LIBCMT ref: 00423AB5
                                                    • GetLocalTime.KERNEL32(?,?,?,?,?,?,?,000000FF,?,004234ED), ref: 00423AC1
                                                    • __swprintf.LIBCMT ref: 00423AE2
                                                      • Part of subcall function 00527D48: __woutput_l.LIBCMT ref: 00527D9D
                                                    • __swprintf.LIBCMT ref: 00423B02
                                                      • Part of subcall function 00527D48: __flsbuf.LIBCMT ref: 00527DBB
                                                      • Part of subcall function 00527D48: __flsbuf.LIBCMT ref: 00527DD3
                                                      • Part of subcall function 0052A44D: __wfsopen.LIBCMT ref: 0052A45A
                                                    • _fseek.LIBCMT ref: 00423B3A
                                                    • _ftell.LIBCMT ref: 00423B46
                                                    • _fseek.LIBCMT ref: 00423B5C
                                                      • Part of subcall function 0052A302: __lock_file.LIBCMT ref: 0052A34D
                                                      • Part of subcall function 0052A302: __fseek_nolock.LIBCMT ref: 0052A35D
                                                    • __fread_nolock.LIBCMT ref: 00423BB6
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: __swprintf$__flsbuf_fseek_memset$CreateDirectoryLocalTime__fread_nolock__fseek_nolock__lock_file__wfsopen__woutput_l_ftell
                                                    • String ID: %04d%02d%02d$%s\data%s.txt
                                                    • API String ID: 3052221378-4268829844
                                                    • Opcode ID: eb6b01d29f755dae098395a7f4041d367662cca8f3841d9fbedd954b9bcee9fe
                                                    • Instruction ID: 62c3afc34647c1fab2b7ba2ab1b6674153caf4adcbeade982b2c25c6ccd0d9d5
                                                    • Opcode Fuzzy Hash: eb6b01d29f755dae098395a7f4041d367662cca8f3841d9fbedd954b9bcee9fe
                                                    • Instruction Fuzzy Hash: 4AC191B1D01228ABCB24EF94DC4DBAEB7B4BF88300F0481DAE40967291D7795E85CF55
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0043CB10, Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 99sleepwindowCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    • FindWindowW.USER32(?,00000000), ref: 0043CB40
                                                    • __wcsicoll.LIBCMT ref: 0043CB57
                                                    • SendMessageW.USER32(00000000,00000002,00000000,00000000), ref: 0043CB7A
                                                      • Part of subcall function 0043CE60: lstrcpyW.KERNEL32 ref: 0043CE8E
                                                      • Part of subcall function 0043CE60: lstrcatW.KERNEL32(?,?), ref: 0043CEA4
                                                      • Part of subcall function 0043CE60: lstrcatW.KERNEL32(?, is running), ref: 0043CEB6
                                                      • Part of subcall function 0043CE60: CreateMutexW.KERNEL32(00000000,00000000,?), ref: 0043CEC7
                                                      • Part of subcall function 0043CE60: GetLastError.KERNEL32 ref: 0043CEE8
                                                      • Part of subcall function 0043CE60: CloseHandle.KERNEL32(00000000), ref: 0043CF02
                                                    • Sleep.KERNEL32(000003E8,?,?,?,?,?,00000000,00565345,000000FF,?,004DE566), ref: 0043CB93
                                                    • __wcsicoll.LIBCMT ref: 0043CBB0
                                                    • __wcsicoll.LIBCMT ref: 0043CBCF
                                                    • WritePrivateProfileStringW.KERNEL32(System,NTService,0057A764,00000000), ref: 0043CC27
                                                      • Part of subcall function 0043CF40: OpenSCManagerW.ADVAPI32(00000000,00000000,000F003F,?,?,?,?,?,?,?,0043CB6D,CCProxy), ref: 0043CF4F
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: __wcsicoll$lstrcat$CloseCreateErrorFindHandleLastManagerMessageMutexOpenPrivateProfileSendSleepStringWindowWritelstrcpy
                                                    • String ID: -installsvr$-shutdown$-uninstsvr$CCProxy$NTService$System$\CCProxy.ini
                                                    • API String ID: 152537392-32734517
                                                    • Opcode ID: b047dd57959d4f5e64d6b3acd3dc15b2a9521d2de8fab966d4f20f568b4da6f2
                                                    • Instruction ID: b50ade109fecaa44f5aec766fba6c21806a43f4f00cb818a8829ec50ee0da403
                                                    • Opcode Fuzzy Hash: b047dd57959d4f5e64d6b3acd3dc15b2a9521d2de8fab966d4f20f568b4da6f2
                                                    • Instruction Fuzzy Hash: A631C8B1A402049BCB04EBB5ED47FAE7774FB48704F00452AF505A72C1EB79A9049B56
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00498EA0, Relevance: 19.5, APIs: 3, Strings: 8, Instructions: 245COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00499290: _memset.LIBCMT ref: 004992DC
                                                      • Part of subcall function 00499290: GetModuleFileNameW.KERNEL32(00000000,?,00000400,?,?,221F11CB), ref: 004992F2
                                                      • Part of subcall function 00499290: _DebugHeapAllocator.LIBCPMTD ref: 004993A2
                                                      • Part of subcall function 00499290: _DebugHeapAllocator.LIBCPMTD ref: 004993CF
                                                      • Part of subcall function 00411930: _DebugHeapAllocator.LIBCPMTD ref: 00411968
                                                      • Part of subcall function 00411930: _DebugHeapAllocator.LIBCPMTD ref: 004119AA
                                                    • PathFileExistsW.SHLWAPI(00000000), ref: 00498F39
                                                      • Part of subcall function 00415DA0: _DebugHeapAllocator.LIBCPMTD ref: 00415DF5
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: AllocatorDebugHeap$File$ExistsModuleNamePath_memset
                                                    • String ID: .ini$//root/LANG[@ITEM='%s']$URL$\Language.xml$\Language.xml$enu.ini$enu.ini$enu.ini
                                                    • API String ID: 1797372683-3073248528
                                                    • Opcode ID: d51d5187a6728056ce3cc674d01d700c5e8269d41791fff25b0d0f71794c51f2
                                                    • Instruction ID: 4a22004859a93c908509001992471897243ed99b2d0b849158e9b8415afe2f54
                                                    • Opcode Fuzzy Hash: d51d5187a6728056ce3cc674d01d700c5e8269d41791fff25b0d0f71794c51f2
                                                    • Instruction Fuzzy Hash: 04B17E70D04158DADB14EB65DC56BEEBBB4AF55304F4080EEE009A7282EB386F84CF95
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004D3AD0, Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 160COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetExtendedTcpTable.IPHLPAPI(00000000,00000000,00000000,00000002,00000003,00000000), ref: 004D3AFC
                                                    • _malloc.LIBCMT ref: 004D3B15
                                                    • GetExtendedTcpTable.IPHLPAPI(00001F55,00000000,00000000,00000002,00000003,00000000), ref: 004D3B30
                                                    • GetExtendedUdpTable.IPHLPAPI(00000000,00000000,00000000,00000002,00000001,00000000), ref: 004D3BE5
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: ExtendedTable$_malloc
                                                    • String ID: z$z
                                                    • API String ID: 3524848358-3877588240
                                                    • Opcode ID: f8b42690d1f105b59cf7f9a749fcf3e8330d035fe6c685723a4a06e628a5b76e
                                                    • Instruction ID: cc0507c38041fefbc4b7056870489fbb34de16a6e056b2ca5e27f24dbc12b788
                                                    • Opcode Fuzzy Hash: f8b42690d1f105b59cf7f9a749fcf3e8330d035fe6c685723a4a06e628a5b76e
                                                    • Instruction Fuzzy Hash: 495182B1E00208EBDB04DFA4D895FEEBBB1BF48701F108416E105BB381D775AA41CB66
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00496090, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 132processstringsynchronizationCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • _memset.LIBCMT ref: 004960BF
                                                    • _memset.LIBCMT ref: 004960D2
                                                    • GetStartupInfoW.KERNEL32(00000044), ref: 004960EB
                                                    • lstrcpyW.KERNEL32 ref: 004960FC
                                                    • CreateProcessW.KERNEL32 ref: 0049617A
                                                      • Part of subcall function 0042D9B0: _memset.LIBCMT ref: 0042D9E4
                                                      • Part of subcall function 0042D9B0: GetModuleFileNameW.KERNEL32(00000000,?,00000400), ref: 0042D9FA
                                                    • CreateProcessW.KERNEL32 ref: 00496216
                                                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00496255
                                                    • CloseHandle.KERNEL32(?), ref: 00496262
                                                    • CloseHandle.KERNEL32(?), ref: 0049626F
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: _memset$CloseCreateHandleProcess$FileInfoModuleNameObjectSingleStartupWaitlstrcpy
                                                    • String ID: D
                                                    • API String ID: 3990388525-2746444292
                                                    • Opcode ID: 0fc0b0890ad4f6c2afed612fa78cfb2649ebd18f59df30d9d98248a826a6855f
                                                    • Instruction ID: 2ebaf85ee603b2cd6c6d6f6f357e4a815aff8b3f855594e01fc08bc646d09dcc
                                                    • Opcode Fuzzy Hash: 0fc0b0890ad4f6c2afed612fa78cfb2649ebd18f59df30d9d98248a826a6855f
                                                    • Instruction Fuzzy Hash: 48514BF19002189BDF20DF64DC46BE9B779AB44704F1082EAE24DA7281EB745AC8DF59
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0048C370, Relevance: 16.7, APIs: 11, Instructions: 152networkstringCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00415DA0: _DebugHeapAllocator.LIBCPMTD ref: 00415DF5
                                                    • lstrlenW.KERNEL32(00000000,?,005890C0,000000FF,005DB644,221F11CB), ref: 0048C3E2
                                                    • socket.WS2_32(00000002,00000001,00000000), ref: 0048C403
                                                    • htons.WS2_32(00000050), ref: 0048C41E
                                                    • inet_addr.WS2_32(00000000), ref: 0048C449
                                                    • gethostbyname.WS2_32(00000000), ref: 0048C481
                                                    • connect.WS2_32(?,?,00000010), ref: 0048C4C0
                                                    • shutdown.WS2_32(?,00000002), ref: 0048C4D0
                                                    • closesocket.WS2_32(?), ref: 0048C4DA
                                                    • getsockname.WS2_32(?,?,00000010), ref: 0048C4FD
                                                    • shutdown.WS2_32(?,00000002), ref: 0048C512
                                                    • closesocket.WS2_32(?), ref: 0048C51C
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: closesocketshutdown$AllocatorDebugHeapconnectgethostbynamegetsocknamehtonsinet_addrlstrlensocket
                                                    • String ID:
                                                    • API String ID: 1094714895-0
                                                    • Opcode ID: 0e016fffe7b19c0dc2fb703b5f869c4d6843d81af5883940171ad512d5237263
                                                    • Instruction ID: 6f3f658aa04a159b82bb12f995c96f69c9aa81f41172ab2f100e4985f30ca906
                                                    • Opcode Fuzzy Hash: 0e016fffe7b19c0dc2fb703b5f869c4d6843d81af5883940171ad512d5237263
                                                    • Instruction Fuzzy Hash: 5F515A71D10208DFCB04EFE4DD89BEEBBB5BF18314F10421AE416A7290DB786A49DB65
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00503B93, Relevance: 16.6, APIs: 11, Instructions: 106memoryCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • EnterCriticalSection.KERNEL32(0060DA24,?,?,?,0060DA08,0060DA08,?,00504020,00000004,004FAAFD,004E1353,004EBCD0,0041667C,00416112,?,00416112), ref: 00503BA6
                                                    • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,0060DA08,0060DA08,?,00504020,00000004,004FAAFD,004E1353,004EBCD0,0041667C,00416112), ref: 00503BFC
                                                    • GlobalHandle.KERNEL32(009EE3E0), ref: 00503C05
                                                    • GlobalUnlock.KERNEL32(00000000,?,?,?,0060DA08,0060DA08,?,00504020,00000004,004FAAFD,004E1353,004EBCD0,0041667C,00416112,?,00416112), ref: 00503C0F
                                                    • GlobalReAlloc.KERNEL32 ref: 00503C28
                                                    • GlobalHandle.KERNEL32(009EE3E0), ref: 00503C3A
                                                    • GlobalLock.KERNEL32 ref: 00503C41
                                                    • LeaveCriticalSection.KERNEL32(?,?,?,?,0060DA08,0060DA08,?,00504020,00000004,004FAAFD,004E1353,004EBCD0,0041667C,00416112,?,00416112), ref: 00503C4A
                                                    • GlobalLock.KERNEL32 ref: 00503C56
                                                    • _memset.LIBCMT ref: 00503C70
                                                    • LeaveCriticalSection.KERNEL32(?,?,00416112,`A,004160E8,00000000), ref: 00503C9E
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock_memset
                                                    • String ID:
                                                    • API String ID: 496899490-0
                                                    • Opcode ID: a475a41b70f0c9714f217f4f512977cebfec2f21249fbbd1b3d78ccb52e7f822
                                                    • Instruction ID: 32bcaa87ec9c59be51e63dfeaf3521be2f366416e3bf5bc4d4ced10423334c58
                                                    • Opcode Fuzzy Hash: a475a41b70f0c9714f217f4f512977cebfec2f21249fbbd1b3d78ccb52e7f822
                                                    • Instruction Fuzzy Hash: A831D071600704AFDB209F65EC89A1ABBF9FF84304B01482DE546D3690DB34ED84AF50
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00499B90, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 195memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • _DebugHeapAllocator.LIBCPMTD ref: 00499BE1
                                                      • Part of subcall function 00415E60: _DebugHeapAllocator.LIBCPMTD ref: 00415E6E
                                                    • _DebugHeapAllocator.LIBCPMTD ref: 00499C02
                                                    • _DebugHeapAllocator.LIBCPMTD ref: 00499C81
                                                    • _memset.LIBCMT ref: 00499C9D
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: AllocatorDebugHeap$_memset
                                                    • String ID: ENU$Language
                                                    • API String ID: 2124602632-2676254287
                                                    • Opcode ID: 0ad9ffd8436088ef198bf0b4b19a9b9e175b14aa10a7440e7134e826541ab64f
                                                    • Instruction ID: c514edb5ea4a3a03605b8708b26a1a7856d4013c9ea0f898ef3528551732da7a
                                                    • Opcode Fuzzy Hash: 0ad9ffd8436088ef198bf0b4b19a9b9e175b14aa10a7440e7134e826541ab64f
                                                    • Instruction Fuzzy Hash: 27912570900228DADB14EB65DC52BEEBBB8BF94704F40C1A9E48966291DF742F85CFD4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00437970, Relevance: 14.4, APIs: 5, Strings: 3, Instructions: 435COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 004E425A: GetDlgItem.USER32 ref: 004E426C
                                                      • Part of subcall function 00446680: Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 004466C9
                                                      • Part of subcall function 004304F0: SetTimer.USER32(?,?,80000001,00020019), ref: 0043050A
                                                      • Part of subcall function 004E74E7: KiUserCallbackDispatcher.NTDLL(?,?), ref: 004E74F8
                                                      • Part of subcall function 004E74A5: ShowWindow.USER32(?,?,?,004DF87A,00000000,0000E146,00000000,?,?,004963FF,?,?,0040D3CA), ref: 004E74B6
                                                      • Part of subcall function 004E71C2: GetDlgItem.USER32 ref: 004E71D3
                                                      • Part of subcall function 0042F730: GetWindowRect.USER32 ref: 0042F742
                                                      • Part of subcall function 004F5821: ScreenToClient.USER32 ref: 004F5832
                                                      • Part of subcall function 004F5821: ScreenToClient.USER32 ref: 004F583F
                                                    • _memset.LIBCMT ref: 00437B40
                                                    • _wcsncpy.LIBCMT ref: 00437BDB
                                                      • Part of subcall function 0043B210: LoadIconW.USER32(00000000,00000000), ref: 0043B222
                                                    • _memset.LIBCMT ref: 00437C32
                                                    • _Smanip.LIBCPMTD ref: 00437D40
                                                      • Part of subcall function 0043B5C0: SendMessageW.USER32(?,00000420,00000000,?), ref: 0043B5F2
                                                    • _Smanip.LIBCPMTD ref: 00437D67
                                                      • Part of subcall function 0043B580: SendMessageW.USER32(?,0000041F,00000000,?), ref: 0043B5B2
                                                      • Part of subcall function 0043B550: SendMessageW.USER32(?,0000044D,00000000,00000030), ref: 0043B569
                                                      • Part of subcall function 0043B4F0: SendMessageW.USER32(?,00000414,00000030,?), ref: 0043B50B
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: MessageSend$ClientItemProcessorScreenSmanipVirtualWindow_memset$CallbackConcurrency::DispatcherIconLoadRectRootRoot::ShowTimerUser_wcsncpy
                                                    • String ID: $%H:%M:%S$@
                                                    • API String ID: 1895176401-912394113
                                                    • Opcode ID: 5b37afc5c72bad261671da45054ab123a976ed9d67dda547a839fac82f8cbd61
                                                    • Instruction ID: f0afff90f6eb4040ece4776ed0ffcd8b5a5249d7c03b8536e04265f69912a291
                                                    • Opcode Fuzzy Hash: 5b37afc5c72bad261671da45054ab123a976ed9d67dda547a839fac82f8cbd61
                                                    • Instruction Fuzzy Hash: 27124F70A412199FEB24EB65DC52FED77B5BF44308F0080AEE149672C2DA742E45CF99
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0043CE60, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 53stringsynchronizationCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • lstrcpyW.KERNEL32 ref: 0043CE8E
                                                    • lstrcatW.KERNEL32(?,?), ref: 0043CEA4
                                                    • lstrcatW.KERNEL32(?, is running), ref: 0043CEB6
                                                    • CreateMutexW.KERNEL32(00000000,00000000,?), ref: 0043CEC7
                                                    • GetLastError.KERNEL32 ref: 0043CEE8
                                                    • CloseHandle.KERNEL32(00000000), ref: 0043CF02
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: lstrcat$CloseCreateErrorHandleLastMutexlstrcpy
                                                    • String ID: is running$Global\
                                                    • API String ID: 4034764511-32211391
                                                    • Opcode ID: 7b44acc5b9692bd44f1abaeeda0db25ca3171adf42c591bca0a8a55a3f90ff98
                                                    • Instruction ID: b7dfa446925d78b16893db177be5c8514bec9a994ba601cd9086156c8d2acaa1
                                                    • Opcode Fuzzy Hash: 7b44acc5b9692bd44f1abaeeda0db25ca3171adf42c591bca0a8a55a3f90ff98
                                                    • Instruction Fuzzy Hash: 36216D71540209CFCB14DB64ED8CBE9B7B5BBA8301F0406E9E00DA7291CBB49AC8EF55
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004D05B0, Relevance: 12.6, APIs: 2, Strings: 5, Instructions: 357COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • _memset.LIBCMT ref: 004D0601
                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,?,221F11CB), ref: 004D0617
                                                      • Part of subcall function 00415DA0: _DebugHeapAllocator.LIBCPMTD ref: 00415DF5
                                                      • Part of subcall function 004CB830: _strlen.LIBCMT ref: 004CB88D
                                                      • Part of subcall function 004CB830: _DebugHeapAllocator.LIBCPMTD ref: 004CB995
                                                      • Part of subcall function 0043B880: _DebugHeapAllocator.LIBCPMTD ref: 0043B91B
                                                      • Part of subcall function 0043B880: _DebugHeapAllocator.LIBCPMTD ref: 0043B933
                                                      • Part of subcall function 004CB830: Concurrency::task_continuation_context::task_continuation_context.LIBCPMTD ref: 004CB984
                                                    Strings
                                                    • %s -Upgrade "-UpdateUrl=%s" "-Silent" "-CheckUpdate" "-ProductName=%s" "-ReleaseTime=%s" "-MachineID=%s" "-License=%s, xrefs: 004D0AAE
                                                    • %s -Upgrade "-UpdateUrl=%s" "-ProductName=%s" "-ReleaseTime=%s" "-MachineID=%s" "-License=%s", xrefs: 004D0766
                                                    • .,C, xrefs: 004D0621, 004D0B34
                                                    • %s -Upgrade "-UpdateUrl=%s" "-Silent" "-ProductName=%s" "-ReleaseTime=%s" "-MachineID=%s" "-License=%s", xrefs: 004D090A
                                                    • .,C, xrefs: 004D097F, 004D07DB, 004D0637, 004D063A, 004D07DE, 004D0982
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: AllocatorDebugHeap$Concurrency::task_continuation_context::task_continuation_contextFileModuleName_memset_strlen
                                                    • String ID: %s -Upgrade "-UpdateUrl=%s" "-ProductName=%s" "-ReleaseTime=%s" "-MachineID=%s" "-License=%s"$%s -Upgrade "-UpdateUrl=%s" "-Silent" "-ProductName=%s" "-ReleaseTime=%s" "-MachineID=%s" "-License=%s"$%s -Upgrade "-UpdateUrl=%s" "-Silent" "-CheckUpdate" "-ProductName=%s" "-ReleaseTime=%s" "-MachineID=%s" "-License=%s$.,C$.,C
                                                    • API String ID: 2399523434-1216278022
                                                    • Opcode ID: 5c026e4e4929532bc338b44868e1df27f20473eb89382e060477b0deff62145d
                                                    • Instruction ID: c3c7e3c03513c4f8034607d589b828162f4231b405ce6c6bb3825eefe87f475c
                                                    • Opcode Fuzzy Hash: 5c026e4e4929532bc338b44868e1df27f20473eb89382e060477b0deff62145d
                                                    • Instruction Fuzzy Hash: 0CF13674D01258DBCB24EB64DC89BDEBBB9AF59304F1081DAE008A7281EB745F84CF65
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004C8140, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160networkCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • send.WS2_32(?,00000000,004C83A4,00000000), ref: 004C8183
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: send
                                                    • String ID: %s\log.dat
                                                    • API String ID: 2809346765-994237706
                                                    • Opcode ID: 985126abb88bb333fe7eb3bd161300b7470c4311dacbc6722df2f9450aac2a88
                                                    • Instruction ID: c50ae9146aa1b4b6599c4c09e89ac923504152bba2e2c813a988699559ca02c2
                                                    • Opcode Fuzzy Hash: 985126abb88bb333fe7eb3bd161300b7470c4311dacbc6722df2f9450aac2a88
                                                    • Instruction Fuzzy Hash: 3351D4B1D00249DBDB10DFA4DC45FEE7BB4BB54300F00446EF515A7280EB799A84CB65
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00490310, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 81COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00490362
                                                    • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00490374
                                                    • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00490386
                                                    • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00490398
                                                    • _wcscpy.LIBCMT ref: 004903D5
                                                    • _wcscpy.LIBCMT ref: 0049040B
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: ProcessorVirtual$Concurrency::RootRoot::$_wcscpy
                                                    • String ID: 6KC
                                                    • API String ID: 1480514945-603965140
                                                    • Opcode ID: dd15fd18478370e96551479b2547c0f841951a8b144f6f016fd648c6efc2f596
                                                    • Instruction ID: b46d1324d116be637aafcd86f523cb621026fdfac6edb82a3423066b31d5a017
                                                    • Opcode Fuzzy Hash: dd15fd18478370e96551479b2547c0f841951a8b144f6f016fd648c6efc2f596
                                                    • Instruction Fuzzy Hash: FD313AB0D00249EBDF04EBA8D852BEEBB75AF45308F54412DE601A72C2DB795A44CBE5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00529D93, Relevance: 10.7, APIs: 7, Instructions: 189COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
                                                    • String ID:
                                                    • API String ID: 3886058894-0
                                                    • Opcode ID: ce93a5c258a8e2cfdd412714679835bcec348ae102bba98e4ab697faca989b27
                                                    • Instruction ID: 548c37801d6f1d6fa3237134b80f0a6586be4c1f3db51596d266d6ca67aa72f8
                                                    • Opcode Fuzzy Hash: ce93a5c258a8e2cfdd412714679835bcec348ae102bba98e4ab697faca989b27
                                                    • Instruction Fuzzy Hash: 9051E571900225EBCF219FA9E94899EBFB9FF82320F248659F825923D1D7309E51DB50
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004377F0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 76COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00497170: Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 004971BF
                                                      • Part of subcall function 00490310: Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00490362
                                                      • Part of subcall function 00490310: Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00490374
                                                      • Part of subcall function 00490310: Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00490386
                                                      • Part of subcall function 00490310: Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00490398
                                                      • Part of subcall function 00490310: _wcscpy.LIBCMT ref: 004903D5
                                                      • Part of subcall function 00490310: _wcscpy.LIBCMT ref: 0049040B
                                                    • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00437851
                                                      • Part of subcall function 00445D10: Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00445D54
                                                      • Part of subcall function 00445D10: Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00445D72
                                                    • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00437875
                                                    • LoadImageW.USER32 ref: 00437894
                                                    • LoadImageW.USER32 ref: 004378B9
                                                    • LoadImageW.USER32 ref: 004378DE
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: ProcessorVirtual$Concurrency::RootRoot::$ImageLoad$_wcscpy
                                                    • String ID: 6KC
                                                    • API String ID: 1742207196-603965140
                                                    • Opcode ID: ba5e2717cb539cab8970b4d3413aae07d75703767bbda17d74300d426c63d305
                                                    • Instruction ID: cec3b7401bb5dd837d39ba0b70b5fafd4c6093a616ee89bb09effd250f1fc113
                                                    • Opcode Fuzzy Hash: ba5e2717cb539cab8970b4d3413aae07d75703767bbda17d74300d426c63d305
                                                    • Instruction Fuzzy Hash: 2031BFB0A41308AFEB14DB94DC06FAEB774FB08B04F104919F6516B3C2CBB62910DB59
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004DF96B, Relevance: 9.1, APIs: 6, Instructions: 137COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3_catch.LIBCMT ref: 004DF972
                                                    • GlobalLock.KERNEL32 ref: 004DFA4F
                                                    • CreateDialogIndirectParamW.USER32 ref: 004DFA7E
                                                    • DestroyWindow.USER32(00000000,?,0040FF52,?,221F11CB), ref: 004DFAF8
                                                    • GlobalUnlock.KERNEL32(?,?,0040FF52,?,221F11CB), ref: 004DFB08
                                                    • GlobalFree.KERNEL32 ref: 004DFB11
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: Global$CreateDestroyDialogFreeH_prolog3_catchIndirectLockParamUnlockWindow
                                                    • String ID:
                                                    • API String ID: 3003189058-0
                                                    • Opcode ID: 2f0bf1e4394806d02350174e03b42b5b788b3509b5e8ecfa6574481995f772db
                                                    • Instruction ID: f682ab6ce94a1a854c4e4c5fa96667ecb8ed49e6331a86e9f70081d92cb37fe3
                                                    • Opcode Fuzzy Hash: 2f0bf1e4394806d02350174e03b42b5b788b3509b5e8ecfa6574481995f772db
                                                    • Instruction Fuzzy Hash: 4251C07190014A9FCF20EFA4D8A59AEBBB1BF44300F14042FF506A7391CB789A49DB55
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004D1630, Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 243COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: AllocatorDebugHeap
                                                    • String ID: %08X$%c:\
                                                    • API String ID: 571936431-2126217607
                                                    • Opcode ID: 06225408b4f7215b41ebf89587daa79123b2a01336f63b5fa9fbe83d5c9e2f78
                                                    • Instruction ID: 552f54f27294b1f020fe08f8c57c377a1689544a82901c58b915a8f529b3768b
                                                    • Opcode Fuzzy Hash: 06225408b4f7215b41ebf89587daa79123b2a01336f63b5fa9fbe83d5c9e2f78
                                                    • Instruction Fuzzy Hash: 54B15970D01218EBDB24EB61DC5ABDEBBB5AF44304F1081DAE40967291DB796F84CF94
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004C7890, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 98COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • select.WS2_32(00000040,00000000,00000000,00000000,?), ref: 004C79D1
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: select
                                                    • String ID: @$@
                                                    • API String ID: 1274211008-149943524
                                                    • Opcode ID: eac4995f3815c07e6a1dffcd9b021453a2e74ed0106e7f0ceec24df669daf847
                                                    • Instruction ID: 63ed57ec2c4e25be79d9131484aca099390adf925e8976cd351760586766b8c8
                                                    • Opcode Fuzzy Hash: eac4995f3815c07e6a1dffcd9b021453a2e74ed0106e7f0ceec24df669daf847
                                                    • Instruction Fuzzy Hash: BA417CB894811C9BDBA4CF04D888BEDB771BB64300F2086CAE94967244C774AEC1CF98
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00458990, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69memorystringCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • _memset.LIBCMT ref: 00458A3C
                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000400,?,?,221F11CB), ref: 00458A52
                                                      • Part of subcall function 004111D0: _wcsrchr.LIBCMT ref: 004111DC
                                                    • _DebugHeapAllocator.LIBCPMTD ref: 00458A81
                                                      • Part of subcall function 00415E60: _DebugHeapAllocator.LIBCPMTD ref: 00415E6E
                                                    • lstrcpyW.KERNEL32 ref: 00458A95
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: AllocatorDebugHeap$FileModuleName_memset_wcsrchrlstrcpy
                                                    • String ID: 0.0.0.0
                                                    • API String ID: 363238158-3771769585
                                                    • Opcode ID: 65f88cc19a2df4359a4d3bf486dd42a41512a1f28220116f1fcf1a85c51a342f
                                                    • Instruction ID: dd9e17969d1d637449d842761ef9e69b430ce986b6652098682443a2e6239f04
                                                    • Opcode Fuzzy Hash: 65f88cc19a2df4359a4d3bf486dd42a41512a1f28220116f1fcf1a85c51a342f
                                                    • Instruction Fuzzy Hash: 3B3138B090021CDBDB14DF54DC4ABD9B7B8FF48714F00C2A9A559AB281DF741A868FE4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004DF54A, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 61COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: Edit
                                                    • API String ID: 0-554135844
                                                    • Opcode ID: 0b589e0a2dfc4f11ce589b690ad5d203bf88c601e63647fd1ed3265d050e1867
                                                    • Instruction ID: ca718d424d5c63183a2cd4dc7f07a64fd33918e5945672e4f2d70f29efd11cd1
                                                    • Opcode Fuzzy Hash: 0b589e0a2dfc4f11ce589b690ad5d203bf88c601e63647fd1ed3265d050e1867
                                                    • Instruction Fuzzy Hash: CE110231200202BAEA302E26BC38B6BBAA8AB40751F100437F117D23B3DF68DC48D958
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00497770, Relevance: 7.6, APIs: 5, Instructions: 121windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • Shell_NotifyIconW.SHELL32(00000002,?), ref: 004977C9
                                                    • PostQuitMessage.USER32(00000000), ref: 004977E1
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: IconMessageNotifyPostQuitShell_
                                                    • String ID:
                                                    • API String ID: 2461157658-0
                                                    • Opcode ID: da3714c96e0b04da193b8d91151a65b0bc3334e21dd96f3cde6a4a1708a8187e
                                                    • Instruction ID: 2ed62827c98898f381ea4b59c311337e309f8b8b8bcfff59ded129c6e8412edc
                                                    • Opcode Fuzzy Hash: da3714c96e0b04da193b8d91151a65b0bc3334e21dd96f3cde6a4a1708a8187e
                                                    • Instruction Fuzzy Hash: 4D413A70A24208AFDF04EFA1DC49FEEB774FF48714F10812AE51667291DB78A944CB55
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0052B370, Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • __lock.LIBCMT ref: 0052B38E
                                                      • Part of subcall function 00544676: __mtinitlocknum.LIBCMT ref: 0054468C
                                                      • Part of subcall function 00544676: __amsg_exit.LIBCMT ref: 00544698
                                                      • Part of subcall function 00544676: EnterCriticalSection.KERNEL32(?,?,?,005493B7,00000004,005BECC0,0000000C,00544358,?,?,00000000,00000000,00000000,?,005351BC,00000001), ref: 005446A0
                                                    • ___sbh_find_block.LIBCMT ref: 0052B399
                                                    • ___sbh_free_block.LIBCMT ref: 0052B3A8
                                                    • RtlFreeHeap.NTDLL(00000000,?,005BE438,0000000C,00544657,00000000,005BEC80,0000000C,00544691,?,?,?,005493B7,00000004,005BECC0,0000000C), ref: 0052B3D8
                                                    • GetLastError.KERNEL32(?,005493B7,00000004,005BECC0,0000000C,00544358,?,?,00000000,00000000,00000000,?,005351BC,00000001,00000214), ref: 0052B3E9
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                    • String ID:
                                                    • API String ID: 2714421763-0
                                                    • Opcode ID: 290a809ae1aceb850025aad31b1cc0d708b3cd50334a30851975f76ea5e78411
                                                    • Instruction ID: 9442ba3086aa47469a300f87ded66c1a75ad008d54773cb26d1044955da2ba55
                                                    • Opcode Fuzzy Hash: 290a809ae1aceb850025aad31b1cc0d708b3cd50334a30851975f76ea5e78411
                                                    • Instruction Fuzzy Hash: E901A271880323EAEF24AFB1BC0E79E3F64FFA2724F240818F414A60D1CB349940AA55
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004D8300, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 138COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 0041DCA0: EnterCriticalSection.KERNEL32(?,221F11CB), ref: 0041DCE4
                                                    • _memset.LIBCMT ref: 004D83D8
                                                    • _sprintf.LIBCMT ref: 004D83FC
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: CriticalEnterSection_memset_sprintf
                                                    • String ID: .$%u,%u,%u,%u
                                                    • API String ID: 719436349-1543347858
                                                    • Opcode ID: aa2d6b0418649654c225b51cb2f7edc1d8c1c91cf4739728e2bee76988560bb3
                                                    • Instruction ID: 367878a87977367269ca8100858b1bb9a1de4caf28fdbb726e9619f64ea291dc
                                                    • Opcode Fuzzy Hash: aa2d6b0418649654c225b51cb2f7edc1d8c1c91cf4739728e2bee76988560bb3
                                                    • Instruction Fuzzy Hash: 17516E30900158DBCB24DF58CDA9BFE73B5AF48314F0081AEE54997381DAB89E80CF69
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004FE60E, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 91COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 004EB9E9: __CxxThrowException@8.LIBCMT ref: 004EB9FF
                                                    • GetWindowRect.USER32 ref: 004FE678
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: Exception@8RectThrowWindow
                                                    • String ID: TO$TO$`mY
                                                    • API String ID: 3107861114-2580514097
                                                    • Opcode ID: b55243477bd712da1003bf3ab0597f874e6e24db2a3360122a150188754808e2
                                                    • Instruction ID: 61546b74e72b5591fbe503c876369377defcfaa6259fd11186b48669debdf733
                                                    • Opcode Fuzzy Hash: b55243477bd712da1003bf3ab0597f874e6e24db2a3360122a150188754808e2
                                                    • Instruction Fuzzy Hash: 25318F316007099FDB14DFA6C885A6BB7E5EF98311F10452EE65ACB3A1EB34E801CB58
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004D7EB0, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 90COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: CountTick
                                                    • String ID: 127.0.0.1$Service control listen on port %d$Start service control
                                                    • API String ID: 536389180-2470678717
                                                    • Opcode ID: 2a6dc198602174f3524c1934c4c7a425971fe000616807b6666d060409e36f6d
                                                    • Instruction ID: cb6bdb74fa6dc0807ce49c120c87e760001d3580f8a43896d0895fcbfc789dd9
                                                    • Opcode Fuzzy Hash: 2a6dc198602174f3524c1934c4c7a425971fe000616807b6666d060409e36f6d
                                                    • Instruction Fuzzy Hash: 72316AB4E0820A9BDB10DB94DC56BBEBBB1FB04708F10012FE515AB3C1E7B96940CB95
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00510B43, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42libraryloaderCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 0043AEB0: GetModuleHandleW.KERNEL32(00000000,?,?,004E2EA5,InitCommonControlsEx,00000000,?,004E3951,00080000,00008000,?,?,004E68F4,0040FF52,00080000,?), ref: 0043AECC
                                                      • Part of subcall function 0043AEB0: LoadLibraryW.KERNEL32(00000000,?,?,004E2EA5,InitCommonControlsEx,00000000,?,004E3951,00080000,00008000,?,?,004E68F4,0040FF52,00080000,?), ref: 0043AEED
                                                    • GetProcAddress.KERNEL32(00000000,DllGetVersion), ref: 00510B6C
                                                    • _memset.LIBCMT ref: 00510B85
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: AddressHandleLibraryLoadModuleProc_memset
                                                    • String ID: 6KC$DllGetVersion
                                                    • API String ID: 3385804498-2300934784
                                                    • Opcode ID: df6e24195e02fe777f11647bf50005244fee6f6d4a6c5f4f7cfecc6f5d3e8229
                                                    • Instruction ID: b3c266af9229676a70f43b6aa798ff038941ebd6d764d3388cecaef769e699c5
                                                    • Opcode Fuzzy Hash: df6e24195e02fe777f11647bf50005244fee6f6d4a6c5f4f7cfecc6f5d3e8229
                                                    • Instruction Fuzzy Hash: 3DF06271E002259FEB10EBED98C5F9A7AA8AB04714F100561EA14E3291E6B4DD4896A5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004236D0, Relevance: 6.2, APIs: 4, Instructions: 159COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: __wfsopen_feof_fgets_memset
                                                    • String ID:
                                                    • API String ID: 2189660842-0
                                                    • Opcode ID: 246504abaa3276bfca063fb43a5dd629ca41f25e0535efc00731fce6faf407b2
                                                    • Instruction ID: 56423dd1437da63ee71dc816febc1eeb64914054ffeef6d63edb41f66e99b9f1
                                                    • Opcode Fuzzy Hash: 246504abaa3276bfca063fb43a5dd629ca41f25e0535efc00731fce6faf407b2
                                                    • Instruction Fuzzy Hash: E66105B1D041A8DBCB14EBA4EC51BEEBBB4AF54300F44419EE04967282DBB85BC4CF65
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0049A300, Relevance: 6.1, APIs: 4, Instructions: 116COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • _memset.LIBCMT ref: 0049A340
                                                    • GetPrivateProfileStringA.KERNEL32(00000000,00000400,00000000,?,00000000,00000000), ref: 0049A423
                                                    • _wcsncpy.LIBCMT ref: 0049A49B
                                                    • _wcslen.LIBCMT ref: 0049A4B2
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: PrivateProfileString_memset_wcslen_wcsncpy
                                                    • String ID:
                                                    • API String ID: 2831771216-0
                                                    • Opcode ID: 05a668a68c37e4c9747143b4464d8775d3b525c1702e3b5a97c4128c0ab1fcb5
                                                    • Instruction ID: be1151363b18cb529fb88987299384b9a54e9922ccc5dcffcc2332b0d12ed096
                                                    • Opcode Fuzzy Hash: 05a668a68c37e4c9747143b4464d8775d3b525c1702e3b5a97c4128c0ab1fcb5
                                                    • Instruction Fuzzy Hash: 5651FAB19001189BCB14DB64DD91BDEB7B8AF58304F4041EDE609A7281DB746F84CF69
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00502997, Relevance: 6.1, APIs: 4, Instructions: 89networkCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3_GS.LIBCMT ref: 005029A1
                                                      • Part of subcall function 00503A45: __EH_prolog3_catch.LIBCMT ref: 00503A4C
                                                    • WSAStartup.WS2_32(00000101,?), ref: 005029E1
                                                      • Part of subcall function 004EB9E9: __CxxThrowException@8.LIBCMT ref: 004EB9FF
                                                    • WSACleanup.WSOCK32 ref: 00502A30
                                                    • WSASetLastError.WSOCK32(0000276C), ref: 00502A3B
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: CleanupErrorException@8H_prolog3_H_prolog3_catchLastStartupThrow
                                                    • String ID:
                                                    • API String ID: 3542062730-0
                                                    • Opcode ID: 3db1ce8a60cb56bb36ba37ad716a97517b28c2cdd1402ad66b1f358c31ae9fa1
                                                    • Instruction ID: e30245ff02c31599a3ed1eb662db0f15c6e5b459ef7f56431022de3c762f5eaf
                                                    • Opcode Fuzzy Hash: 3db1ce8a60cb56bb36ba37ad716a97517b28c2cdd1402ad66b1f358c31ae9fa1
                                                    • Instruction Fuzzy Hash: 8731DF71B042429BDF70FFB4898E76E7EE17F04314F14883EE25A965C2DAB098809A12
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004DDB80, Relevance: 6.1, APIs: 4, Instructions: 81threadnetworkCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • WSAStartup.WS2_32(00000101,?), ref: 004DDBAF
                                                    • InitializeCriticalSection.KERNEL32(?), ref: 004DDC2D
                                                    • InitializeCriticalSection.KERNEL32(?), ref: 004DDC40
                                                    • CreateThread.KERNEL32 ref: 004DDCE7
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: CriticalInitializeSection$CreateStartupThread
                                                    • String ID:
                                                    • API String ID: 4201988007-0
                                                    • Opcode ID: e0845acd48a7f10ff0784a1d67a93c7b021a3432acdbf6402c198126df7db40f
                                                    • Instruction ID: 3953f1276928e8c431b4c5289fefd25cf6b3faca9c2334b8cff564a8e7a4ca17
                                                    • Opcode Fuzzy Hash: e0845acd48a7f10ff0784a1d67a93c7b021a3432acdbf6402c198126df7db40f
                                                    • Instruction Fuzzy Hash: A4411574A111188FEB20CF04C964BE9B7B1EF86308F1081DAD98D6B381C7B56E85DF86
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00497FB0, Relevance: 6.1, APIs: 4, Instructions: 73windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: IconImageLoadNotifyShell__memset_wcsncpy
                                                    • String ID:
                                                    • API String ID: 2777201643-0
                                                    • Opcode ID: 0f51d34ed02705df0e2fa40828852aa2cc0e7061ee51c015e29ad6b16b4a8898
                                                    • Instruction ID: b879c722f5240303c6622317c542c52e8ff661ce3009763bd81a9c73139df402
                                                    • Opcode Fuzzy Hash: 0f51d34ed02705df0e2fa40828852aa2cc0e7061ee51c015e29ad6b16b4a8898
                                                    • Instruction Fuzzy Hash: D4218074A00308BFDB04EF94D88AB9DBB79BF48304F1041A9E545AB382DB756A84CB49
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004383A0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 89COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: S
                                                    • API String ID: 0-543223747
                                                    • Opcode ID: 618d7952ebc52881585f473e427120903dfcec51757c333110e85fa77dbf6818
                                                    • Instruction ID: 523db3f2a8fcebc966d04ec33733d9bf1500ba01cd42c6bf9b5acde00a35a56a
                                                    • Opcode Fuzzy Hash: 618d7952ebc52881585f473e427120903dfcec51757c333110e85fa77dbf6818
                                                    • Instruction Fuzzy Hash: 55318470604209EFCF14CF60CD419AFB7A5AB9C350F20D42EF50996681EF389E40DB59
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004CA980, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 58COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __wcsnicmp.LIBCMT ref: 004CA9BD
                                                      • Part of subcall function 004CAB90: _swscanf.LIBCMT ref: 004CABF6
                                                      • Part of subcall function 004CAB90: GetLocalTime.KERNEL32(?,?,?,?,?,221F11CB), ref: 004CAC19
                                                      • Part of subcall function 004CAB90: GetModuleFileNameW.KERNEL32(00000000,?,00000200,?,?,?,?,221F11CB), ref: 004CAC2D
                                                      • Part of subcall function 004CAB90: CreateDirectoryW.KERNEL32(?,00000000,?,00000200,\dump,?,?,?,?,?,?,221F11CB), ref: 004CAC68
                                                      • Part of subcall function 004CAB90: _rand.LIBCMT ref: 004CAC6E
                                                      • Part of subcall function 004CAB90: CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 004CACED
                                                      • Part of subcall function 004D0FA0: GetLastError.KERNEL32(?,004DC241,00000001,*** ERROR *** serviceconrolclient client to server disconnect,?,?,?,?,?,?,?), ref: 004D0FB7
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: CreateFile$DirectoryErrorLastLocalModuleNameTime__wcsnicmp_rand_swscanf
                                                    • String ID: *** Error *** Check dump file$-dump
                                                    • API String ID: 3948345655-200341069
                                                    • Opcode ID: 968939584b2254749ec571dd4a3d4adcd7f6bf447d92d40f0dabed2182c10d4f
                                                    • Instruction ID: 9d2116dfdfc4b12189d33506bf70f25989b5ffdec0ec8f8c7da4a2e658092362
                                                    • Opcode Fuzzy Hash: 968939584b2254749ec571dd4a3d4adcd7f6bf447d92d40f0dabed2182c10d4f
                                                    • Instruction Fuzzy Hash: C611C4B1A406049FE710EB65EC03F5A7BA4EB04718F10466EE905873D2E67AA914C79A
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00497170, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 004971BF
                                                      • Part of subcall function 004FE3A4: __EH_prolog3.LIBCMT ref: 004FE3AB
                                                      • Part of subcall function 0043B210: LoadIconW.USER32(00000000,00000000), ref: 0043B222
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: ProcessorVirtual$Concurrency::H_prolog3IconLoadRootRoot::
                                                    • String ID: 6KC$6KC
                                                    • API String ID: 976168712-3757944975
                                                    • Opcode ID: 676b005177ef8a5ad1d237f1edc43010de5353e979c8bc164a5cbd01f9c0c5b6
                                                    • Instruction ID: 3c4b0ec8e44b130142ba0a2b9279e6a93a400c8a75a66909ad72fe27d6092699
                                                    • Opcode Fuzzy Hash: 676b005177ef8a5ad1d237f1edc43010de5353e979c8bc164a5cbd01f9c0c5b6
                                                    • Instruction Fuzzy Hash: A2116DB0A0424DDFDB08DF98C851BAEBBB4FF48304F10466DE525AB381CB795A00CB95
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004DDAA0, Relevance: 5.1, APIs: 4, Instructions: 53sleepCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00495A40: _signal.LIBCMT ref: 00495A64
                                                      • Part of subcall function 00495A40: _signal.LIBCMT ref: 00495A73
                                                      • Part of subcall function 00495A40: _signal.LIBCMT ref: 00495A82
                                                    • EnterCriticalSection.KERNEL32(?,?,?,004DDB74,?), ref: 004DDAC6
                                                    • LeaveCriticalSection.KERNEL32(?,?,004DDB74,?), ref: 004DDAE9
                                                    • LeaveCriticalSection.KERNEL32(?,?,004DDB74,?), ref: 004DDB41
                                                    • Sleep.KERNEL32(0000000A,?,004DDB74,?), ref: 004DDB49
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: CriticalSection_signal$Leave$EnterSleep
                                                    • String ID:
                                                    • API String ID: 3693955371-0
                                                    • Opcode ID: 6b2ddf75485db7aa75eba16014ad08fb0639e2d4641a2a4ad42297ce0667495d
                                                    • Instruction ID: d4a8b088cc37c41f8ed2bf6bf9991694e09b4fa7e311a3ae0869ebd327db3c5d
                                                    • Opcode Fuzzy Hash: 6b2ddf75485db7aa75eba16014ad08fb0639e2d4641a2a4ad42297ce0667495d
                                                    • Instruction Fuzzy Hash: 7F114F74604004EFCB18DF58D5D4D9AB7B2EF58308F1182ADE5095B391CB35AE40EF45
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004398F0, Relevance: 4.6, APIs: 3, Instructions: 135memorystringCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: AllocatorDebugHeap$lstrcpy
                                                    • String ID:
                                                    • API String ID: 3727540494-0
                                                    • Opcode ID: c029e6f6c947910b2aac0c23894d33ccdbdc920f55be363add8a766894358e8b
                                                    • Instruction ID: b8f1619209d285138de4ac66c876e829ff5258cfcf9889a5237b56f35ac8337f
                                                    • Opcode Fuzzy Hash: c029e6f6c947910b2aac0c23894d33ccdbdc920f55be363add8a766894358e8b
                                                    • Instruction Fuzzy Hash: D7514870D04248EFCB04DF94D885BEEBBB5FF58308F64811EE1116B281DBB86A46CB85
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004CB530, Relevance: 4.6, APIs: 3, Instructions: 89memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000), ref: 004CB591
                                                    • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,0049A482,221F11CB,00000000), ref: 004CB5EA
                                                    • _DebugHeapAllocator.LIBCPMTD ref: 004CB61C
                                                      • Part of subcall function 00415DA0: _DebugHeapAllocator.LIBCPMTD ref: 00415DF5
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: AllocatorByteCharDebugHeapMultiWide
                                                    • String ID:
                                                    • API String ID: 2294420612-0
                                                    • Opcode ID: 0d376fadf50d0ed6e7fcd19dd342d94a64bac6d0a3f83a9d60c7cb5592778b0f
                                                    • Instruction ID: 724c11df3b6fd18a8438ffc638ee999c6333dd8c75e5776f86b8daaab76bd103
                                                    • Opcode Fuzzy Hash: 0d376fadf50d0ed6e7fcd19dd342d94a64bac6d0a3f83a9d60c7cb5592778b0f
                                                    • Instruction Fuzzy Hash: AF314FB1A00209EFDB14EF94D846BEEB7B5FB48710F10821AF515AB3C0D735AA00CBA5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004DFDB6, Relevance: 4.5, APIs: 3, Instructions: 39COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • FindResourceW.KERNEL32(?,?,00000005,?,?,?,?,00415378,?,?), ref: 004DFDE6
                                                    • LoadResource.KERNEL32(?,00000000,?,?,?,?,00415378,?,?), ref: 004DFDEE
                                                    • FreeResource.KERNEL32(00000000,00000000,?,?,?,?,?,?,00415378,?,?), ref: 004DFE05
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: Resource$FindFreeLoad
                                                    • String ID:
                                                    • API String ID: 934874419-0
                                                    • Opcode ID: 7870b7ee6f188b2f2d8a6cecb7b3a26562f0f55bdeaba23131c2210dc3a9151f
                                                    • Instruction ID: 16702806b46181318cfcd413abfd488db2b0d9bb56d5f98603556e9bcc9ebd13
                                                    • Opcode Fuzzy Hash: 7870b7ee6f188b2f2d8a6cecb7b3a26562f0f55bdeaba23131c2210dc3a9151f
                                                    • Instruction Fuzzy Hash: B6F09072500714BBD7202BAABC889ABBB9DFF68365F004027F509C7311D7789C44DBA4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004F75D5, Relevance: 4.5, APIs: 3, Instructions: 37windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • KiUserCallbackDispatcher.NTDLL(00000030,00000000,00000000,00000000), ref: 004F75A3
                                                    • TranslateMessage.USER32(00000030), ref: 004F75C2
                                                    • DispatchMessageW.USER32 ref: 004F75C9
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: Message$CallbackDispatchDispatcherTranslateUser
                                                    • String ID:
                                                    • API String ID: 2960505505-0
                                                    • Opcode ID: 579e90c182d237300ece7a8f23799863972a99d8306d4ac8b68c6fce90925f7f
                                                    • Instruction ID: 2bf95f41353f79b39ebb98cb15d5b6dee774a9bb1cf59216c613240d6c2976e3
                                                    • Opcode Fuzzy Hash: 579e90c182d237300ece7a8f23799863972a99d8306d4ac8b68c6fce90925f7f
                                                    • Instruction Fuzzy Hash: 74F08232308108BBD3256B31AD48D3B37FDEF82715305546EF606C7950DB2CDC46AA26
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00495A40, Relevance: 4.5, APIs: 3, Instructions: 22COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00530AB3: __getptd.LIBCMT ref: 00530AB9
                                                      • Part of subcall function 00530AB3: __getptd.LIBCMT ref: 00530AC1
                                                      • Part of subcall function 00530ADA: __getptd.LIBCMT ref: 00530AE0
                                                      • Part of subcall function 00530ADA: __getptd.LIBCMT ref: 00530AE8
                                                    • _signal.LIBCMT ref: 00495A64
                                                      • Part of subcall function 0053050B: __getptd_noexit.LIBCMT ref: 00530575
                                                      • Part of subcall function 0053050B: __malloc_crt.LIBCMT ref: 00530594
                                                      • Part of subcall function 0053050B: _siglookup.LIBCMT ref: 005305BA
                                                    • _signal.LIBCMT ref: 00495A73
                                                      • Part of subcall function 0053050B: __lock.LIBCMT ref: 005305FF
                                                      • Part of subcall function 0053050B: SetConsoleCtrlHandler.KERNEL32(0053041A,00000001), ref: 00530622
                                                      • Part of subcall function 0053050B: __decode_pointer.LIBCMT ref: 0053066E
                                                      • Part of subcall function 0053050B: __encode_pointer.LIBCMT ref: 0053067C
                                                    • _signal.LIBCMT ref: 00495A82
                                                      • Part of subcall function 0053050B: GetLastError.KERNEL32 ref: 0053063E
                                                      • Part of subcall function 0053050B: __decode_pointer.LIBCMT ref: 0053068E
                                                      • Part of subcall function 0053050B: __encode_pointer.LIBCMT ref: 0053069C
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: __getptd$_signal$__decode_pointer__encode_pointer$ConsoleCtrlErrorHandlerLast__getptd_noexit__lock__malloc_crt_siglookup
                                                    • String ID:
                                                    • API String ID: 2825871959-0
                                                    • Opcode ID: e0e852606ff59cb6ea1b86e51c6ab37f23bf286ca32aacd814890a1427329ddb
                                                    • Instruction ID: cc6ab3f9b12035f33bdb207f56077fe7f9eddd36829304edd7c5fbf92747e461
                                                    • Opcode Fuzzy Hash: e0e852606ff59cb6ea1b86e51c6ab37f23bf286ca32aacd814890a1427329ddb
                                                    • Instruction Fuzzy Hash: 5DD04CF2AD470526E50231A52C6BB4A3E0817B0B25FB55132BA0C241C97886651405AF
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004A2E50, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 118COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: std::exception::exception
                                                    • String ID: NtJ
                                                    • API String ID: 2807920213-1478454692
                                                    • Opcode ID: 85664aa150954b35af20efaed464429b882d55d7e54c58b230e71d9f78a4c700
                                                    • Instruction ID: 3615865ea79c9c200decc5d2a54ba6bdcdb2f7eed4b5d1ab3fa61a5189ff7ec7
                                                    • Opcode Fuzzy Hash: 85664aa150954b35af20efaed464429b882d55d7e54c58b230e71d9f78a4c700
                                                    • Instruction Fuzzy Hash: 074150B6D00109AFDB04DF98DC96FAF7778AF58308F104418F909AB341E775AA50DB95
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0043B970, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 77COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • VarDateFromStr.OLEAUT32(00000409,0043B8F6,00000000,?), ref: 0043B9C8
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: DateFrom
                                                    • String ID: iW
                                                    • API String ID: 473510551-2768338981
                                                    • Opcode ID: a82f5e73ab921589aef84f8a53000749dcbdd684527fcb1ee8f42da99347e7e4
                                                    • Instruction ID: 3d39d65f3f5df9be1264195c628a613ced8b4a31d15146223105f5c161f35cb2
                                                    • Opcode Fuzzy Hash: a82f5e73ab921589aef84f8a53000749dcbdd684527fcb1ee8f42da99347e7e4
                                                    • Instruction Fuzzy Hash: 9D311274804608CFCB00EFA1D485BEEBBB0EF1D314F14A44AD6457B385CB79588ADBA9
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00416930, Relevance: 3.1, APIs: 2, Instructions: 62COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: _wmemcpy_s
                                                    • String ID:
                                                    • API String ID: 67063488-0
                                                    • Opcode ID: e93f7cb6caf870120f4d742938de3da68ccff74e906b3037772ebf6a87d51613
                                                    • Instruction ID: 5b62b7534527ff8897ecc6fd9552cbfdea5436caa9ec25641f17e8e7e24252be
                                                    • Opcode Fuzzy Hash: e93f7cb6caf870120f4d742938de3da68ccff74e906b3037772ebf6a87d51613
                                                    • Instruction Fuzzy Hash: 30215174A1001DEFCB04EF95D891DEE77B6BF84304F01855EB51597381DA34AA80CB98
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004243F0, Relevance: 3.1, APIs: 2, Instructions: 55COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __localtime64_s.LIBCMT ref: 00424444
                                                    • __cftof.LIBCMT ref: 0042446F
                                                      • Part of subcall function 00415DA0: _DebugHeapAllocator.LIBCPMTD ref: 00415DF5
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: AllocatorDebugHeap__cftof__localtime64_s
                                                    • String ID:
                                                    • API String ID: 3988887970-0
                                                    • Opcode ID: 8354828170d924a2fa4f02dbf9656f0dfa6dd3df6fd75c7e4ec90bc9a97ecb6c
                                                    • Instruction ID: c6153e1dbd7bd547a0028b4c9a9722175d7e62000790d56489043d485b009cd4
                                                    • Opcode Fuzzy Hash: 8354828170d924a2fa4f02dbf9656f0dfa6dd3df6fd75c7e4ec90bc9a97ecb6c
                                                    • Instruction Fuzzy Hash: F721EA7191012C9BCB54EF64D895BDEB7B4BF8C310F40809AE949A7240D734AE84CF54
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0043B310, Relevance: 3.1, APIs: 2, Instructions: 52memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • _DebugHeapAllocator.LIBCPMTD ref: 0043B348
                                                      • Part of subcall function 00412560: _wmemcpy_s.LIBCPMTD ref: 0041258E
                                                      • Part of subcall function 00412560: _wmemcpy_s.LIBCPMTD ref: 004125AC
                                                    • _DebugHeapAllocator.LIBCPMTD ref: 0043B38B
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: AllocatorDebugHeap_wmemcpy_s
                                                    • String ID:
                                                    • API String ID: 3174225033-0
                                                    • Opcode ID: 913e866020f0d141de9b4b03cd64e6c0198f5891beec8d6c1784f407167e4106
                                                    • Instruction ID: 092d364ea12a03e9330adce75bfd9f5d2c49e12c65f6fa463f3f807975523bc1
                                                    • Opcode Fuzzy Hash: 913e866020f0d141de9b4b03cd64e6c0198f5891beec8d6c1784f407167e4106
                                                    • Instruction Fuzzy Hash: C6113A71904509EFCB04EF55DC51BEEB7B9FB44314F50822EF826A7291DB346A44CB98
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00435D30, Relevance: 3.0, APIs: 2, Instructions: 50COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • _memset.LIBCMT ref: 00435D64
                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000400), ref: 00435D7A
                                                      • Part of subcall function 004111D0: _wcsrchr.LIBCMT ref: 004111DC
                                                      • Part of subcall function 00415DA0: _DebugHeapAllocator.LIBCPMTD ref: 00415DF5
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: AllocatorDebugFileHeapModuleName_memset_wcsrchr
                                                    • String ID:
                                                    • API String ID: 2463942366-0
                                                    • Opcode ID: c179b287c6e09a03e7e7fabf3df47ec94edaad51da9928ff1671fd3bc56c19ba
                                                    • Instruction ID: 79c50e343cbb94921928d97f9cfda273230018cff895edf5f89ed78e1114d963
                                                    • Opcode Fuzzy Hash: c179b287c6e09a03e7e7fabf3df47ec94edaad51da9928ff1671fd3bc56c19ba
                                                    • Instruction Fuzzy Hash: 391142749002189BDB90DF64DC46BD9B7F4BF48704F40C5D9E64C97281EEB45A888FD4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00529FBA, Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: __lock_file_memset
                                                    • String ID:
                                                    • API String ID: 26237723-0
                                                    • Opcode ID: 34fac3c5ab749905ef76b387fa527785e677c01596ea9763704dd3354c10276d
                                                    • Instruction ID: ef50f7ddc68fd4d45203110d64ec6921935076b31a88f433da00428adafb1827
                                                    • Opcode Fuzzy Hash: 34fac3c5ab749905ef76b387fa527785e677c01596ea9763704dd3354c10276d
                                                    • Instruction Fuzzy Hash: 8801407180162AEBCF22AFA4DC0A8DE7F21BF45750F044555F828161A1E7358661DBD2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004E398E, Relevance: 3.0, APIs: 2, Instructions: 42COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • _memset.LIBCMT ref: 004E39CB
                                                    • GetVersionExW.KERNEL32(?), ref: 004E39E4
                                                      • Part of subcall function 004EB9E9: __CxxThrowException@8.LIBCMT ref: 004EB9FF
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: Exception@8ThrowVersion_memset
                                                    • String ID:
                                                    • API String ID: 2306329403-0
                                                    • Opcode ID: 8bd23b5c016d57f255a346cb8e68d24137a4582af92a59953555c7892fa0486d
                                                    • Instruction ID: e32f0204388191e49f0de684fded04c422f2d33d4dd504fc73a7ad8f7664ac6e
                                                    • Opcode Fuzzy Hash: 8bd23b5c016d57f255a346cb8e68d24137a4582af92a59953555c7892fa0486d
                                                    • Instruction Fuzzy Hash: FE01DD7090021D9FCB34EF65DD4ABDA73E4AF04705F00409AD549D7241DF749E88DB95
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00412560, Relevance: 3.0, APIs: 2, Instructions: 40COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • _wmemcpy_s.LIBCPMTD ref: 0041258E
                                                      • Part of subcall function 00416DF0: _memcpy_s.LIBCMT ref: 00416E07
                                                    • _wmemcpy_s.LIBCPMTD ref: 004125AC
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: _wmemcpy_s$_memcpy_s
                                                    • String ID:
                                                    • API String ID: 1295243867-0
                                                    • Opcode ID: a5199ed61e67b853c2daaf34edf2876cb1afe7e6cd45d29ee6bd12ec48c46658
                                                    • Instruction ID: 56b13f580c896861bcd632d7b4362de37f8cb925729c90c8e774985705e08d18
                                                    • Opcode Fuzzy Hash: a5199ed61e67b853c2daaf34edf2876cb1afe7e6cd45d29ee6bd12ec48c46658
                                                    • Instruction Fuzzy Hash: FA01E8B5A00109ABCB04DF98D891CEF77B9AF88304F10859CF90897301D630EA62CBE4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00529D17, Relevance: 3.0, APIs: 2, Instructions: 39COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00532497: __getptd_noexit.LIBCMT ref: 00532497
                                                      • Part of subcall function 005287BD: __decode_pointer.LIBCMT ref: 005287C8
                                                    • __lock_file.LIBCMT ref: 00529D67
                                                      • Part of subcall function 00540563: __lock.LIBCMT ref: 00540588
                                                    • __fclose_nolock.LIBCMT ref: 00529D71
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: __decode_pointer__fclose_nolock__getptd_noexit__lock__lock_file
                                                    • String ID:
                                                    • API String ID: 717694121-0
                                                    • Opcode ID: 4f2a5e0899953606d366780553ff391c144432e2e5e10630a4015fb33f19155f
                                                    • Instruction ID: ab77fdad8c52500276b186451ed2af71c9f78c6b3d2094d455eafcb1af1ffdcd
                                                    • Opcode Fuzzy Hash: 4f2a5e0899953606d366780553ff391c144432e2e5e10630a4015fb33f19155f
                                                    • Instruction Fuzzy Hash: E2F0FC7080061699D720BB69A80659E7FE0BFC3330F248B45E438672D1CB384601AB55
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0043AEB0, Relevance: 3.0, APIs: 2, Instructions: 35libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetModuleHandleW.KERNEL32(00000000,?,?,004E2EA5,InitCommonControlsEx,00000000,?,004E3951,00080000,00008000,?,?,004E68F4,0040FF52,00080000,?), ref: 0043AECC
                                                    • LoadLibraryW.KERNEL32(00000000,?,?,004E2EA5,InitCommonControlsEx,00000000,?,004E3951,00080000,00008000,?,?,004E68F4,0040FF52,00080000,?), ref: 0043AEED
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: HandleLibraryLoadModule
                                                    • String ID:
                                                    • API String ID: 4133054770-0
                                                    • Opcode ID: 286261735c6785cc6a30a6d249eef7c4e67ee68f98b6a3e4bbdfbdd951fdac1c
                                                    • Instruction ID: 08dcd6ef42e90104cde5a3f794fa68988215af975b6f153d6771362b98d9f97d
                                                    • Opcode Fuzzy Hash: 286261735c6785cc6a30a6d249eef7c4e67ee68f98b6a3e4bbdfbdd951fdac1c
                                                    • Instruction Fuzzy Hash: D301D674905108EFCB04DB94D644B9DFBBAAB48304F24C199E40997342C735AE81EB54
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004E1A47, Relevance: 3.0, APIs: 2, Instructions: 33keyboardwindowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SendMessageW.USER32(?,00000401,00000000,00000000), ref: 004E1A6C
                                                    • GetKeyState.USER32(00000001), ref: 004E1A81
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: MessageSendState
                                                    • String ID:
                                                    • API String ID: 3919072728-0
                                                    • Opcode ID: 0fa47de91bcec46dbff170a513f7db359f3d1447080edf335f953aafef0ce789
                                                    • Instruction ID: 2e11366a927881f236f9f24814812cc7d061fe1e9e0c0a0b0188d800301c52c0
                                                    • Opcode Fuzzy Hash: 0fa47de91bcec46dbff170a513f7db359f3d1447080edf335f953aafef0ce789
                                                    • Instruction Fuzzy Hash: 21F0E9316813549BD7209B669C08F7773A5BF00B62F144166F608AB2E0C7B4EC808798
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004E5532, Relevance: 3.0, APIs: 2, Instructions: 32threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00503FCC: __EH_prolog3.LIBCMT ref: 00503FD3
                                                    • GetCurrentThreadId.KERNEL32 ref: 004E5561
                                                    • SetWindowsHookExW.USER32(00000005,004E5312,00000000,00000000), ref: 004E5571
                                                      • Part of subcall function 004EB9E9: __CxxThrowException@8.LIBCMT ref: 004EB9FF
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: CurrentException@8H_prolog3HookThreadThrowWindows
                                                    • String ID:
                                                    • API String ID: 1226552664-0
                                                    • Opcode ID: 26616c373ab863dd43c0f9caf7177197450230d39d437adce5c1aff790b2cea0
                                                    • Instruction ID: 9181449febadb9de93298741b24952eaeb7a95663b05c81e538c2939c49914f2
                                                    • Opcode Fuzzy Hash: 26616c373ab863dd43c0f9caf7177197450230d39d437adce5c1aff790b2cea0
                                                    • Instruction Fuzzy Hash: 00F09771940B827FD7302BD3AC06B1B7AA9DBA0B27F11013BFA0886240C738D80487ED
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004E73DA, Relevance: 3.0, APIs: 2, Instructions: 27COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • IsWindow.USER32(?), ref: 004E73EE
                                                      • Part of subcall function 004EB9E9: __CxxThrowException@8.LIBCMT ref: 004EB9FF
                                                    • SetWindowTextW.USER32(?,00000000), ref: 004E7416
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: Window$Exception@8TextThrow
                                                    • String ID:
                                                    • API String ID: 735465941-0
                                                    • Opcode ID: dd3786f8e752f3b78ea40bb16546b74440557575c2d651b64eb565eb6c747ffd
                                                    • Instruction ID: 2e8aabe0ba2cd387441cff6e7f1c11306ffd8451f626641fb9ddab384d9d0c5f
                                                    • Opcode Fuzzy Hash: dd3786f8e752f3b78ea40bb16546b74440557575c2d651b64eb565eb6c747ffd
                                                    • Instruction Fuzzy Hash: ECF0E532104745DBC7315B62D804AA3B7E4FF54376F00043BE98982A21DB719C50EB84
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0053142C, Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __lock_file.LIBCMT ref: 0053143B
                                                      • Part of subcall function 00540563: __lock.LIBCMT ref: 00540588
                                                    • __fseeki64_nolock.LIBCMT ref: 00531451
                                                      • Part of subcall function 00531390: __ftelli64_nolock.LIBCMT ref: 005313BE
                                                      • Part of subcall function 00531390: __flush.LIBCMT ref: 005313CD
                                                      • Part of subcall function 00531390: __fileno.LIBCMT ref: 00531400
                                                      • Part of subcall function 00531390: __lseeki64.LIBCMT ref: 00531407
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: __fileno__flush__fseeki64_nolock__ftelli64_nolock__lock__lock_file__lseeki64
                                                    • String ID:
                                                    • API String ID: 3130368316-0
                                                    • Opcode ID: 0532f45f9f8a654fadb0e5991d986fb455c9bf87f90388780ed5dad8e0f00306
                                                    • Instruction ID: 2fdb3cb908914297fe7a0243d64172649e6bd7f13d015ca2c7c17100659b48c5
                                                    • Opcode Fuzzy Hash: 0532f45f9f8a654fadb0e5991d986fb455c9bf87f90388780ed5dad8e0f00306
                                                    • Instruction Fuzzy Hash: 20E01A7180060ABBDF11BFA4DC06ADD3F31FF80714F608554B9246A0A2D7358621AB41
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0053D1E9, Relevance: 3.0, APIs: 2, Instructions: 18COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • __lock.LIBCMT ref: 0053D201
                                                      • Part of subcall function 00544676: __mtinitlocknum.LIBCMT ref: 0054468C
                                                      • Part of subcall function 00544676: __amsg_exit.LIBCMT ref: 00544698
                                                      • Part of subcall function 00544676: EnterCriticalSection.KERNEL32(?,?,?,005493B7,00000004,005BECC0,0000000C,00544358,?,?,00000000,00000000,00000000,?,005351BC,00000001), ref: 005446A0
                                                    • __tzset_nolock.LIBCMT ref: 0053D212
                                                      • Part of subcall function 0053CAD4: __lock.LIBCMT ref: 0053CAF6
                                                      • Part of subcall function 0053CAD4: __get_daylight.LIBCMT ref: 0053CB0B
                                                      • Part of subcall function 0053CAD4: __invoke_watson.LIBCMT ref: 0053CB1A
                                                      • Part of subcall function 0053CAD4: __get_daylight.LIBCMT ref: 0053CB26
                                                      • Part of subcall function 0053CAD4: __invoke_watson.LIBCMT ref: 0053CB35
                                                      • Part of subcall function 0053CAD4: __get_daylight.LIBCMT ref: 0053CB41
                                                      • Part of subcall function 0053CAD4: __invoke_watson.LIBCMT ref: 0053CB50
                                                      • Part of subcall function 0053CAD4: ____lc_codepage_func.LIBCMT ref: 0053CB58
                                                      • Part of subcall function 0053CAD4: __getenv_helper_nolock.LIBCMT ref: 0053CB7A
                                                      • Part of subcall function 0053CAD4: _strlen.LIBCMT ref: 0053CBB8
                                                      • Part of subcall function 0053CAD4: __malloc_crt.LIBCMT ref: 0053CBBF
                                                      • Part of subcall function 0053CAD4: _strlen.LIBCMT ref: 0053CBD5
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: __get_daylight__invoke_watson$__lock_strlen$CriticalEnterSection____lc_codepage_func__amsg_exit__getenv_helper_nolock__malloc_crt__mtinitlocknum__tzset_nolock
                                                    • String ID:
                                                    • API String ID: 4157481694-0
                                                    • Opcode ID: 2f374ec6a59487701b414befc26395247f07961a98199001ba6463e66692c4a3
                                                    • Instruction ID: 5554a64976b4ccd90a01b9814b5581f5af5a59470b039a661706bb6a24ad94bd
                                                    • Opcode Fuzzy Hash: 2f374ec6a59487701b414befc26395247f07961a98199001ba6463e66692c4a3
                                                    • Instruction Fuzzy Hash: B4E0C2348C1722D6CF61BBA0790B24EBFB0FBA8B60F105559F020110E1CA305801CBA3
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00531346, Relevance: 3.0, APIs: 2, Instructions: 18COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __lock_file.LIBCMT ref: 00531355
                                                      • Part of subcall function 00540563: __lock.LIBCMT ref: 00540588
                                                    • __ftelli64_nolock.LIBCMT ref: 00531362
                                                      • Part of subcall function 00530FFA: __fileno.LIBCMT ref: 0053101A
                                                      • Part of subcall function 00530FFA: __lseeki64.LIBCMT ref: 00531037
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: __fileno__ftelli64_nolock__lock__lock_file__lseeki64
                                                    • String ID:
                                                    • API String ID: 1600627125-0
                                                    • Opcode ID: f3fa658f9258ca3f2389664156407b0f3512f9bd6eb89e303f282b6f084d69ac
                                                    • Instruction ID: 0fb05083b20d7b0a42bf121f0e8381787ebcb2959c7b3bbd78ae1b6b0acbd803
                                                    • Opcode Fuzzy Hash: f3fa658f9258ca3f2389664156407b0f3512f9bd6eb89e303f282b6f084d69ac
                                                    • Instruction Fuzzy Hash: 05E04F7084060AABCF00EFA4D8066CC7FB0BF88710F208514F0186A1E1CB3856419E54
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0048C0F0, Relevance: 1.6, APIs: 1, Instructions: 117networkCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • gethostbyname.WS2_32(00000000), ref: 0048C101
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: gethostbyname
                                                    • String ID:
                                                    • API String ID: 930432418-0
                                                    • Opcode ID: 66a7e0ab32568377feecc2a26dbb6e3e02d66fb60ac2485b593d3ebb97f8cca9
                                                    • Instruction ID: b9ce8b3f7be992370f82ffcda9b712f51c293ca6c859339c9e6bd7c64a01b69e
                                                    • Opcode Fuzzy Hash: 66a7e0ab32568377feecc2a26dbb6e3e02d66fb60ac2485b593d3ebb97f8cca9
                                                    • Instruction Fuzzy Hash: 4061E3F4901218CBDB20DF44D9947ADB7B1BB84308F1085EADA0967391C7785EC6DFA9
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0049AC60, Relevance: 1.6, APIs: 1, Instructions: 91memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00496F80: GetMenuItemCount.USER32 ref: 00496F8E
                                                      • Part of subcall function 004FAE01: GetMenuStringW.USER32 ref: 004FAE1E
                                                      • Part of subcall function 004FAE01: GetMenuStringW.USER32 ref: 004FAE3F
                                                    • _DebugHeapAllocator.LIBCPMTD ref: 0049AD06
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: Menu$String$AllocatorCountDebugHeapItem
                                                    • String ID:
                                                    • API String ID: 3617297933-0
                                                    • Opcode ID: 9328216393deca48747d99c6fd882c1d5cf7959b6990cfc25eccdc2842f736ad
                                                    • Instruction ID: 78ccf74310e7a491fd526c4ea53974bdd93213b9007777cf85dba841e75d238c
                                                    • Opcode Fuzzy Hash: 9328216393deca48747d99c6fd882c1d5cf7959b6990cfc25eccdc2842f736ad
                                                    • Instruction Fuzzy Hash: 20313071904509EBCF04EF95DD51AFFBB78AF44304F10412EE516AB291EB386A05CBA9
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004FA91C, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3_catch.LIBCMT ref: 004FA923
                                                      • Part of subcall function 004DEBC2: _malloc.LIBCMT ref: 004DEBE0
                                                      • Part of subcall function 00503961: LocalAlloc.KERNEL32(00000040,00416112,?,00503E05,00000010,?,?,00000000,?,00000004,004FAAFD,004E1353,004EBCD0,0041667C,00416112), ref: 0050396B
                                                      • Part of subcall function 004FA5BF: __EH_prolog3.LIBCMT ref: 004FA5C6
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: AllocH_prolog3H_prolog3_catchLocal_malloc
                                                    • String ID:
                                                    • API String ID: 1104862767-0
                                                    • Opcode ID: b0f59069788ddc9f237e47d008c0118dcb1cf1aeaa4260821927bdaccca494a3
                                                    • Instruction ID: 235495d5b7aeb2696e1ac1c21fc7033a0c4056ee6315c101e4453011309455f7
                                                    • Opcode Fuzzy Hash: b0f59069788ddc9f237e47d008c0118dcb1cf1aeaa4260821927bdaccca494a3
                                                    • Instruction Fuzzy Hash: 0A3159B0905B44CEDB21DF6AC1402AAFEF0BF94300F20892F929A87791C7B5A645CB16
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004E3B3B, Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3_catch.LIBCMT ref: 004E3B42
                                                      • Part of subcall function 00503FCC: __EH_prolog3.LIBCMT ref: 00503FD3
                                                      • Part of subcall function 004EB9E9: __CxxThrowException@8.LIBCMT ref: 004EB9FF
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: Exception@8H_prolog3H_prolog3_catchThrow
                                                    • String ID:
                                                    • API String ID: 1377961577-0
                                                    • Opcode ID: 9e5792710749fe61621241bf34e47fbe56cc191733d5babc5abf1e0fcacb0416
                                                    • Instruction ID: 3d094907914d478b1f5872f31c3335ca6f145df3c38ac6fa336d8d35235d531a
                                                    • Opcode Fuzzy Hash: 9e5792710749fe61621241bf34e47fbe56cc191733d5babc5abf1e0fcacb0416
                                                    • Instruction Fuzzy Hash: 3E215E72A00209DFCF06DF65C4859EE3BB6FF48311F10846AF905AB241D778EA81CBA4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00416E80, Relevance: 1.6, APIs: 1, Instructions: 65COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: _wmemcpy_s
                                                    • String ID:
                                                    • API String ID: 67063488-0
                                                    • Opcode ID: 81a38bf817e280d8d9b9624792afa62949fd8d6f32e038699908bac0b796244c
                                                    • Instruction ID: 8d9f0ef90ae59620c5bcc11c746ddd6b7c3fd910d589cd036fbaec18f7392091
                                                    • Opcode Fuzzy Hash: 81a38bf817e280d8d9b9624792afa62949fd8d6f32e038699908bac0b796244c
                                                    • Instruction Fuzzy Hash: F22196B8E002099FCB04EF99D8919AEB7B6FF88304F11859DE515A7351DB34AE81CF94
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00496D60, Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 0042D9B0: _memset.LIBCMT ref: 0042D9E4
                                                      • Part of subcall function 0042D9B0: GetModuleFileNameW.KERNEL32(00000000,?,00000400), ref: 0042D9FA
                                                      • Part of subcall function 00411930: _DebugHeapAllocator.LIBCPMTD ref: 00411968
                                                      • Part of subcall function 00411930: _DebugHeapAllocator.LIBCPMTD ref: 004119AA
                                                    • ShellExecuteW.SHELL32(00000000,00000000,00000000), ref: 00496DD8
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: AllocatorDebugHeap$ExecuteFileModuleNameShell_memset
                                                    • String ID:
                                                    • API String ID: 1412175206-0
                                                    • Opcode ID: deafb73e49a0da0e633662cd4aa43e4a446f983a5f2ef4e4224e783c005d07ae
                                                    • Instruction ID: 01c086344993767c430d6a6b70e3efb3e1681d723e52a836e2d2afd5b1fc1959
                                                    • Opcode Fuzzy Hash: deafb73e49a0da0e633662cd4aa43e4a446f983a5f2ef4e4224e783c005d07ae
                                                    • Instruction Fuzzy Hash: CA210BB1D00609ABCB04DF94DC42FEEB7B9EB48714F10422EE515A72D1E7746A44CB94
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00503FCC, Relevance: 1.5, APIs: 1, Instructions: 43COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3.LIBCMT ref: 00503FD3
                                                      • Part of subcall function 004EB9E9: __CxxThrowException@8.LIBCMT ref: 004EB9FF
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: Exception@8H_prolog3Throw
                                                    • String ID:
                                                    • API String ID: 3670251406-0
                                                    • Opcode ID: 094a07f8530c1f052f11c633ad82400140969b9f42b629295255e499187d662d
                                                    • Instruction ID: ac824d79f525829bb8490f5555ba46f0e7f352a8b7dfa310d4384021482af064
                                                    • Opcode Fuzzy Hash: 094a07f8530c1f052f11c633ad82400140969b9f42b629295255e499187d662d
                                                    • Instruction Fuzzy Hash: 9B0171746082478BDB25AFB5C81A62E3FA6BB94390F10552DE645DB2D1EB758E00CB50
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004E33D6, Relevance: 1.5, APIs: 1, Instructions: 40COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • DestroyWindow.USER32(?,?,00000000,?,?,004F4033,00000004,00496383,221F11CB,221F11CB,00000000,0056A5F1,000000FF,?,00411449,?), ref: 004E341E
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: DestroyWindow
                                                    • String ID:
                                                    • API String ID: 3375834691-0
                                                    • Opcode ID: 91b222666d947fd21611168cae25f355b675255497c3ccd55d0fc32054fba66a
                                                    • Instruction ID: a6d1f1e2bd804a1822bd87b9e3545ddc9d8fab6a8d3faa0666667c8141040285
                                                    • Opcode Fuzzy Hash: 91b222666d947fd21611168cae25f355b675255497c3ccd55d0fc32054fba66a
                                                    • Instruction Fuzzy Hash: 48F04435200B808B8B33DF27D84882B77E1FBC4357329091FE086C3651E738DD458A56
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00415DA0, Relevance: 1.5, APIs: 1, Instructions: 37memoryCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • _DebugHeapAllocator.LIBCPMTD ref: 00415DF5
                                                      • Part of subcall function 00415E60: _DebugHeapAllocator.LIBCPMTD ref: 00415E6E
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: AllocatorDebugHeap
                                                    • String ID:
                                                    • API String ID: 571936431-0
                                                    • Opcode ID: 946aa189522e7fb42e1ad47e70527037114e4afe5476c8df40d6948d5d91303d
                                                    • Instruction ID: 74d2b4e96f2900483037091e0d2cd7feeab99e5b87b4cc5137ffea748d07ef51
                                                    • Opcode Fuzzy Hash: 946aa189522e7fb42e1ad47e70527037114e4afe5476c8df40d6948d5d91303d
                                                    • Instruction Fuzzy Hash: FD014FB5904619ABCB04DF59C850BAFB7B8FB48710F00861EF42597380CB359900CB98
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004E2F96, Relevance: 1.5, APIs: 1, Instructions: 36networkCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • InitNetworkAddressControl.SHELL32(004DFC2B,?,00000000,005B8450,00000018,004E3A07), ref: 004E2FEC
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: AddressControlInitNetwork
                                                    • String ID:
                                                    • API String ID: 644368677-0
                                                    • Opcode ID: 2b0fcf0b7f4f6cb1929970707f9e69107a454e6e329d3bd9fea269a9de0f628c
                                                    • Instruction ID: 392d772d04a494cac93ca9b4788fa5562aae8179e326b9ad86de116e9d1c87e8
                                                    • Opcode Fuzzy Hash: 2b0fcf0b7f4f6cb1929970707f9e69107a454e6e329d3bd9fea269a9de0f628c
                                                    • Instruction Fuzzy Hash: 08F0C871D002099BCF51EFB789416EE77F5BF88305F14495EE011E7141DB788A019B28
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004A7500, Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: task
                                                    • String ID:
                                                    • API String ID: 1384045349-0
                                                    • Opcode ID: 61307badb4bf4d81ba7f3018ac56a6dbaf52de7a9552457f4b08dfc057ed7773
                                                    • Instruction ID: db822d8336e58e62d435648f461d0eb21cd787c156fe823916b7ca1115bbf954
                                                    • Opcode Fuzzy Hash: 61307badb4bf4d81ba7f3018ac56a6dbaf52de7a9552457f4b08dfc057ed7773
                                                    • Instruction Fuzzy Hash: 9FF0B2B5A04108BBCB04CF89DD82E9EB7B9EB8D304F108158B909EB341D631AE50DBA4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004E36E5, Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: Parent
                                                    • String ID:
                                                    • API String ID: 975332729-0
                                                    • Opcode ID: c435a0cd2add8e3a9b517add9a1643bc00bba6d4d6c467aa62f2872908103196
                                                    • Instruction ID: d7b6654bca9f83863e26013a23b51712699b4047a785076513ff4ea4dad54aa3
                                                    • Opcode Fuzzy Hash: c435a0cd2add8e3a9b517add9a1643bc00bba6d4d6c467aa62f2872908103196
                                                    • Instruction Fuzzy Hash: 5AF0A7B26041556747225E77480C95BF7589F913A37158133EC45D7300D734EE4145E8
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004A7410, Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: task
                                                    • String ID:
                                                    • API String ID: 1384045349-0
                                                    • Opcode ID: 4e22dde49aa358e9dd4e35bc47cd9ca960e0260e4fd6c1ccfc224792bcc2626f
                                                    • Instruction ID: 1044dddb2d458d1aaba64f3922373e54797c67fb3ead075bcb2b062722931f25
                                                    • Opcode Fuzzy Hash: 4e22dde49aa358e9dd4e35bc47cd9ca960e0260e4fd6c1ccfc224792bcc2626f
                                                    • Instruction Fuzzy Hash: 30F030B6E0410CBFCB04EF98ED81D9E7BB9AB5D300F40815DF908A7341D634AA50DBA5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00436080, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SysAllocString.OLEAUT32(00435EEE), ref: 0043609F
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: AllocString
                                                    • String ID:
                                                    • API String ID: 2525500382-0
                                                    • Opcode ID: 9adae96e496ba70744124c17bc61678ba75e44be5c950a314c17cb2e2528a842
                                                    • Instruction ID: 8cd637057ba80956f90c4a28fc0f7909b38e285c9612abda5d2e69d7267725da
                                                    • Opcode Fuzzy Hash: 9adae96e496ba70744124c17bc61678ba75e44be5c950a314c17cb2e2528a842
                                                    • Instruction Fuzzy Hash: EDF01C74501208EFCB14CF94D544B9EBBF5EB48304F20C199E8085B351C776AE84EB84
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004FE3A4, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3.LIBCMT ref: 004FE3AB
                                                      • Part of subcall function 00510B43: GetProcAddress.KERNEL32(00000000,DllGetVersion), ref: 00510B6C
                                                      • Part of subcall function 00510B43: _memset.LIBCMT ref: 00510B85
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: AddressH_prolog3Proc_memset
                                                    • String ID:
                                                    • API String ID: 623856700-0
                                                    • Opcode ID: 48f81e8fe8e3f8aae1dbcf374b001393f5ed7faa56188439a592b3054c97596e
                                                    • Instruction ID: bde30c07f46497d9fa94b1ea59db6e70b852d569d8c3f4b824b9279c5b55ed3a
                                                    • Opcode Fuzzy Hash: 48f81e8fe8e3f8aae1dbcf374b001393f5ed7faa56188439a592b3054c97596e
                                                    • Instruction Fuzzy Hash: EBE0DF70A10A1096CB007BBF4C0265EAAE8BFC1B04F10091FB019E7292CAF88A408265
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004DEBC2, Relevance: 1.5, APIs: 1, Instructions: 23COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • _malloc.LIBCMT ref: 004DEBE0
                                                      • Part of subcall function 0052B981: __FF_MSGBANNER.LIBCMT ref: 0052B9A4
                                                      • Part of subcall function 0052B981: __NMSG_WRITE.LIBCMT ref: 0052B9AB
                                                      • Part of subcall function 0052B981: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,0054430E,?,00000001,?,?,00544600,00000018,005BEC80,0000000C,00544691), ref: 0052B9F8
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: AllocateHeap_malloc
                                                    • String ID:
                                                    • API String ID: 501242067-0
                                                    • Opcode ID: e9dbe695b53d629471a43cd0f7af9b1c9892d56c10bdf134a4ba9e18d67f2ce2
                                                    • Instruction ID: ac9acca98ab163f0e8bdaf7b81e8845694930a31b338aa3428e0fffc3605cf7e
                                                    • Opcode Fuzzy Hash: e9dbe695b53d629471a43cd0f7af9b1c9892d56c10bdf134a4ba9e18d67f2ce2
                                                    • Instruction Fuzzy Hash: 9AD0C23260852A279A20B5ABEC20C677B48DA41BA03040033F806CE350CB15FC014AC4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004E7317, Relevance: 1.5, APIs: 1, Instructions: 21windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • IsDialogMessageW.USER32(?,?), ref: 004E7343
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: DialogMessage
                                                    • String ID:
                                                    • API String ID: 547518314-0
                                                    • Opcode ID: 37098cbfe95ebd6af08b5dcc70ca74fd93fc5b1d7a568a0526f4f7a796a4b073
                                                    • Instruction ID: a5ff7f2b5b7fe5d273d4b862642d718642b576b49f2743d6254e872a2920bfa3
                                                    • Opcode Fuzzy Hash: 37098cbfe95ebd6af08b5dcc70ca74fd93fc5b1d7a568a0526f4f7a796a4b073
                                                    • Instruction Fuzzy Hash: A1E04F32110204EBCB655B96D8488967BAAFF893217004016F94987920D7B59850EBD4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00503A45, Relevance: 1.5, APIs: 1, Instructions: 21COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3_catch.LIBCMT ref: 00503A4C
                                                      • Part of subcall function 0050419C: EnterCriticalSection.KERNEL32(0060DBE0,?,?,?,?,00503A60,00000010,00000008,004FAB1C,004FAA92,004E1353,004EBCD0,0041667C,00416112,?,00416112), ref: 005041D6
                                                      • Part of subcall function 0050419C: InitializeCriticalSection.KERNEL32(-001F7936,?,?,?,?,00503A60,00000010,00000008,004FAB1C,004FAA92,004E1353,004EBCD0,0041667C,00416112,?,00416112), ref: 005041E8
                                                      • Part of subcall function 0050419C: LeaveCriticalSection.KERNEL32(0060DBE0,?,?,?,?,00503A60,00000010,00000008,004FAB1C,004FAA92,004E1353,004EBCD0,0041667C,00416112,?,00416112), ref: 005041F5
                                                      • Part of subcall function 0050419C: EnterCriticalSection.KERNEL32(-001F7936,?,?,?,?,00503A60,00000010,00000008,004FAB1C,004FAA92,004E1353,004EBCD0,0041667C,00416112,?,00416112), ref: 00504205
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: CriticalSection$Enter$H_prolog3_catchInitializeLeave
                                                    • String ID:
                                                    • API String ID: 1641187343-0
                                                    • Opcode ID: 255fa722036b46712fa4ebb7771110e122a44a7408aecd6b44c70309a7020b87
                                                    • Instruction ID: ed6106f392adc2114eaca7b36c597785aa1e5d1b3cf9268f8d95c914a6c7ef74
                                                    • Opcode Fuzzy Hash: 255fa722036b46712fa4ebb7771110e122a44a7408aecd6b44c70309a7020b87
                                                    • Instruction Fuzzy Hash: C3E012706002069BDB60AFB4D44575C7FE0BF50310F104928F6D09A2C1D6708E409B11
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004F8973, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • InterlockedExchange.KERNEL32(0060EB84,?), ref: 004F899C
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: ExchangeInterlocked
                                                    • String ID:
                                                    • API String ID: 367298776-0
                                                    • Opcode ID: 25b2809fc6b174d038cd32682c0f75978c34d31f3d5eac123a89a56c00e8cfdb
                                                    • Instruction ID: e369ff565a1dea86adfcb0b951c852387df1928717836cd63d5c4283cd7ec758
                                                    • Opcode Fuzzy Hash: 25b2809fc6b174d038cd32682c0f75978c34d31f3d5eac123a89a56c00e8cfdb
                                                    • Instruction Fuzzy Hash: 3CE08C35200A518FC7216BB9E8089277AE6EF4C310702486AB5A2C7221CF71CC008A46
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004C8380, Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • _strlen.LIBCMT ref: 004C838B
                                                      • Part of subcall function 004C8140: send.WS2_32(?,00000000,004C83A4,00000000), ref: 004C8183
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: _strlensend
                                                    • String ID:
                                                    • API String ID: 1788818980-0
                                                    • Opcode ID: a4165e814558b3e3e1a33c90e5ac45131846fc765715ebdbaf48e46ae9028b42
                                                    • Instruction ID: 6f03d9020298ad1076231e2372e0c62edc9172e9b69597a9531b0afa0df19050
                                                    • Opcode Fuzzy Hash: a4165e814558b3e3e1a33c90e5ac45131846fc765715ebdbaf48e46ae9028b42
                                                    • Instruction Fuzzy Hash: 47D09EBA90410CBB8B44EF99EC42C9FB7ADAF99314F10C15DB90D97341DA31AE10D7A5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004304F0, Relevance: 1.5, APIs: 1, Instructions: 17timeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetTimer.USER32(?,?,80000001,00020019), ref: 0043050A
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: Timer
                                                    • String ID:
                                                    • API String ID: 2870079774-0
                                                    • Opcode ID: 7677268398218e8963f7471646b13e2eb6fecaf895a57a9c0c80fc28ca31e38b
                                                    • Instruction ID: 530c9a7d3c6bdb7fcf6fcb7dc869efc4fe398ccff320e2cadd35377f7c2e2c86
                                                    • Opcode Fuzzy Hash: 7677268398218e8963f7471646b13e2eb6fecaf895a57a9c0c80fc28ca31e38b
                                                    • Instruction Fuzzy Hash: 75D042B6615208EB8708CF89E940CAAB7A9AB5C310B10868DBA1987350D631EA109BA4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00498980, Relevance: 1.5, APIs: 1, Instructions: 16windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SendMessageW.USER32(?,00000080,?,00000001), ref: 0049899B
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: MessageSend
                                                    • String ID:
                                                    • API String ID: 3850602802-0
                                                    • Opcode ID: daf29b7ff70d58c1b05ca447e6027c06b12ac14a03b29bdca56f284f55583a95
                                                    • Instruction ID: a9c0ed6424a9776b87a54fe9014f2df77cb6b43b6e081d04a01a7eccde34df75
                                                    • Opcode Fuzzy Hash: daf29b7ff70d58c1b05ca447e6027c06b12ac14a03b29bdca56f284f55583a95
                                                    • Instruction Fuzzy Hash: 7DD067B5605108BBC744DF98E845D5BB7ACFB5C310F108249BA4887340D671AE549BA4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0043B4F0, Relevance: 1.5, APIs: 1, Instructions: 16windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SendMessageW.USER32(?,00000414,00000030,?), ref: 0043B50B
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: MessageSend
                                                    • String ID:
                                                    • API String ID: 3850602802-0
                                                    • Opcode ID: 03604cafc30a8b1af7e91c9ac12347557b5bc0a045762f01cf5232b96c444ddc
                                                    • Instruction ID: 1621042efb5b502010fbdc7702e45a9f30945d788b7ad2a420a902ee1e1a34ab
                                                    • Opcode Fuzzy Hash: 03604cafc30a8b1af7e91c9ac12347557b5bc0a045762f01cf5232b96c444ddc
                                                    • Instruction Fuzzy Hash: F6D067B561510CBB8B04DF98E845C9AB7ACEB5C310B108259BA0887341D671AE509BA4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004DFD77, Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LockResource.KERNEL32(?,?,?,004DFE02,00000000,?,?,?,?,?,?,00415378,?,?), ref: 004DFD82
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: LockResource
                                                    • String ID:
                                                    • API String ID: 1236514755-0
                                                    • Opcode ID: d664034f67528ac80a092e6ce62f0a2d266390d7bca3d17ecac79f9331f38f95
                                                    • Instruction ID: 8b3d64919da43db7571036f21d18cd1b2ae816358a7619cc0ae7595c0b0f765b
                                                    • Opcode Fuzzy Hash: d664034f67528ac80a092e6ce62f0a2d266390d7bca3d17ecac79f9331f38f95
                                                    • Instruction Fuzzy Hash: BBD0C73614131877CF212F96AC09F8B7F19EB55770F108416FD19462508D76D460E694
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004989B0, Relevance: 1.5, APIs: 1, Instructions: 15windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SendMessageW.USER32(?,0000007F,00000001,00000000), ref: 004989C6
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: MessageSend
                                                    • String ID:
                                                    • API String ID: 3850602802-0
                                                    • Opcode ID: fc96745973bb77bdd69466adab4bfbc36d84cff524d0d819c4701cd5e5652917
                                                    • Instruction ID: c952735747cf84a05d6e4767095f389084ba02a12546752d03ee760d029ef139
                                                    • Opcode Fuzzy Hash: fc96745973bb77bdd69466adab4bfbc36d84cff524d0d819c4701cd5e5652917
                                                    • Instruction Fuzzy Hash: 96D05EB5604208BBD300CB80D841E7BB768E758700F108259BE084B340C772AD10AB90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0042F780, Relevance: 1.5, APIs: 1, Instructions: 15windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SendMessageW.USER32(?,00000407,00000000,?), ref: 0042F799
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: MessageSend
                                                    • String ID:
                                                    • API String ID: 3850602802-0
                                                    • Opcode ID: 21577de69203fb78f8fdfcbf13d5a71bd53a9da387cc32dceaf26b379d3a64c3
                                                    • Instruction ID: 345113c7ac3546b977a9b33f0a0ba534ef0969636493cbbe78e3b19c106c62cc
                                                    • Opcode Fuzzy Hash: 21577de69203fb78f8fdfcbf13d5a71bd53a9da387cc32dceaf26b379d3a64c3
                                                    • Instruction Fuzzy Hash: 81D09EB5645208FBD704CB94EC41E6AB768E758715F108259BF085B340C771AD11AB99
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0052B080, Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00533A6C: __lock.LIBCMT ref: 00533A6E
                                                    • __onexit_nolock.LIBCMT ref: 0052B098
                                                      • Part of subcall function 0052AF95: __decode_pointer.LIBCMT ref: 0052AFA4
                                                      • Part of subcall function 0052AF95: __decode_pointer.LIBCMT ref: 0052AFB4
                                                      • Part of subcall function 0052AF95: __msize.LIBCMT ref: 0052AFD2
                                                      • Part of subcall function 0052AF95: __realloc_crt.LIBCMT ref: 0052AFF6
                                                      • Part of subcall function 0052AF95: __realloc_crt.LIBCMT ref: 0052B00C
                                                      • Part of subcall function 0052AF95: __encode_pointer.LIBCMT ref: 0052B01E
                                                      • Part of subcall function 0052AF95: __encode_pointer.LIBCMT ref: 0052B02C
                                                      • Part of subcall function 0052AF95: __encode_pointer.LIBCMT ref: 0052B037
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: __encode_pointer$__decode_pointer__realloc_crt$__lock__msize__onexit_nolock
                                                    • String ID:
                                                    • API String ID: 1316407801-0
                                                    • Opcode ID: aa81789df171b551c22c8ff695f622460dcd273fd8e1ec5ce9206926ba617d09
                                                    • Instruction ID: 3154cab06636d816969d95b7dec56d8489265bcf79139b61e68b5a8033971217
                                                    • Opcode Fuzzy Hash: aa81789df171b551c22c8ff695f622460dcd273fd8e1ec5ce9206926ba617d09
                                                    • Instruction Fuzzy Hash: 15D05E70800307EBDF00FBA8E90A78D7F70BFC4310F204164B024661D2DB3846459B52
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004E74E7, Relevance: 1.5, APIs: 1, Instructions: 14COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • KiUserCallbackDispatcher.NTDLL(?,?), ref: 004E74F8
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: CallbackDispatcherUser
                                                    • String ID:
                                                    • API String ID: 2492992576-0
                                                    • Opcode ID: 2c15dcd40769940c19f308720abe5aa1e799e2d51221c17ed7ad51e4eb36d553
                                                    • Instruction ID: bc8249785aa2ebd78c79a7353e4badf203f9ea3bec7d6e420f4247284785013c
                                                    • Opcode Fuzzy Hash: 2c15dcd40769940c19f308720abe5aa1e799e2d51221c17ed7ad51e4eb36d553
                                                    • Instruction Fuzzy Hash: ECD09E72144648EFD7058F51D408F7637A5FB94315F5041A9E5490E522C7339866DB44
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004E74A5, Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • ShowWindow.USER32(?,?,?,004DF87A,00000000,0000E146,00000000,?,?,004963FF,?,?,0040D3CA), ref: 004E74B6
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: ShowWindow
                                                    • String ID:
                                                    • API String ID: 1268545403-0
                                                    • Opcode ID: db9436bc64d2d99c581c943039647beac4014a389cb4d832155f884706e5339e
                                                    • Instruction ID: 7aa3bb9fe7201af340a3807aef114dd848f30e30d3e255b4928473c375d7d9bb
                                                    • Opcode Fuzzy Hash: db9436bc64d2d99c581c943039647beac4014a389cb4d832155f884706e5339e
                                                    • Instruction Fuzzy Hash: CFD05E32100248DFD7008B00E808BB63BA5FB5432AF1000E9E1080E531C7339862DB44
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0043B210, Relevance: 1.5, APIs: 1, Instructions: 12windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LoadIconW.USER32(00000000,00000000), ref: 0043B222
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: IconLoad
                                                    • String ID:
                                                    • API String ID: 2457776203-0
                                                    • Opcode ID: 5bf31e3eaea27f3ed7a0f9d00e81f476b804f8c1b1832b3b033575fb02827f9d
                                                    • Instruction ID: eb0fa8357ea0afbdffc36909f25ff1a5c2b343d8e27e8d324cda1031327f6d9b
                                                    • Opcode Fuzzy Hash: 5bf31e3eaea27f3ed7a0f9d00e81f476b804f8c1b1832b3b033575fb02827f9d
                                                    • Instruction Fuzzy Hash: 1FC080B180430C7387005FD5BC0996F77ACD618311B00429AFD4883200D6399550A5FD
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0052A44D, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: __wfsopen
                                                    • String ID:
                                                    • API String ID: 197181222-0
                                                    • Opcode ID: d1a4d26266dcb7911ef956bf4afcad96e19892d5a9e8770749e386b2bd63db79
                                                    • Instruction ID: e2f55779c5c35961dd0d21f156efabbbe8f1ff817e7e9a56cf66ba61971c8ca3
                                                    • Opcode Fuzzy Hash: d1a4d26266dcb7911ef956bf4afcad96e19892d5a9e8770749e386b2bd63db79
                                                    • Instruction Fuzzy Hash: F5C09B7244010C77CF115942EC06E453F1A9FD1764F044010FB1C19161D573E5619585
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00534F78, Relevance: 1.5, APIs: 1, Instructions: 4COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • __encode_pointer.LIBCMT ref: 00534F7A
                                                      • Part of subcall function 00534F06: TlsGetValue.KERNEL32(00000000,?,00534F7F,00000000,0054C98C,0060DDC0,00000000,00000314,?,0053461E,0060DDC0,Microsoft Visual C++ Runtime Library,00012010), ref: 00534F18
                                                      • Part of subcall function 00534F06: TlsGetValue.KERNEL32(00000005,?,00534F7F,00000000,0054C98C,0060DDC0,00000000,00000314,?,0053461E,0060DDC0,Microsoft Visual C++ Runtime Library,00012010), ref: 00534F2F
                                                      • Part of subcall function 00534F06: RtlEncodePointer.NTDLL(00000000,?,00534F7F,00000000,0054C98C,0060DDC0,00000000,00000314,?,0053461E,0060DDC0,Microsoft Visual C++ Runtime Library,00012010), ref: 00534F6D
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: Value$EncodePointer__encode_pointer
                                                    • String ID:
                                                    • API String ID: 2585649348-0
                                                    • Opcode ID: 626ded885c0b6a47c33717e93208713095e5c780cda27b978e7e12efcbcc7c99
                                                    • Instruction ID: e4bbfe2775dea97658081343ef4784d6b3945e996fd76655ab832b1145920152
                                                    • Opcode Fuzzy Hash: 626ded885c0b6a47c33717e93208713095e5c780cda27b978e7e12efcbcc7c99
                                                    • Instruction Fuzzy Hash:
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Non-executed Functions

                                                    Function 004CA1F0, Relevance: 19.7, APIs: 13, Instructions: 153COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 540b5e23ab10ad48f1423285b25cec280866f98ea9965e4f76400d0e240767c4
                                                    • Instruction ID: fa049047ecb77462f4f2270753776317ccb3e3562349c9561bad200f0504fa64
                                                    • Opcode Fuzzy Hash: 540b5e23ab10ad48f1423285b25cec280866f98ea9965e4f76400d0e240767c4
                                                    • Instruction Fuzzy Hash: 82615B74A50218AFCB04DF94EC88FAEB7B5FF48714F108269F919AB391C775A840DB54
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004E00E5, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • MonitorFromWindow.USER32(00000002,00000000), ref: 004E00FC
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: FromMonitorWindow
                                                    • String ID: *+N
                                                    • API String ID: 721739931-764382170
                                                    • Opcode ID: fee0b1c1f97f3dc14d6949082773c77dc760068bfaef1a514d2bb34e36e29d19
                                                    • Instruction ID: 366327d029910ed2b52b68dfa5b93fcef6d2b28da25a8a384ee938f08a1d825a
                                                    • Opcode Fuzzy Hash: fee0b1c1f97f3dc14d6949082773c77dc760068bfaef1a514d2bb34e36e29d19
                                                    • Instruction Fuzzy Hash: A9F08131104188ABCF019F62DC049AFBFA9AB00356B048022FD2989161DB7ACAD5EB19
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0041C1C4, Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 362COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: __swprintf$inet_ntoa$_wcscat
                                                    • String ID: %d/%d$4[W
                                                    • API String ID: 2544004747-3633988755
                                                    • Opcode ID: 6253471bd61302dd1b18e21d3910048f8b81967939a97acd90cc37febf2a7e12
                                                    • Instruction ID: c9c6a1cd356e2f874c7495119732b770ebef981573bf2c15336c04aac6d39700
                                                    • Opcode Fuzzy Hash: 6253471bd61302dd1b18e21d3910048f8b81967939a97acd90cc37febf2a7e12
                                                    • Instruction Fuzzy Hash: 7CF15C70D00229DBDB18DB95CC9DBFEB776AF44304F04419EE20AA7283DA742A94CF65
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0049C100, Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 186COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00499290: _memset.LIBCMT ref: 004992DC
                                                      • Part of subcall function 00499290: GetModuleFileNameW.KERNEL32(00000000,?,00000400,?,?,221F11CB), ref: 004992F2
                                                      • Part of subcall function 00499290: _DebugHeapAllocator.LIBCPMTD ref: 004993A2
                                                      • Part of subcall function 00499290: _DebugHeapAllocator.LIBCPMTD ref: 004993CF
                                                      • Part of subcall function 00411930: _DebugHeapAllocator.LIBCPMTD ref: 00411968
                                                      • Part of subcall function 00411930: _DebugHeapAllocator.LIBCPMTD ref: 004119AA
                                                    • PathFileExistsW.SHLWAPI(00000000), ref: 0049C18A
                                                      • Part of subcall function 00415DA0: _DebugHeapAllocator.LIBCPMTD ref: 00415DF5
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: AllocatorDebugHeap$File$ExistsModuleNamePath_memset
                                                    • String ID: //root/LANG[@VALUE='%s']$ENU$ENU$ENU$ITEM$\Language.xml$\Language.xml
                                                    • API String ID: 1797372683-3223733760
                                                    • Opcode ID: a8fb22b06a88dd8398c54d6652e1b9466ba52e80ffa130becbe47256fd2bba3a
                                                    • Instruction ID: 07e23bd2f374dfb6e19a8038432f02a6ad972eacb315729cdb4927ef6493cdf1
                                                    • Opcode Fuzzy Hash: a8fb22b06a88dd8398c54d6652e1b9466ba52e80ffa130becbe47256fd2bba3a
                                                    • Instruction Fuzzy Hash: 79814E70D04258DBDB24EB65DC56BEEBBB4AB55304F4480EEE40AA7281DB346F84CF94
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004E0152, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 84COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetMonitorInfoW.USER32(00000002,00000000), ref: 004E016C
                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,00000028,000000FF,00000028,00000020), ref: 004E0192
                                                    • SystemParametersInfoA.USER32(00000030,00000000,00000000,00000000), ref: 004E01BC
                                                    • GetSystemMetrics.USER32 ref: 004E01D3
                                                    • GetSystemMetrics.USER32 ref: 004E01DA
                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,DISPLAY,000000FF,-00000028,00000020), ref: 004E0205
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: System$ByteCharInfoMetricsMultiWide$MonitorParameters
                                                    • String ID: B$DISPLAY
                                                    • API String ID: 3432410572-3316187204
                                                    • Opcode ID: 6915c660b26290978cb2578bbcd3842f5a962979ac9df1dc1eef426023363cb4
                                                    • Instruction ID: 4f626e7f10e890de833935dcfad77b7fee579763449859d0f82696db14909765
                                                    • Opcode Fuzzy Hash: 6915c660b26290978cb2578bbcd3842f5a962979ac9df1dc1eef426023363cb4
                                                    • Instruction Fuzzy Hash: D6213771140324AFDF208F519C88A6B7BA8EF06722F104267FD25AF285D7B4DC80CBA4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004EA1DB, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 117threadwindowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 004EA129: GetParent.USER32(?), ref: 004EA17D
                                                      • Part of subcall function 004EA129: GetLastActivePopup.USER32(?), ref: 004EA18E
                                                      • Part of subcall function 004EA129: IsWindowEnabled.USER32(?), ref: 004EA1A2
                                                      • Part of subcall function 004EA129: EnableWindow.USER32(?,00000000), ref: 004EA1B5
                                                    • EnableWindow.USER32(?,00000001), ref: 004EA228
                                                    • GetWindowThreadProcessId.USER32(?,?), ref: 004EA23C
                                                    • GetCurrentProcessId.KERNEL32 ref: 004EA246
                                                    • SendMessageW.USER32(?,00000376,00000000,00000000), ref: 004EA25E
                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 004EA2DA
                                                    • EnableWindow.USER32(00000000,00000001), ref: 004EA321
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: Window$Enable$Process$ActiveCurrentEnabledFileLastMessageModuleNameParentPopupSendThread
                                                    • String ID: 0
                                                    • API String ID: 1877664794-4108050209
                                                    • Opcode ID: 4e06dc9e36e42f0d027df642a3a8bb607610d1277a50d7fd55888064b6ceacad
                                                    • Instruction ID: f7956d40731eb2c08d29a157a726f499b98c6b574206890c38f4d1a1b3b18594
                                                    • Opcode Fuzzy Hash: 4e06dc9e36e42f0d027df642a3a8bb607610d1277a50d7fd55888064b6ceacad
                                                    • Instruction Fuzzy Hash: 83410431A402589BCB21DF66DC88B9BB7B4FF14701F14059AF618E6380D775EE908F99
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00430030, Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 94memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 004E29AF: __EH_prolog3_catch.LIBCMT ref: 004E29B6
                                                    • _memset.LIBCMT ref: 00430089
                                                    • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 00430097
                                                      • Part of subcall function 00430340: RegOpenKeyExW.ADVAPI32(?,80000001,00000000,00000000,00000000,80000001,Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content), ref: 0043036A
                                                    • _DebugHeapAllocator.LIBCPMTD ref: 0043016A
                                                      • Part of subcall function 004303B0: RegQueryValueExW.ADVAPI32(00020019,00000004,00000000,00020019,80000001,00000004,?,80000001), ref: 004303E0
                                                      • Part of subcall function 004302F0: RegCloseKey.ADVAPI32 ref: 0043030E
                                                    Strings
                                                    • Cache, xrefs: 00430147
                                                    • Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content, xrefs: 004300A8
                                                    • CacheLimit, xrefs: 004300D2
                                                    • Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, xrefs: 00430116
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: AllocatorCloseDebugH_prolog3_catchHeapIterator_baseIterator_base::_OpenQueryValue_memsetstd::_
                                                    • String ID: Cache$CacheLimit$Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders$Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
                                                    • API String ID: 1171723603-2216438546
                                                    • Opcode ID: 18340be20037038b4f8d39e848687971348377a7a86ddf9a253cb8ced4562bec
                                                    • Instruction ID: 1e9d78f98ebe96338dac30710797d38b6d60df3d5e3768b007138007b2350326
                                                    • Opcode Fuzzy Hash: 18340be20037038b4f8d39e848687971348377a7a86ddf9a253cb8ced4562bec
                                                    • Instruction Fuzzy Hash: B4417E71D40318DADB28DB51DCAABE9B778AF48704F0042DEA50966183EBB56F48CF58
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0047C170, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 92COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • _strlen.LIBCMT ref: 0047C187
                                                      • Part of subcall function 0047C410: _memset.LIBCMT ref: 0047C45C
                                                      • Part of subcall function 0047C410: _memset.LIBCMT ref: 0047C482
                                                      • Part of subcall function 0047C410: _memset.LIBCMT ref: 0047C4E6
                                                    • _strlen.LIBCMT ref: 0047C1CF
                                                      • Part of subcall function 0047C410: _memset.LIBCMT ref: 0047C499
                                                    • _sprintf.LIBCMT ref: 0047C229
                                                    • _sprintf.LIBCMT ref: 0047C26C
                                                      • Part of subcall function 0052AB81: __output_l.LIBCMT ref: 0052ABD6
                                                    • _sprintf.LIBCMT ref: 0047C285
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: _memset$_sprintf$_strlen$__output_l
                                                    • String ID: %02x$wvG
                                                    • API String ID: 1631726754-334780254
                                                    • Opcode ID: 446f961479a1f5a01c6eafb956f63958609f15d46303c7052d07ca75d1850f49
                                                    • Instruction ID: 38b6c496610f25414ea312f3a3c9454f1907aa06b5b0499ac6e84050ff2b332b
                                                    • Opcode Fuzzy Hash: 446f961479a1f5a01c6eafb956f63958609f15d46303c7052d07ca75d1850f49
                                                    • Instruction Fuzzy Hash: C13196B5D00118AFDB00DBE4E882EED7B74AF59304F04C49DF50AA7242E6759B48CB95
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0044C0CA, Relevance: 10.6, APIs: 7, Instructions: 83memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: _wcscpy$AllocatorDebugHeap$_wcslen
                                                    • String ID:
                                                    • API String ID: 3445077089-0
                                                    • Opcode ID: 5b9754360f33c068f03e4237bfb45240cec20b31bc6da0de5616cb4500eb5a5b
                                                    • Instruction ID: 06eab46ea46d1d4830a542567c6227ab1475adcd9f43c5133a1fdb4891f23e15
                                                    • Opcode Fuzzy Hash: 5b9754360f33c068f03e4237bfb45240cec20b31bc6da0de5616cb4500eb5a5b
                                                    • Instruction Fuzzy Hash: 8B41A0F090151A8BCB20EF98EC81AED7775BB95308F14029AA419A3251FB346FA9CF05
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004DE0E0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 69synchronizationthreadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • WaitForSingleObject.KERNEL32(?,000007D0), ref: 004DE173
                                                    • TerminateThread.KERNEL32(?,00000000), ref: 004DE18E
                                                    • CloseHandle.KERNEL32(?,?,00000000), ref: 004DE19E
                                                    • DeleteCriticalSection.KERNEL32(?), ref: 004DE1BD
                                                    • DeleteCriticalSection.KERNEL32(?), ref: 004DE1CD
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: CriticalDeleteSection$CloseHandleObjectSingleTerminateThreadWait
                                                    • String ID: eM
                                                    • API String ID: 3765156640-2397571771
                                                    • Opcode ID: dd1305c7c874db6c7a0e88ebc3e7ecb0ac235df82eb3e195381c6cc6d310e5f2
                                                    • Instruction ID: 24115f28bd75c3eb9a887a5281abf275a09313561aea2375e09ec96053068056
                                                    • Opcode Fuzzy Hash: dd1305c7c874db6c7a0e88ebc3e7ecb0ac235df82eb3e195381c6cc6d310e5f2
                                                    • Instruction Fuzzy Hash: BD312774A04108EFDB14DF94C994BADB7B2EF44308F2481AAD8056B381C779AE55EF45
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004EA129, Relevance: 9.1, APIs: 6, Instructions: 69COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetWindowLongW.USER32(?,000000F0), ref: 004EA15C
                                                    • GetParent.USER32(?), ref: 004EA16A
                                                    • GetParent.USER32(?), ref: 004EA17D
                                                    • GetLastActivePopup.USER32(?), ref: 004EA18E
                                                    • IsWindowEnabled.USER32(?), ref: 004EA1A2
                                                    • EnableWindow.USER32(?,00000000), ref: 004EA1B5
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: Window$Parent$ActiveEnableEnabledLastLongPopup
                                                    • String ID:
                                                    • API String ID: 670545878-0
                                                    • Opcode ID: 7437ff64a3fd737aa2381fcf973f147c63dce1d87a017ad5d165a54a3c93c60e
                                                    • Instruction ID: 99d7cedfa6e542dbf768b793a7682a09c1ff3343b40ade9cba3f113326d0d179
                                                    • Opcode Fuzzy Hash: 7437ff64a3fd737aa2381fcf973f147c63dce1d87a017ad5d165a54a3c93c60e
                                                    • Instruction Fuzzy Hash: BE11E7329012B197DB325A6BAC40B6BF2986F55BA2F1A4117FD04E7300D72CFC15969B
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00440080, Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 311memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 004152D0: SendMessageW.USER32(?,0000003C,?,00000000), ref: 004152EA
                                                    • _feof.LIBCMT ref: 00440286
                                                    • _fgets.LIBCMT ref: 004402A6
                                                      • Part of subcall function 004FB845: SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 004FB851
                                                      • Part of subcall function 00440F10: SendMessageW.USER32(?,00001200,00000000,00000000), ref: 00440F27
                                                      • Part of subcall function 00411660: _DebugHeapAllocator.LIBCPMTD ref: 004117A8
                                                    • _DebugHeapAllocator.LIBCPMTD ref: 00440415
                                                    • _DebugHeapAllocator.LIBCPMTD ref: 004404D3
                                                      • Part of subcall function 0042D5D0: SendMessageW.USER32(EC8D8B00,00001004,00000000,00000000), ref: 0042D5E7
                                                      • Part of subcall function 004ECAE7: SendMessageW.USER32(?,00001074,00000001,?), ref: 004ECB0A
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: MessageSend$AllocatorDebugHeap$_feof_fgets
                                                    • String ID: \autocache.csv
                                                    • API String ID: 1258106796-475186618
                                                    • Opcode ID: 8ffae9ba01a70509a27ce41a0f3125af12a369d5321ba58d1257104d4f82e558
                                                    • Instruction ID: 6b77e0fed43cf3bf554b9c640573ced6b437fb50dafe383a2540d728c9836d05
                                                    • Opcode Fuzzy Hash: 8ffae9ba01a70509a27ce41a0f3125af12a369d5321ba58d1257104d4f82e558
                                                    • Instruction Fuzzy Hash: DED19E70D11118DADB14EB65DC9ABEEB774AF40308F5041EEA10A661D2DB781F88CF69
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004DE1E0, Relevance: 7.6, APIs: 5, Instructions: 65COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • EnterCriticalSection.KERNEL32(?,?,00000000,?,00000000), ref: 004DE1F2
                                                    • _memcmp.LIBCMT ref: 004DE236
                                                    • shutdown.WS2_32(?,00000002), ref: 004DE27C
                                                    • closesocket.WS2_32(?), ref: 004DE293
                                                    • LeaveCriticalSection.KERNEL32(?,?,?,?,?,00000001,00000001), ref: 004DE2BE
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: CriticalSection$EnterLeave_memcmpclosesocketshutdown
                                                    • String ID:
                                                    • API String ID: 3420562848-0
                                                    • Opcode ID: 1f4921b09e584ba711365ad9fd2966a61abe831218766ec730b7f5d2aa072427
                                                    • Instruction ID: 3d6e118659796a8ce608c289c202a096c8dd62ce408f7fec8266bab9dfd28cce
                                                    • Opcode Fuzzy Hash: 1f4921b09e584ba711365ad9fd2966a61abe831218766ec730b7f5d2aa072427
                                                    • Instruction Fuzzy Hash: 9821A470904108EBC714DF98D4D8EADBBB5FF44308F2042E9D505AB381D735AA86EF45
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004D6120, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89stringCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • lstrlenW.KERNEL32(00000003), ref: 004D6168
                                                      • Part of subcall function 0047C410: _memset.LIBCMT ref: 0047C45C
                                                      • Part of subcall function 0047C410: _memset.LIBCMT ref: 0047C482
                                                      • Part of subcall function 0047C410: _memset.LIBCMT ref: 0047C4E6
                                                    • _memset.LIBCMT ref: 004D61E5
                                                    • __swprintf.LIBCMT ref: 004D622F
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: _memset$__swprintflstrlen
                                                    • String ID: %02x
                                                    • API String ID: 911319258-560843007
                                                    • Opcode ID: bd692555ab04ab97efc7616d286eb83a552b248698d5c1e970c03b7defc39da9
                                                    • Instruction ID: 5cfca3ac0e97510e9667d4b3ad8bcb64f22d9024b259dcd36c4cfb65d81373a9
                                                    • Opcode Fuzzy Hash: bd692555ab04ab97efc7616d286eb83a552b248698d5c1e970c03b7defc39da9
                                                    • Instruction Fuzzy Hash: 0E315AB1D002189BDB50DFA4DC95F9DB7B4BB48304F1086AEE51DA7281EB346A48CF58
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004901D0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37libraryloaderCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LoadLibraryW.KERNEL32(netapi32.dll,?,221F11CB), ref: 004901DB
                                                    • GetProcAddress.KERNEL32(00000000,NetQueryDisplayInformation), ref: 004901F8
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: AddressLibraryLoadProc
                                                    • String ID: NetQueryDisplayInformation$netapi32.dll
                                                    • API String ID: 2574300362-2206312924
                                                    • Opcode ID: a3b93ac0f4cb3830cd6c0c439dad152b66fd699c13ddb1f19ccee60e67ded496
                                                    • Instruction ID: 210f57db5b7c2c0b6f17a120128777abcbff0a0ac4434b60608924ec2a373012
                                                    • Opcode Fuzzy Hash: a3b93ac0f4cb3830cd6c0c439dad152b66fd699c13ddb1f19ccee60e67ded496
                                                    • Instruction Fuzzy Hash: DD013C75900208EFCF14DFE8E848EAE7BB9BB4C321F108659B91A93280D7349991DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00490180, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 25libraryloaderCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LoadLibraryW.KERNEL32(netapi32.dll,004900EB,00000000,?,?,?,?,?,?,221F11CB), ref: 0049018B
                                                    • GetProcAddress.KERNEL32(00000000,NetApiBufferFree), ref: 004901A7
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: AddressLibraryLoadProc
                                                    • String ID: NetApiBufferFree$netapi32.dll
                                                    • API String ID: 2574300362-3203301561
                                                    • Opcode ID: f71d3be7b97e34233a0f2a94ceb4f9024c4b27a9e537de67b1d5fefe6e53d40c
                                                    • Instruction ID: 3baed8ceb57f531411db4cd393b2e4fbb08ae254e7dbfb86887b424cd7cf26c0
                                                    • Opcode Fuzzy Hash: f71d3be7b97e34233a0f2a94ceb4f9024c4b27a9e537de67b1d5fefe6e53d40c
                                                    • Instruction Fuzzy Hash: 4DE0E534951218FFCF14AFB0D84965DBFB9AB14311F1045A6EC06A3240D7759684AB55
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00442130, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • _memset.LIBCMT ref: 004421A3
                                                    • SendARP.IPHLPAPI(?,00000000,000000FF,00000006), ref: 004421C0
                                                    Strings
                                                    • %02x%s%02x%s%02x%s%02x%s%02x%s%02x, xrefs: 00442238
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: Send_memset
                                                    • String ID: %02x%s%02x%s%02x%s%02x%s%02x%s%02x
                                                    • API String ID: 2636750717-2630596427
                                                    • Opcode ID: c8d951209618f30629de9a35d86f57f7930b7668e2d207056f19bf6189981c13
                                                    • Instruction ID: 159e7ca91a4e0ac491ec66bdedd5cf19fb53855f89d85e5104a2ae46e5cb9570
                                                    • Opcode Fuzzy Hash: c8d951209618f30629de9a35d86f57f7930b7668e2d207056f19bf6189981c13
                                                    • Instruction Fuzzy Hash: C9415BB1904649ABCB04CF95DC94FEFBBB5BF48310F148659F825A7284D774AA04CB68
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0044E130, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00415DA0: _DebugHeapAllocator.LIBCPMTD ref: 00415DF5
                                                    • _wcslen.LIBCMT ref: 0044E190
                                                    • _wcsncpy.LIBCMT ref: 0044E1F8
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: AllocatorDebugHeap_wcslen_wcsncpy
                                                    • String ID: >
                                                    • API String ID: 4250294650-325317158
                                                    • Opcode ID: 7133d3e42357972ec52903c27f8fefd5231224e2617dc398625161aac39e1f89
                                                    • Instruction ID: 1abad9199da53ece5c27c8c9cc5109aaa3036723e6b183e2160eece97323ba8c
                                                    • Opcode Fuzzy Hash: 7133d3e42357972ec52903c27f8fefd5231224e2617dc398625161aac39e1f89
                                                    • Instruction Fuzzy Hash: E1314975D04209DBDB04DF95C841BFEBBB4FF48304F10822AE816A7280DB795A45CB9A
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0043A1C0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • _DebugHeapAllocator.LIBCPMTD ref: 0043A222
                                                    • ShellExecuteW.SHELL32(00000000,open,00000000,00000000,00000000,00000005), ref: 0043A249
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: AllocatorDebugExecuteHeapShell
                                                    • String ID: open
                                                    • API String ID: 3086756788-2758837156
                                                    • Opcode ID: 278dc7ce1e157b968de7fcafc0b2395b04673148a611432e2bd6c70d7fbdfc48
                                                    • Instruction ID: 4f78a8dc791838d475968474e99fddb78fce5fb4facb0d0fb52946ca37dd1d89
                                                    • Opcode Fuzzy Hash: 278dc7ce1e157b968de7fcafc0b2395b04673148a611432e2bd6c70d7fbdfc48
                                                    • Instruction Fuzzy Hash: 07112B71D04609EBCB04DF94DC42BEEBBB4FB15714F50426EE411A72D1EB786A04CB65
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004360D0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: DecrementInterlockedcodecvt
                                                    • String ID: O_C
                                                    • API String ID: 1350567326-1450263134
                                                    • Opcode ID: c278075641e159c51ee2367c4cbeb9687e8915957ad2dd0d73f5a6a142af901b
                                                    • Instruction ID: 73e620952096345537e52684a5cdadea2a4acd08728c02b6d447dfc5570c380b
                                                    • Opcode Fuzzy Hash: c278075641e159c51ee2367c4cbeb9687e8915957ad2dd0d73f5a6a142af901b
                                                    • Instruction Fuzzy Hash: 56F017B4D0020DEBCF00DF94D8497AEBBB0BB08305F10849AD81167342D7745A40DF94
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00496050, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __vswprintf.LIBCMT ref: 00496068
                                                      • Part of subcall function 00529491: __vswprintf_l.LIBCMT ref: 005294A1
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.486737502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 0000000A.00000002.486718841.0000000000400000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488131162.0000000000574000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488606681.00000000005C3000.00000008.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488629262.00000000005C4000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488678008.00000000005FB000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488691487.000000000060B000.00000004.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.488722606.0000000000610000.00000002.00020000.sdmp Download File
                                                    • Associated: 0000000A.00000002.489311460.000000000067B000.00000002.00020000.sdmp Download File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_400000_CCProxy.jbxd
                                                    Similarity
                                                    • API ID: __vswprintf__vswprintf_l
                                                    • String ID: \I$\I
                                                    • API String ID: 952380700-1839597597
                                                    • Opcode ID: 91d935eca9bf2fd95cceb6226276ae98a386a90ae978155c6f787ea7db012250
                                                    • Instruction ID: 0ad1ce6ff572574561918d0fd37d94eadee151fa61f7c8e3fc8fa948157ac1b7
                                                    • Opcode Fuzzy Hash: 91d935eca9bf2fd95cceb6226276ae98a386a90ae978155c6f787ea7db012250
                                                    • Instruction Fuzzy Hash: B9E0B6B5D0020CABCF00DF98D985A9EBBB8AB48210F1081A9E908D7340E631AB158B91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%