Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
winamp59_9999_rc1_full_en-us.exe

Overview

General Information

Sample Name:winamp59_9999_rc1_full_en-us.exe
Analysis ID:676551
MD5:5a08cf7a8e694f9ae682d3f0cebff93e
SHA1:3f6989bc41adc1e1f630d2a8ecbd45fe99a14ace
SHA256:2dfd17ed43f638b60d97dac189a479ff8740234a3d170673730a196ca3a2385c
Infos:

Detection

Score:36
Range:0 - 100
Whitelisted:false
Confidence:60%

Compliance

Score:33
Range:0 - 100

Signatures

Multi AV Scanner detection for submitted file
Antivirus detection for dropped file
Uses netsh to modify the Windows network and firewall settings
Flash file may contain encrypted javascript
Sets file extension default program settings to executables
Modifies the windows firewall
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
Contains functionality which may be used to detect a debugger (GetProcessHeap)
EXE planting / hijacking vulnerabilities found
Drops files with a non-matching file extension (content does not match file extension)
Sample file is different than original file name gathered from version info
PE file contains strange resources
Drops PE files
Contains functionality to read the PEB
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Creates a process in suspended mode (likely to inject code)
Contains functionality for read data from the clipboard

Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")

Process Tree

  • System is w10x64
  • winamp59_9999_rc1_full_en-us.exe (PID: 1416 cmdline: "C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe" MD5: 5A08CF7A8E694F9AE682D3F0CEBFF93E)
    • Elevator.exe (PID: 5892 cmdline: "C:\Program Files (x86)\Winamp\elevator.exe" /RegServer MD5: 4DCA168AC0EE99081097BBBFB61CE6BE)
    • netsh.exe (PID: 5456 cmdline: netsh advfirewall firewall set rule name="Winamp" dir=in program="C:\Program Files (x86)\Winamp\winamp.exe" profile=private,public protocol=TCP new action=allow enable=yes MD5: A0AA3322BB46BBFC36AB9DC1DBBBB807)
      • conhost.exe (PID: 5760 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • netsh.exe (PID: 5496 cmdline: netsh advfirewall firewall add rule name="Winamp" dir=in action=allow program="C:\Program Files (x86)\Winamp\winamp.exe" enable=yes profile=private,public protocol=TCP MD5: A0AA3322BB46BBFC36AB9DC1DBBBB807)
      • conhost.exe (PID: 5684 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • netsh.exe (PID: 6072 cmdline: netsh advfirewall firewall set rule name="Winamp" dir=in program="C:\Program Files (x86)\Winamp\winamp.exe" profile=private,public protocol=UDP new action=allow enable=yes MD5: A0AA3322BB46BBFC36AB9DC1DBBBB807)
      • conhost.exe (PID: 6052 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • netsh.exe (PID: 5548 cmdline: netsh advfirewall firewall add rule name="Winamp" dir=in action=allow program="C:\Program Files (x86)\Winamp\winamp.exe" enable=yes profile=private,public protocol=UDP MD5: A0AA3322BB46BBFC36AB9DC1DBBBB807)
      • conhost.exe (PID: 4828 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: winamp59_9999_rc1_full_en-us.exeVirustotal: Detection: 7%Perma Link
Source: winamp59_9999_rc1_full_en-us.exeReversingLabs: Detection: 19%
Antivirus detection for dropped file
Source: C:\Program Files (x86)\Winamp\Plugins\ml_online.dllAvira: detection malicious, Label: HEUR/AGEN.1229998
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeEXE: netsh.exeJump to behavior

Compliance

barindex
Uses 32bit PE files
Source: winamp59_9999_rc1_full_en-us.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
EXE planting / hijacking vulnerabilities found
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeEXE: netsh.exeJump to behavior
Found installer window with terms and condition text
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeWindow detected: < &BackI &AgreeCancelWinamp 5.9 -- built on 27/07/2022 at 19:20:11 Winamp 5.9 -- built on 27/07/2022 at 19:20:11License AgreementPlease review the license terms before installing Winamp.Please read and agree to the license terms below before installing.End-User License Agreement - WINAMP PLAYERLast Updated: 15 July 2022This Agreement is a legally binding contract that includes terms that limit your legal rights and shall govern all access to and use of this Software. You hereby agree without limitation or alteration to all the terms and conditions contained herein.By installing copying or otherwise using the Licensed Product (Software) the Licensee agrees to be bound by the terms and conditions outlined in this EULA. However if the Licensee does not agree to the terms and conditions outlined in this EULA the said Licensee may not download install or use Software.If you are entering into this EULA agreement on behalf of a company or other legal entity you represent that you have the authority to bind such entity and its affiliates to these terms and conditions. If you do not have such authority or if you do not agree with the terms and conditions of this EULA agreement do not install or use the Software and you must not accept this EULA agreement.You will have a choice whether to install the software and whether some settings will be changed on your computer. You will also have a choice whether Winamp reports anonymous usage statistics to us which we use to improve Winamp.Definitions"EULA or Agreement shall refer to this End-User-License-Agreement including any amendment to this Agreement."Licensee" shall refer to the individual or entity that downloads and uses the Software."Licensor or Winamp" shall refer to the company Winamp SA located at Lennik Road 451 1070 Brussels - Belgium."Software or Licensed product" shall mean the executable code version and features of the Winamp player available at the following URL: https://download.nullsoft.com/winamp/ all associated upgrades updates patches supplemental applications associated media documentation and online service provided by Winamp its affiliates and suppliers and any WINAMP SA created Skins and Winamp Plug-ins distributed by Winamp for use with the Software whether Licensee installs them at the time of installation of the Winamp player or separately from the Winamp.com website.Plug-in" means a plug-in (a small software program that adds a specific capability to another program such as the Winamp player) owned and offered by Winamp as part of the Software for use with the Software.Skin" means a graphical interface for the Software that changes the look but not the functionality and includes the text files that define how the skin is built the scripts that define how it should behave and the graphics that create the visual look. "Update" means a revision to the Software designated by a change in the version number to the right of the decimal place."Upgrade" means a revision to the Software
PE / OLE file has a valid certificate
Source: winamp59_9999_rc1_full_en-us.exeStatic PE information: certificate valid
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: winamp59_9999_rc1_full_en-us.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Binary contains paths to debug symbols
Source: Binary string: =FD:\APES\multi filter\Debug\multifilter.pdbpMZ source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\APES\multi filter\Debug\multifilter.pdb source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeCode function: 0_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405D74
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeCode function: 0_2_0040699E FindFirstFileW,FindClose,0_2_0040699E
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeCode function: 0_2_0040290B FindFirstFileW,0_2_0040290B
Source: C:\Program Files (x86)\Winamp\Elevator.exeCode function: 8_2_00401ACD PathCombineW,FindFirstFileW,PathCombineW,DeleteFileW,MoveFileExW,MoveFileExW,FindNextFileW,FindClose,RemoveDirectoryW,8_2_00401ACD
Source: C:\Program Files (x86)\Winamp\Elevator.exeCode function: 8_2_0040B77A FindFirstFileExW,8_2_0040B77A
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://.css
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://.jpg
Source: in_wm.dll.0.drString found in binary or memory: http:///.%s&=.wma%s?.wmaREPEATcountPARAMnamevaluestationencoding&amp;GETRef%dReference&=.wma?.wma
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.696484562.000000000330E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:%d/?a=%s&l=%s&t=%s&d=%s%s%s
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.696484562.000000000330E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:%d/?a=%s&l=%s&t=%s&d=%s%s%sC:
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.696484562.000000000330E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:artistalbumtitlehttps://help.winamp.com/hc/articles/8106455294612-Winamp-Portables-
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.694185077.0000000002EBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ati.amd.com/support/driver.html
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://aurgasm.us
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://avs.acko.net/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://avs.acko.net///
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://betterpropaganda.com/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://blog.largeheartedboy.com/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://broadband-albumart.music.aol.com/scan/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://broadband-albumart.music.aol.com/scan/q
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://brooklynvegan.com/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://buffalotones.blogspot.co.uk/
Source: winamp59_9999_rc1_full_en-us.exe, Elevator.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: winamp59_9999_rc1_full_en-us.exe, Elevator.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: winamp59_9999_rc1_full_en-us.exe, Elevator.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: winamp59_9999_rc1_full_en-us.exe, Elevator.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://client.winamp.com/data/skins?o=links&sid=bento&version=%s&waversion=%s&build=%i&browserversio
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://client.winamp.com/nowplaying/artist/?icid=
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://client.winamp.com/nowplaying/artist/?icid=notifiermodern&artistName=
Source: ml_local.dll.0.drString found in binary or memory: http://client.winamp.com/nowplaying/artist?artistName=%s&icid=localmediagetartistinfo
Source: ml_local.dll.0.drString found in binary or memory: http://client.winamp.com/nowplaying/artist?artistName=%s&icid=localmediagetartistinfoav_art_col_%hs(
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://client.winamp.com/nowplayingBaseWindow_RootWnd%cinternal_action0.%d:%02d%d:%02d:%02d%#c://ski
Source: ml_online.dll.0.drString found in binary or memory: http://client.winamp.com/services;order
Source: winamp59_9999_rc1_full_en-us.exe, Elevator.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: winamp59_9999_rc1_full_en-us.exe, Elevator.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: winamp59_9999_rc1_full_en-us.exe, Elevator.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: Elevator.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: winamp59_9999_rc1_full_en-us.exe, Elevator.exe.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://customize.org/winamp3
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.694185077.0000000002EBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://downloadcenter.intel.com/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://duo.deviantART.com
Source: enc_flac.dll.0.drString found in binary or memory: http://flac.sf.net/
Source: enc_flac.dll.0.drString found in binary or memory: http://flac.sf.net/2.45bitrate755extensionflacUxTheme.dllKERNEL32.DLLAcquireSRWLockExclusiveReleaseS
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://forums.winamp.com/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.694185077.0000000002EBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://forums.winamp.com/forumdisplay.php?forumid=81
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://forums.winamp.com/showthread.php?threadid=276371
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.694185077.0000000002EBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://forums.winamp.com/showthread.php?threadid=83401
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://freemusicarchive.org/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://html4/loose.dtd
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jay-fatboy.deviantart.com
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jheriko.deviantart.com
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://modarchive.org/
Source: in_mod.dll.0.drString found in binary or memory: http://modplug-xmms.sourceforge.net/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://music.for-robots.com/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://noisetrade.com/
Source: winamp59_9999_rc1_full_en-us.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: winamp59_9999_rc1_full_en-us.exe, Elevator.exe.0.drString found in binary or memory: http://ocsp.digicert.com0
Source: winamp59_9999_rc1_full_en-us.exe, Elevator.exe.0.drString found in binary or memory: http://ocsp.digicert.com0A
Source: winamp59_9999_rc1_full_en-us.exe, Elevator.exe.0.drString found in binary or memory: http://ocsp.digicert.com0C
Source: winamp59_9999_rc1_full_en-us.exe, Elevator.exe.0.drString found in binary or memory: http://ocsp.digicert.com0X
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pishiru.deviantart.com
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://prettymuchamazing.com/
Source: in_mod.dll.0.drString found in binary or memory: http://schismtracker.org/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://scissorkick.com/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://search.winamp.com/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://search.winamp.com/search/afe?query=
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://search.winamp.com/search/search?invocationType=en00-winamp-553--clientpage&query=
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://search.winamp.com/search/search?invocationType=en00-winamp-553--ws&query=
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://search.winamp.com/search/search?invocationType=enus-winamp-553--as&query=
Source: ml_online.dll.0.drString found in binary or memory: http://services.winamp.com/svc/action?action=%s&svc_id=%u&unique_id=%s
Source: ml_online.dll.0.drString found in binary or memory: http://services.winamp.com/svc/default?svc_ids=%u%u
Source: ml_online.dll.0.drString found in binary or memory: http://services.winamp.com/svc/rating?svc_id=%u&unique_id=%s&rating=%daddremovehttp://services.winam
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://skinconsortium.com/index.php?page=Downloads&amp;typeID=1
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://slirsredirect.search.aol.com/redirector/sredir?sredir=1840&invocationType=en00-winamp-55--ws&
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://slirsredirect.search.aol.com/redirector/sredir?sredir=1841&invocationType=en00-winamp-55--as&
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://somuchsilence.com/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sophiesfloorboard.blogspot.co.uk/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://soul-sides.com/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://soundcloud.com
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tonic.deviantart.com
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tripjam.blogspot.co.uk/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://uploadgeneration.info/Winamp/www.winamp.com/skins.html
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://wiki.winamp.com/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://winampheritage.com/skins
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.1001skins.com/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.3hive.com/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.allwinampskins.com/
Source: ml_impex.dll.0.drString found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.aquariumdrunkard.com/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.aural-innovations.com/main/main.html
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.bandcamp.com
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.bandsintown.com/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.694185077.0000000002EBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.bfgtech.com/driverdownload.aspx
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.blogotheque.net/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.694185077.0000000002EBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.creative.com/language.asp?sDestUrl=/support/downloads
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.daytrotter.com/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.deviantart.com/browse/all/?q=winamp
Source: winamp59_9999_rc1_full_en-us.exe, Elevator.exe.0.drString found in binary or memory: http://www.digicert.com/CPS0
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.discobelle.net/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.694185077.0000000002EBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.dmmdownload.com/current.php
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.eachnotesecure.com/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ektoplazm.com/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.epitonic.com
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.694185077.0000000002EBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.evga.com/support/drivers/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fingertipsmusic.com/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fluxblog.org/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.694185077.0000000002EBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fraps.com/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.geisswerks.com/milkdrop/Milkdrop2
Source: enc_vorbis.dll.0.drString found in binary or memory: http://www.geocities.jp/aoyoume/aotuv/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/search?q=
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/search?q=Winamp
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.gorillavsbear.net/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.hotmixradio.fr
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.hypem.com
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.694185077.0000000002EBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.hyperionics.com
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.idolator.com/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jambase.com/search.asp?band=
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jamendo.com
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.javigate.com/FunkyFX/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.kahvi.org/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.laridae.at
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.last.fm/music/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.694185077.0000000002EBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.matrox.com/graphics/en/corpo/support/drivers/home.php
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mfiles.co.uk/mp3-files.htm
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.694185077.0000000002EBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.milkdrop.co.uk/
Source: enc_lame.dll.0.drString found in binary or memory: http://www.mp3dev.org/
Source: enc_lame.dll.0.drString found in binary or memory: http://www.mp3dev.org/ID3Error
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mp3unsigned.com/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.694185077.0000000002EBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.nullsoft.com/free/milkdrop
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.694185077.0000000002EBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.nullsoft.com/free/milkdrop/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.694185077.0000000002EBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.nvidia.com/page/drivers.html
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.pollstar.com/tour/searchall.pl?By=All&Content=
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.progarchives.com/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.purevolume.com/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.694185077.0000000002EBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.s3graphics.com/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.saidthegramophone.com/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.shoutcast.com
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.694185077.0000000002EBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sis.com/download/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.skinconsortium.com/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.soundclick.com
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.stereogum.com/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tagstrance.com/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.traxinspace.com
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.unsignedbandweb.com/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.694185077.0000000002EBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.via.com.tw/en/products/graphics/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.694185077.0000000002EBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.visiontek.com/teksupport/drivers/drivers.html
Source: ml_wire.dll.0.drString found in binary or memory: http://www.winamp.com
Source: in_wm.dll.0.drString found in binary or memory: http://www.winamp.com.asx
Source: winamp59_9999_rc1_full_en-us.exeString found in binary or memory: http://www.winamp.com/
Source: ml_online.dll.0.drString found in binary or memory: http://www.winamp.com/legal/abuse?svc_id=%u&unique=%sInfohttp://client.winamp.com/service/detail/%s/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.winamp.com/plugins/search/?q=
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.winamp.com/skins/search/?s=c&q=
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.winamp.com/skins/search/?s=m&q=
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.winampskins.info/
Source: nxlite.dll.0.drString found in binary or memory: http://www.winimage.com/zLibDll
Source: nxlite.dll.0.drString found in binary or memory: http://www.winimage.com/zLibDll1.2.12rbr
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.694185077.0000000002EBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.xfxforce.com/web/support/showSearchDriversProductCode.jspa
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.694185077.0000000002EBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www2.pny.com/support/support.aspx
Source: in_mod.dll.0.drString found in binary or memory: http://xaimus.com/)
Source: enc_vorbis.dll.0.drString found in binary or memory: http://xiph.org/vorbis/
Source: enc_vorbis.dll.0.drString found in binary or memory: http://xiph.org/vorbis/http://www.geocities.jp/aoyoume/aotuv/8
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://zamuz.deviantart.com
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://archive.org/details/audio
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://archive.org/details/etree
Source: in_mod.dll.0.drString found in binary or memory: https://bel.fi/alankila/modguide/interpolate.txt
Source: ml_wire.dll.0.drString found in binary or memory: https://client.winamp.com/podcasts$
Source: in_mod.dll.0.drString found in binary or memory: https://coda.s3m.us/)
Source: in_mod.dll.0.drString found in binary or memory: https://github.com/iamgreaser/it2everything/
Source: in_mod.dll.0.drString found in binary or memory: https://github.com/lclevy/unmo3
Source: in_mod.dll.0.drString found in binary or memory: https://github.com/ryuhei-mori/tinyfft
Source: in_mod.dll.0.drString found in binary or memory: https://github.com/viiri/st2play
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hearthis.at/categories/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://help.shoutcast.com/hc/sections/360003346493-Winamp-for-Windows
Source: ml_local.dll.0.drString found in binary or memory: https://help.winamp.com/hc/articles/8105244490772-Player-Overview
Source: ml_local.dll.0.drString found in binary or memory: https://help.winamp.com/hc/articles/8105244490772-Player-Overviewopen%.36s...?artist
Source: ml_local.dll.0.drString found in binary or memory: https://help.winamp.com/hc/articles/8105304048660-The-Winamp-Media-Libraryz
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.696484562.000000000330E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://help.winamp.com/hc/articles/8106455294612-Winamp-Portables-Guide
Source: ml_playlists.dll.0.drString found in binary or memory: https://help.winamp.com/hc/articles/8109547717268-Winamp-Playlists
Source: ml_disc.dll.0.drString found in binary or memory: https://help.winamp.com/hc/articles/8111574760468-CD-Ripping-with-Winampnullsoft(ml_disc.dll)qg
Source: ml_wire.dll.0.drString found in binary or memory: https://help.winamp.com/hc/articles/8112346487060-Podcast-Directory1ispodcastpodcastchannelpodcastpu
Source: ml_online.dll.0.drString found in binary or memory: https://help.winamp.com/hc/articles/8112753225364-Online-Services-SecurityNullsoftCommandLink
Source: in_mod.dll.0.drString found in binary or memory: https://joaobapt.com/)
Source: in_mod.dll.0.drString found in binary or memory: https://kode54.net/)
Source: in_mod.dll.0.drString found in binary or memory: https://lib.openmpt.org/https://lib.openmpt.org/libopenmpt/download/https://forum.openmpt.org/https:
Source: in_mod.dll.0.drString found in binary or memory: https://mpg123.de/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://musopen.org/
Source: in_mod.dll.0.drString found in binary or memory: https://revenant1.net/)
Source: in_mod.dll.0.drString found in binary or memory: https://source.openmpt.org/svn/openmpt/trunk/OpenMPT
Source: in_mod.dll.0.drString found in binary or memory: https://source.openmpt.org/svn/openmpt/trunk/OpenMPT2022-05-13T04:56:00Z
Source: in_mod.dll.0.drString found in binary or memory: https://twitter.com/daniel_collin
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.696484562.000000000330E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://winampheritage.com/plugin/nullsoft-tray-control-plug-in-icon-pack/222396
Source: in_mod.dll.0.drString found in binary or memory: https://www.3eality.com/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mixcloud.com/discover/
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reverbnation.com/
Source: in_mod.dll.0.drString found in binary or memory: https://xiph.org/ogg/
Source: in_mod.dll.0.drString found in binary or memory: https://xiph.org/vorbis/
Source: in_mod.dll.0.drString found in binary or memory: https://zlib.net/
Source: unknownDNS traffic detected: queries for: www.google.com
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeCode function: 0_2_00405809 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,FindCloseChangeNotification,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405809
Source: winamp59_9999_rc1_full_en-us.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeCode function: 0_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403640
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeCode function: 0_2_00406D5F0_2_00406D5F
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeCode function: 0_2_6F561BFF0_2_6F561BFF
Source: C:\Program Files (x86)\Winamp\Elevator.exeCode function: 8_2_0040706D8_2_0040706D
Source: C:\Program Files (x86)\Winamp\Elevator.exeCode function: 8_2_0041396C8_2_0041396C
Source: C:\Program Files (x86)\Winamp\Elevator.exeCode function: 8_2_0041210C8_2_0041210C
Source: C:\Program Files (x86)\Winamp\Elevator.exeCode function: 8_2_0041222C8_2_0041222C
Source: C:\Program Files (x86)\Winamp\Elevator.exeCode function: 8_2_0040E6F08_2_0040E6F0
Source: C:\Program Files (x86)\Winamp\Elevator.exeCode function: 8_2_0040EB888_2_0040EB88
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.696484562.000000000330E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamein_linein.dll. vs winamp59_9999_rc1_full_en-us.exe
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.696484562.000000000330E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameml_pmp.dll. vs winamp59_9999_rc1_full_en-us.exe
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.696484562.000000000330E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameml_devices.dll. vs winamp59_9999_rc1_full_en-us.exe
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.696484562.000000000330E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedevices.w5s^ vs winamp59_9999_rc1_full_en-us.exe
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.696484562.000000000330E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepmp_ipod.dll. vs winamp59_9999_rc1_full_en-us.exe
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.696484562.000000000330E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepmp_njb.dll. vs winamp59_9999_rc1_full_en-us.exe
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.696484562.000000000330E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepmp_p4s.dll. vs winamp59_9999_rc1_full_en-us.exe
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.696484562.000000000330E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepmp_usb.dll. vs winamp59_9999_rc1_full_en-us.exe
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.696484562.000000000330E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepmp_android.dll. vs winamp59_9999_rc1_full_en-us.exe
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.696484562.000000000330E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewasabi2.w5sb! vs winamp59_9999_rc1_full_en-us.exe
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.696484562.000000000330E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamessdp.w6cP vs winamp59_9999_rc1_full_en-us.exe
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.696484562.000000000330E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepmp_wifi.dll. vs winamp59_9999_rc1_full_en-us.exe
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.696484562.000000000330E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepmp_activesync.dll. vs winamp59_9999_rc1_full_en-us.exe
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.696484562.000000000330E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegen_hotkeys.dll. vs winamp59_9999_rc1_full_en-us.exe
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.696484562.000000000330E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegen_tray.dll. vs winamp59_9999_rc1_full_en-us.exe
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.696484562.000000000330E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefilereader.w5sV vs winamp59_9999_rc1_full_en-us.exe
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.696484562.000000000330E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenametimer.w5sz- vs winamp59_9999_rc1_full_en-us.exe
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegen_ff.dll. vs winamp59_9999_rc1_full_en-us.exe
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefreetype.wacZ vs winamp59_9999_rc1_full_en-us.exe
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevis_avs.dll vs winamp59_9999_rc1_full_en-us.exe
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamecolormap.ape vs winamp59_9999_rc1_full_en-us.exe
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenametexer.ape vs winamp59_9999_rc1_full_en-us.exe
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenametexer2.ape vs winamp59_9999_rc1_full_en-us.exe
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevis_milk2.dll. vs winamp59_9999_rc1_full_en-us.exe
Source: winamp59_9999_rc1_full_en-us.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: winamp59_9999_rc1_full_en-us.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: winamp59_9999_rc1_full_en-us.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: winamp.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: winamp.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: winamp.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: winamp.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: winamp.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: winamp.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: winamp.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: winamp.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: winamp.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: winamp.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: winamp.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: winamp.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: winamp.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: winamp.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: winamp.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: winamp.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: winamp.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: winamp.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: winamp.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: winamp.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Elevator.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Elevator.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Elevator.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: reporter.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: reporter.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: reporter.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: winampa.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: winampa.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: winampa.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: gen_ml.dll.0.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: gen_ml.dll.0.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: gen_ml.dll.0.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: gen_ml.dll.0.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: ml_local.dll.0.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: ml_local.dll.0.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: ml_local.dll.0.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: ml_local.dll.0.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: ml_local.dll.0.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: ml_local.dll.0.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: ml_local.dll.0.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: ml_local.dll.0.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: ml_local.dll.0.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: ml_local.dll.0.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: ml_local.dll.0.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: ml_local.dll.0.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: ml_local.dll.0.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: ml_playlists.dll.0.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: ml_bookmarks.dll.0.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: ml_history.dll.0.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: ml_downloads.dll.0.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: ml_downloads.dll.0.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: ml_downloads.dll.0.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: ml_downloads.dll.0.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: winamp59_9999_rc1_full_en-us.exeVirustotal: Detection: 7%
Source: winamp59_9999_rc1_full_en-us.exeReversingLabs: Detection: 19%
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile read: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeJump to behavior
Source: winamp59_9999_rc1_full_en-us.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe "C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe"
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeProcess created: C:\Program Files (x86)\Winamp\Elevator.exe "C:\Program Files (x86)\Winamp\elevator.exe" /RegServer
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall set rule name="Winamp" dir=in program="C:\Program Files (x86)\Winamp\winamp.exe" profile=private,public protocol=TCP new action=allow enable=yes
Source: C:\Windows\SysWOW64\netsh.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall add rule name="Winamp" dir=in action=allow program="C:\Program Files (x86)\Winamp\winamp.exe" enable=yes profile=private,public protocol=TCP
Source: C:\Windows\SysWOW64\netsh.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall set rule name="Winamp" dir=in program="C:\Program Files (x86)\Winamp\winamp.exe" profile=private,public protocol=UDP new action=allow enable=yes
Source: C:\Windows\SysWOW64\netsh.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall add rule name="Winamp" dir=in action=allow program="C:\Program Files (x86)\Winamp\winamp.exe" enable=yes profile=private,public protocol=UDP
Source: C:\Windows\SysWOW64\netsh.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeProcess created: C:\Program Files (x86)\Winamp\Elevator.exe "C:\Program Files (x86)\Winamp\elevator.exe" /RegServerJump to behavior
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall set rule name="Winamp" dir=in program="C:\Program Files (x86)\Winamp\winamp.exe" profile=private,public protocol=TCP new action=allow enable=yesJump to behavior
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall add rule name="Winamp" dir=in action=allow program="C:\Program Files (x86)\Winamp\winamp.exe" enable=yes profile=private,public protocol=TCPJump to behavior
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall set rule name="Winamp" dir=in program="C:\Program Files (x86)\Winamp\winamp.exe" profile=private,public protocol=UDP new action=allow enable=yesJump to behavior
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall add rule name="Winamp" dir=in action=allow program="C:\Program Files (x86)\Winamp\winamp.exe" enable=yes profile=private,public protocol=UDPJump to behavior
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeCode function: 0_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403640
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Users\user\AppData\Roaming\WinampJump to behavior
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Users\user\AppData\Local\Temp\nsc8C52.tmpJump to behavior
Source: classification engineClassification label: sus36.evad.winEXE@15/116@2/0
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeCode function: 0_2_004021AA CoCreateInstance,0_2_004021AA
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeCode function: 0_2_00404AB5 GetDlgItem,SetWindowTextW,SHAutoComplete,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceExW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_00404AB5
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5760:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5684:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4828:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6052:120:WilError_01
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\WinampJump to behavior
Source: C:\Program Files (x86)\Winamp\Elevator.exeCommand line argument: /RegServer8_2_004016FF
Source: C:\Program Files (x86)\Winamp\Elevator.exeCommand line argument: -RegServer8_2_004016FF
Source: C:\Program Files (x86)\Winamp\Elevator.exeCommand line argument: /UnregServer8_2_004016FF
Source: C:\Program Files (x86)\Winamp\Elevator.exeCommand line argument: -UnregServer8_2_004016FF
Source: C:\Program Files (x86)\Winamp\Elevator.exeCommand line argument: /Embedding8_2_004016FF
Source: C:\Program Files (x86)\Winamp\Elevator.exeCommand line argument: -Embedding8_2_004016FF
Source: C:\Program Files (x86)\Winamp\Elevator.exeCommand line argument: ?A8_2_00413F40
Source: winamp59_9999_rc1_full_en-us.exeString found in binary or memory: fH/AddHo
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile written: C:\Users\user\AppData\Local\Temp\nsc8CF0.tmp\install.iniJump to behavior
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeAutomated click: Next >
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeAutomated click: I Agree
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeAutomated click: Next >
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeAutomated click: Next >
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeAutomated click: Install
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeWindow detected: < &BackI &AgreeCancelWinamp 5.9 -- built on 27/07/2022 at 19:20:11 Winamp 5.9 -- built on 27/07/2022 at 19:20:11License AgreementPlease review the license terms before installing Winamp.Please read and agree to the license terms below before installing.End-User License Agreement - WINAMP PLAYERLast Updated: 15 July 2022This Agreement is a legally binding contract that includes terms that limit your legal rights and shall govern all access to and use of this Software. You hereby agree without limitation or alteration to all the terms and conditions contained herein.By installing copying or otherwise using the Licensed Product (Software) the Licensee agrees to be bound by the terms and conditions outlined in this EULA. However if the Licensee does not agree to the terms and conditions outlined in this EULA the said Licensee may not download install or use Software.If you are entering into this EULA agreement on behalf of a company or other legal entity you represent that you have the authority to bind such entity and its affiliates to these terms and conditions. If you do not have such authority or if you do not agree with the terms and conditions of this EULA agreement do not install or use the Software and you must not accept this EULA agreement.You will have a choice whether to install the software and whether some settings will be changed on your computer. You will also have a choice whether Winamp reports anonymous usage statistics to us which we use to improve Winamp.Definitions"EULA or Agreement shall refer to this End-User-License-Agreement including any amendment to this Agreement."Licensee" shall refer to the individual or entity that downloads and uses the Software."Licensor or Winamp" shall refer to the company Winamp SA located at Lennik Road 451 1070 Brussels - Belgium."Software or Licensed product" shall mean the executable code version and features of the Winamp player available at the following URL: https://download.nullsoft.com/winamp/ all associated upgrades updates patches supplemental applications associated media documentation and online service provided by Winamp its affiliates and suppliers and any WINAMP SA created Skins and Winamp Plug-ins distributed by Winamp for use with the Software whether Licensee installs them at the time of installation of the Winamp player or separately from the Winamp.com website.Plug-in" means a plug-in (a small software program that adds a specific capability to another program such as the Winamp player) owned and offered by Winamp as part of the Software for use with the Software.Skin" means a graphical interface for the Software that changes the look but not the functionality and includes the text files that define how the skin is built the scripts that define how it should behave and the graphics that create the visual look. "Update" means a revision to the Software designated by a change in the version number to the right of the decimal place."Upgrade" means a revision to the Software
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: winamp59_9999_rc1_full_en-us.exeStatic file information: File size 11394048 > 1048576
Source: winamp59_9999_rc1_full_en-us.exeStatic PE information: certificate valid
Source: winamp59_9999_rc1_full_en-us.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: =FD:\APES\multi filter\Debug\multifilter.pdbpMZ source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\APES\multi filter\Debug\multifilter.pdb source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeCode function: 0_2_6F5630C0 push eax; ret 0_2_6F5630EE
Source: ElevatorPS.dll.0.drStatic PE information: section name: .orpc
Source: in_mod.dll.0.drStatic PE information: section name: _RDATA
Source: in_wave.dll.0.drStatic PE information: section name: .rodata
Source: mp3.w5s.0.drStatic PE information: section name: .rodata
Source: vp8.w5s.0.drStatic PE information: section name: .rodata
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeCode function: 0_2_6F561BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_6F561BFF
Source: initial sampleStatic PE information: section name: .text entropy: 6.830247642881584
Source: initial sampleStatic PE information: section name: .text entropy: 6.813502474112523
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\System\mp4v.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\System\adpcm.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\System\aacdec.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\System\pcm.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\System\dlmgr.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\System\tagz.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\System\albumart.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\System\f263.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\System\playlist.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\System\xspf.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\System\xml.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\System\jpeg.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\System\png.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\System\theora.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\System\bmp.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\System\gif.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\System\mp3.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\System\vlb.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\System\alac.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\System\jnetlib.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\System\omBrowser.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\System\vp6.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\System\vp8.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\System\h264.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\System\bmp.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\Plugins\in_avi.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\System\xml.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\System\jnetlib.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\Plugins\in_mp4.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\Plugins\in_mkv.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\Plugins\out_wave.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\Plugins\in_flv.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\Shared\libalac.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\Plugins\ml_rg.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\Shared\nde.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\Plugins\enc_wav.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\Plugins\in_swf.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\Plugins\enc_flac.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\Plugins\in_flac.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\Plugins\out_disk.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\Plugins\ml_wire.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\Plugins\gen_ml.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\Plugins\in_mp3.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\Plugins\ml_impex.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\System\theora.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\Shared\nsutil.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\System\gif.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\Plugins\nsvdec_vp5.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Users\user\AppData\Local\Temp\nsc8CF0.tmp\nsDialogs.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\System\vlb.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\Plugins\ml_local.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\System\albumart.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\Plugins\in_cdda.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\Plugins\ml_bookmarks.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\winampa.exeJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\Elevator.exeJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\Shared\jnetlib.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\System\playlist.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\reporter.exeJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\Plugins\ml_playlists.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\System\dlmgr.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\System\png.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\Plugins\gen_crasher.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\System\adpcm.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Users\user\AppData\Local\Temp\nsc8CF0.tmp\LangDLL.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\winamp.exeJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Users\user\AppData\Local\Temp\nsc8CF0.tmp\execDos.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\Shared\nxlite.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\Plugins\ml_disc.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\Plugins\in_dshow.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\Plugins\in_vorbis.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\Shared\ReplayGainAnalysis.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\Plugins\out_ds.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\System\xspf.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\System\omBrowser.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\System\vp6.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\System\jpeg.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\Plugins\ml_downloads.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\System\vp8.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\System\aacdec.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\Plugins\ml_online.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\System\mp3.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\Shared\ElevatorPS.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\System\h264.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\System\mp4v.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\Plugins\in_midi.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\Plugins\in_wave.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\System\tagz.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\Plugins\in_mod.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\Plugins\dsp_sps.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\Plugins\enc_wma.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Users\user\AppData\Local\Temp\nsc8CF0.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\System\f263.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\Plugins\in_nsv.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\Plugins\in_wm.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\System\alac.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\Shared\libmp4v2.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\System\pcm.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\Plugins\out_wasapi.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\Shared\read_file.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\Plugins\ml_transcode.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\Shared\tataki.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Users\user\AppData\Local\Temp\nsc8CF0.tmp\nsis_winamp.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\Plugins\ml_history.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\Plugins\enc_vorbis.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile created: C:\Program Files (x86)\Winamp\Plugins\enc_lame.dllJump to dropped file

Boot Survival

barindex
Sets file extension default program settings to executables
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\UVOX\shell\open\command C:\Program Files (x86)\Winamp\winamp.exe %1Jump to behavior
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SC\shell\open\command C:\Program Files (x86)\Winamp\winamp.exe %1Jump to behavior
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ICY\shell\open\command C:\Program Files (x86)\Winamp\winamp.exe %1Jump to behavior
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SHOUT\shell\open\command C:\Program Files (x86)\Winamp\winamp.exe %1Jump to behavior
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\UNSV\shell\open\command C:\Program Files (x86)\Winamp\winamp.exe %1Jump to behavior

Hooking and other Techniques for Hiding and Protection

barindex
Flash file may contain encrypted javascript
Source: winampFLV.swf.0.drStatic Flash information: Found token: unescape in unescapetype must b
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\System\bmp.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\Plugins\in_avi.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\System\xml.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\System\jnetlib.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\Plugins\in_mp4.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\Plugins\in_mkv.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\Plugins\out_wave.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\Plugins\in_flv.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\Shared\libalac.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\Plugins\ml_rg.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\Shared\nde.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\Plugins\enc_wav.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\Plugins\in_flac.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\Plugins\in_swf.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\Plugins\enc_flac.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\Plugins\out_disk.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\Plugins\ml_wire.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\Plugins\gen_ml.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\Plugins\in_mp3.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\Plugins\ml_impex.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\System\theora.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\Shared\nsutil.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\System\gif.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\Plugins\nsvdec_vp5.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\System\vlb.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\Plugins\ml_local.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\System\albumart.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\Plugins\in_cdda.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\Plugins\ml_bookmarks.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\winampa.exeJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\Shared\jnetlib.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\reporter.exeJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\System\playlist.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\Plugins\ml_playlists.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\System\dlmgr.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\System\png.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\Plugins\gen_crasher.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\System\adpcm.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\winamp.exeJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\Shared\nxlite.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\Plugins\ml_disc.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\Plugins\in_dshow.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\Plugins\in_vorbis.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\Shared\ReplayGainAnalysis.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\System\omBrowser.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\Plugins\out_ds.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\System\xspf.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\System\vp6.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\System\jpeg.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\System\vp8.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\Plugins\ml_downloads.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\System\aacdec.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\Plugins\ml_online.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\System\mp3.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\Shared\ElevatorPS.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\System\h264.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\System\mp4v.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\Plugins\in_midi.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\Plugins\in_wave.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\Plugins\in_mod.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\System\tagz.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\Plugins\dsp_sps.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\Plugins\enc_wma.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\System\f263.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\Plugins\in_nsv.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\Plugins\in_wm.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\System\alac.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\Shared\libmp4v2.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\Plugins\out_wasapi.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\Shared\read_file.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\Plugins\ml_transcode.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\System\pcm.w5sJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\Shared\tataki.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\Plugins\ml_history.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\Plugins\enc_vorbis.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeDropped PE file which has not been started: C:\Program Files (x86)\Winamp\Plugins\enc_lame.dllJump to dropped file
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeCode function: 0_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405D74
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeCode function: 0_2_0040699E FindFirstFileW,FindClose,0_2_0040699E
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeCode function: 0_2_0040290B FindFirstFileW,0_2_0040290B
Source: C:\Program Files (x86)\Winamp\Elevator.exeCode function: 8_2_00401ACD PathCombineW,FindFirstFileW,PathCombineW,DeleteFileW,MoveFileExW,MoveFileExW,FindNextFileW,FindClose,RemoveDirectoryW,8_2_00401ACD
Source: C:\Program Files (x86)\Winamp\Elevator.exeCode function: 8_2_0040B77A FindFirstFileExW,8_2_0040B77A
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeAPI call chain: ExitProcess graph end nodegraph_0-5046
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeAPI call chain: ExitProcess graph end nodegraph_0-5265
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile Volume queried: C:\Program Files (x86) FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeFile Volume queried: C:\Program Files (x86) FullSizeInformationJump to behavior
Source: in_cdda.dll.0.drBinary or memory string: .?AVMciPlay@@
Source: C:\Program Files (x86)\Winamp\Elevator.exeCode function: 8_2_00409968 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_00409968
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeCode function: 0_2_6F561BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_6F561BFF
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeCode function: 0_2_6F3A1407 CallWindowProcW,DestroyWindow,GetProcessHeap,HeapFree,0_2_6F3A1407
Source: C:\Program Files (x86)\Winamp\Elevator.exeCode function: 8_2_0040C8A7 mov eax, dword ptr fs:[00000030h]8_2_0040C8A7
Source: C:\Program Files (x86)\Winamp\Elevator.exeCode function: 8_2_004089F8 mov eax, dword ptr fs:[00000030h]8_2_004089F8
Source: C:\Program Files (x86)\Winamp\Elevator.exeCode function: 8_2_00403FEE SetUnhandledExceptionFilter,8_2_00403FEE
Source: C:\Program Files (x86)\Winamp\Elevator.exeCode function: 8_2_00409968 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_00409968
Source: C:\Program Files (x86)\Winamp\Elevator.exeCode function: 8_2_00403E5A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_00403E5A
Source: C:\Program Files (x86)\Winamp\Elevator.exeCode function: 8_2_004042E0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,8_2_004042E0
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall set rule name="Winamp" dir=in program="C:\Program Files (x86)\Winamp\winamp.exe" profile=private,public protocol=TCP new action=allow enable=yesJump to behavior
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall add rule name="Winamp" dir=in action=allow program="C:\Program Files (x86)\Winamp\winamp.exe" enable=yes profile=private,public protocol=TCPJump to behavior
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall set rule name="Winamp" dir=in program="C:\Program Files (x86)\Winamp\winamp.exe" profile=private,public protocol=UDP new action=allow enable=yesJump to behavior
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall add rule name="Winamp" dir=in action=allow program="C:\Program Files (x86)\Winamp\winamp.exe" enable=yes profile=private,public protocol=UDPJump to behavior
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.696484562.000000000330E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Winamp PE%d. %s [%02d:%02d/%s] [%02d:%02d]%XWinamp %c.%sico%dtray icon pack%s\%s%s - WinampTrayNotifyWndToolbarWindow32Shell_TrayWndIsWow64Processkernel32TaskbarCreatedShell_NotifyIconGetRectSHELL322.48link_proc%s %s%s\Plugins\Tray_Control\*.*%s\Plugins\Tray_Control\%s\*.icp%s\Plugins\Tray_Control\%s\%s%s\Plugins\Tray_Control\https://winampheritage.com/plugin/nullsoft-tray-control-plug-in-icon-pack/222396*.icpicp%s\Plugins\Tray_Control\%s\%s.icp%s\Plugins\Tray_Control\%s.icpwinamp.iniBENNullsoft Tray Controlcustomonico_packico_pack_safe%d
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ontopnoparentSkin:%s/Container:%s/Layout:%s/autoopacify%s/odim%s/rect%s/restoredrect%s/maximized%s/r%s/sm%s/sl%s/autoopacify%s/appbar%s/appbarontop%s/appbarhidden%s/appbarisautohide%s/appbarwantautohideNEXTPREVProgram ManagerInternet Explorer_ServerSysListView32%s/alpha1.Skin:%s/Container:%s/Layout:%s/alphaSkin:%s/Container:%s/Layout:%s
Source: winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: %f%X %X %X %X %X %X %X %X %X %X %X%08X %04X %04X %02X %02X %02X %02X %02X %02X %02X %02Xhttp://www.microsoft.com/download/details.aspx?id=35open%s.lnkProgram ManagerSHELLDLL_DefViewSysListView32Control Panel\Desktop\WindowMetricsShell Icon Sized3dx9_36.dlld3dx9_35.dlld3dx9_34.dlld3dx9_33.dlld3dx9_32.dlld3dx9_31.dlld3dx9_30.dlld3dx9_29.dlld3dx9_28.dlld3dx9_27.dlld3dx9_26.dlld3dx9_25.dlld3dx9_24.dllD3DXCreateFontWD3DXMatrixMultiplyD3DXMatrixTranslationD3DXMatrixScalingD3DXMatrixRotationXD3DXMatrixRotationYD3DXMatrixRotationZD3DXCreateTextureFromFileExWD3DXMatrixOrthoLHD3DXCompileShaderD3DXMatrixLookAtLHD3DXCreateTextureTEXT
Source: C:\Windows\SysWOW64\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Winamp\Elevator.exeCode function: 8_2_004040F5 cpuid 8_2_004040F5
Source: C:\Program Files (x86)\Winamp\Elevator.exeCode function: 8_2_00403D47 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,8_2_00403D47
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeCode function: 0_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403640

Lowering of HIPS / PFW / Operating System Security Settings

barindex
Uses netsh to modify the Windows network and firewall settings
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall set rule name="Winamp" dir=in program="C:\Program Files (x86)\Winamp\winamp.exe" profile=private,public protocol=TCP new action=allow enable=yes
Modifies the windows firewall
Source: C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall set rule name="Winamp" dir=in program="C:\Program Files (x86)\Winamp\winamp.exe" profile=private,public protocol=TCP new action=allow enable=yes

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts3
Command and Scripting Interpreter		1
DLL Search Order Hijacking		1
Access Token Manipulation		112
Masquerading		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		Exfiltration Over Other Network Medium1
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
System Shutdown/Reboot
Default Accounts1
Scripting		Boot or Logon Initialization Scripts12
Process Injection		2
Disable or Modify Tools		LSASS Memory1
Query Registry		Remote Desktop Protocol1
Clipboard Data		Exfiltration Over Bluetooth1
Non-Application Layer Protocol		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain Accounts1
Native API		Logon Script (Windows)1
DLL Search Order Hijacking		1
Access Token Manipulation		Security Account Manager21
Security Software Discovery		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
Application Layer Protocol		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)12
Process Injection		NTDS1
Process Discovery		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
Deobfuscate/Decode Files or Information		LSA Secrets3
File and Directory Discovery		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.common1
Scripting		Cached Domain Credentials25
System Information Discovery		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup Items2
Obfuscated Files or Information		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
Software Packing		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
DLL Search Order Hijacking		/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 676551 Sample: winamp59_9999_rc1_full_en-us.exe Startdate: 01/08/2022 Architecture: WINDOWS Score: 36 36 www.google.com 2->36 38 download.nullsoft.com 2->38 40 Antivirus detection for dropped file 2->40 42 Multi AV Scanner detection for submitted file 2->42 44 Flash file may contain encrypted javascript 2->44 8 winamp59_9999_rc1_full_en-us.exe 32 154 2->8         started        signatures3 process4 file5 28 C:\Program Files (x86)\Winamp\winamp.exe, PE32 8->28 dropped 30 C:\Program Files (x86)\...\ml_online.dll, PE32 8->30 dropped 32 C:\Users\user\AppData\...\nsis_winamp.dll, PE32 8->32 dropped 34 80 other files (none is malicious) 8->34 dropped 46 Sets file extension default program settings to executables 8->46 48 Uses netsh to modify the Windows network and firewall settings 8->48 50 Modifies the windows firewall 8->50 12 netsh.exe 3 8->12         started        14 netsh.exe 3 8->14         started        16 netsh.exe 3 8->16         started        18 2 other processes 8->18 signatures6 process7 process8 20 conhost.exe 12->20         started        22 conhost.exe 14->22         started        24 conhost.exe 16->24         started        26 conhost.exe 18->26         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
winamp59_9999_rc1_full_en-us.exe7%VirustotalBrowse
winamp59_9999_rc1_full_en-us.exe0%MetadefenderBrowse
winamp59_9999_rc1_full_en-us.exe19%ReversingLabsWin32.Trojan.Generic

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files (x86)\Winamp\Plugins\ml_online.dll100%AviraHEUR/AGEN.1229998
C:\Program Files (x86)\Winamp\Elevator.exe0%ReversingLabs
C:\Program Files (x86)\Winamp\Plugins\dsp_sps.dll0%MetadefenderBrowse
C:\Program Files (x86)\Winamp\Plugins\dsp_sps.dll0%ReversingLabs
C:\Program Files (x86)\Winamp\Plugins\enc_flac.dll0%ReversingLabs
C:\Program Files (x86)\Winamp\Plugins\enc_lame.dll0%MetadefenderBrowse
C:\Program Files (x86)\Winamp\Plugins\enc_lame.dll0%ReversingLabs
C:\Program Files (x86)\Winamp\Plugins\enc_vorbis.dll0%ReversingLabs
C:\Program Files (x86)\Winamp\Plugins\enc_wav.dll0%ReversingLabs
C:\Program Files (x86)\Winamp\Plugins\enc_wma.dll0%ReversingLabs
C:\Program Files (x86)\Winamp\Plugins\gen_crasher.dll0%ReversingLabs
C:\Program Files (x86)\Winamp\Plugins\gen_ml.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
download.nullsoft.com2%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://www.epitonic.com1%VirustotalBrowse
http://www.epitonic.com0%Avira URL Cloudsafe
http://www.mp3dev.org/ID3Error0%Avira URL Cloudsafe
http://www.tagstrance.com/0%Avira URL Cloudsafe
http://www.winamp.com.asx0%Avira URL Cloudsafe
https://revenant1.net/)0%Avira URL Cloudsafe
http://music.for-robots.com/0%Avira URL Cloudsafe
http://www.bfgtech.com/driverdownload.aspx0%Avira URL Cloudsafe
https://coda.s3m.us/)0%Avira URL Cloudsafe
http://betterpropaganda.com/0%Avira URL Cloudsafe
https://mpg123.de/0%Avira URL Cloudsafe
http://www.nullsoft.com/free/milkdrop/0%Avira URL Cloudsafe
http://skinconsortium.com/index.php?page=Downloads&amp;typeID=10%Avira URL Cloudsafe
http://www.eachnotesecure.com/0%Avira URL Cloudsafe
http://tripjam.blogspot.co.uk/0%Avira URL Cloudsafe
http://www.nullsoft.com/free/milkdrop0%Avira URL Cloudsafe
https://joaobapt.com/)0%Avira URL Cloudsafe
http://soul-sides.com/0%Avira URL Cloudsafe
https://source.openmpt.org/svn/openmpt/trunk/OpenMPT2022-05-13T04:56:00Z0%Avira URL Cloudsafe
https://bel.fi/alankila/modguide/interpolate.txt0%Avira URL Cloudsafe
http://www.allwinampskins.com/0%Avira URL Cloudsafe
http://www.visiontek.com/teksupport/drivers/drivers.html0%Avira URL Cloudsafe
http://sophiesfloorboard.blogspot.co.uk/0%Avira URL Cloudsafe
http://www.fluxblog.org/0%Avira URL Cloudsafe
http://www.traxinspace.com0%Avira URL Cloudsafe
http://buffalotones.blogspot.co.uk/0%Avira URL Cloudsafe
http://uploadgeneration.info/Winamp/www.winamp.com/skins.html0%Avira URL Cloudsafe
http://www.aural-innovations.com/main/main.html0%Avira URL Cloudsafe
http://avs.acko.net/0%Avira URL Cloudsafe
http://www.geisswerks.com/milkdrop/Milkdrop20%Avira URL Cloudsafe
http://html4/loose.dtd0%Avira URL Cloudsafe
http://www.kahvi.org/0%Avira URL Cloudsafe
http://www.via.com.tw/en/products/graphics/0%Avira URL Cloudsafe
http://127.0.0.1:artistalbumtitlehttps://help.winamp.com/hc/articles/8106455294612-Winamp-Portables-0%Avira URL Cloudsafe
http://blog.largeheartedboy.com/0%Avira URL Cloudsafe
http://www.saidthegramophone.com/0%Avira URL Cloudsafe
https://lib.openmpt.org/https://lib.openmpt.org/libopenmpt/download/https://forum.openmpt.org/https:0%Avira URL Cloudsafe
http://schismtracker.org/0%Avira URL Cloudsafe
http://somuchsilence.com/0%Avira URL Cloudsafe
http://www.laridae.at0%Avira URL Cloudsafe
http:///.%s&=.wma%s?.wmaREPEATcountPARAMnamevaluestationencoding&amp;GETRef%dReference&=.wma?.wma0%Avira URL Cloudsafe
http://www.milkdrop.co.uk/0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
www.google.com
142.250.203.100
truefalse
    		high
    download.nullsoft.com
    		146.59.161.88
    		truefalseunknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://www.epitonic.comwinamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
    • 1%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    http://zamuz.deviantart.comwinamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
      		high
      http://www.mp3dev.org/ID3Errorenc_lame.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://twitter.com/daniel_collinin_mod.dll.0.drfalse
        		high
        https://xiph.org/ogg/in_mod.dll.0.drfalse
          		high
          http://www.idolator.com/winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
            		high
            http://www.winamp.com/skins/search/?s=m&q=winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
              		high
              http://www.hyperionics.comwinamp59_9999_rc1_full_en-us.exe, 00000000.00000002.694185077.0000000002EBB000.00000004.00000800.00020000.00000000.sdmpfalse
                		high
                http://pishiru.deviantart.comwinamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  http://www.tagstrance.com/winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.blogotheque.net/winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    http://www.fraps.com/winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.694185077.0000000002EBB000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://www.winamp.com/winamp59_9999_rc1_full_en-us.exefalse
                        		high
                        http://modarchive.org/winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://ati.amd.com/support/driver.htmlwinamp59_9999_rc1_full_en-us.exe, 00000000.00000002.694185077.0000000002EBB000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://www.winamp.com.asxin_wm.dll.0.drfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.winamp.com/plugins/search/?q=winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://revenant1.net/)in_mod.dll.0.drfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://music.for-robots.com/winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://help.winamp.com/hc/articles/8109547717268-Winamp-Playlistsml_playlists.dll.0.drfalse
                                		high
                                https://github.com/viiri/st2playin_mod.dll.0.drfalse
                                  		high
                                  http://www.bfgtech.com/driverdownload.aspxwinamp59_9999_rc1_full_en-us.exe, 00000000.00000002.694185077.0000000002EBB000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://coda.s3m.us/)in_mod.dll.0.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://betterpropaganda.com/winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://mpg123.de/in_mod.dll.0.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://musopen.org/winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.nullsoft.com/free/milkdrop/winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.694185077.0000000002EBB000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.pollstar.com/tour/searchall.pl?By=All&Content=winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://skinconsortium.com/index.php?page=Downloads&amp;typeID=1winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://help.winamp.com/hc/articles/8105304048660-The-Winamp-Media-Libraryzml_local.dll.0.drfalse
                                        		high
                                        http://www.eachnotesecure.com/winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://tripjam.blogspot.co.uk/winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.matrox.com/graphics/en/corpo/support/drivers/home.phpwinamp59_9999_rc1_full_en-us.exe, 00000000.00000002.694185077.0000000002EBB000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://forums.winamp.com/forumdisplay.php?forumid=81winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.694185077.0000000002EBB000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://help.winamp.com/hc/articles/8105244490772-Player-Overviewml_local.dll.0.drfalse
                                              		high
                                              http://www.nullsoft.com/free/milkdropwinamp59_9999_rc1_full_en-us.exe, 00000000.00000002.694185077.0000000002EBB000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www2.pny.com/support/support.aspxwinamp59_9999_rc1_full_en-us.exe, 00000000.00000002.694185077.0000000002EBB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://search.winamp.com/search/search?invocationType=en00-winamp-553--clientpage&query=winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://www.nvidia.com/page/drivers.htmlwinamp59_9999_rc1_full_en-us.exe, 00000000.00000002.694185077.0000000002EBB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://services.winamp.com/svc/rating?svc_id=%u&unique_id=%s&rating=%daddremovehttp://services.winamml_online.dll.0.drfalse
                                                      		high
                                                      http://www.bandsintown.com/winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://www.hotmixradio.frwinamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://search.winamp.com/search/afe?query=winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.purevolume.com/winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://joaobapt.com/)in_mod.dll.0.drfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://flac.sf.net/2.45bitrate755extensionflacUxTheme.dllKERNEL32.DLLAcquireSRWLockExclusiveReleaseSenc_flac.dll.0.drfalse
                                                                		high
                                                                http://soul-sides.com/winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://client.winamp.com/nowplaying/artist/?icid=winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://source.openmpt.org/svn/openmpt/trunk/OpenMPT2022-05-13T04:56:00Zin_mod.dll.0.drfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://nsis.sf.net/NSIS_ErrorErrorwinamp59_9999_rc1_full_en-us.exefalse
                                                                    		high
                                                                    https://bel.fi/alankila/modguide/interpolate.txtin_mod.dll.0.drfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://winampheritage.com/plugin/nullsoft-tray-control-plug-in-icon-pack/222396winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.696484562.000000000330E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://hearthis.at/categories/winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.allwinampskins.com/winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://www.winamp.com/legal/abuse?svc_id=%u&unique=%sInfohttp://client.winamp.com/service/detail/%s/ml_online.dll.0.drfalse
                                                                          		high
                                                                          https://www.mixcloud.com/discover/winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.evga.com/support/drivers/winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.694185077.0000000002EBB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://help.winamp.com/hc/articles/8105244490772-Player-Overviewopen%.36s...?artistml_local.dll.0.drfalse
                                                                                		high
                                                                                http://www.visiontek.com/teksupport/drivers/drivers.htmlwinamp59_9999_rc1_full_en-us.exe, 00000000.00000002.694185077.0000000002EBB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://www.gorillavsbear.net/winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://www.winamp.comml_wire.dll.0.drfalse
                                                                                    		high
                                                                                    http://sophiesfloorboard.blogspot.co.uk/winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    http://slirsredirect.search.aol.com/redirector/sredir?sredir=1840&invocationType=en00-winamp-55--ws&winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://jay-fatboy.deviantart.comwinamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://www.fluxblog.org/winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://www.traxinspace.comwinamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://freemusicarchive.org/winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://search.winamp.com/search/search?invocationType=enus-winamp-553--as&query=winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://buffalotones.blogspot.co.uk/winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://uploadgeneration.info/Winamp/www.winamp.com/skins.htmlwinamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://winampheritage.com/skinswinamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://www.aural-innovations.com/main/main.htmlwinamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              http://avs.acko.net/winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              http://www.geisswerks.com/milkdrop/Milkdrop2winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              https://github.com/lclevy/unmo3in_mod.dll.0.drfalse
                                                                                                		high
                                                                                                http://www.progarchives.com/winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://soundcloud.comwinamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://www.shoutcast.comwinamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://html4/loose.dtdwinamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		low
                                                                                                      http://www.kahvi.org/winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      http://www.sis.com/download/winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.694185077.0000000002EBB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://www.via.com.tw/en/products/graphics/winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.694185077.0000000002EBB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://client.winamp.com/podcasts$ml_wire.dll.0.drfalse
                                                                                                          		high
                                                                                                          http://www.daytrotter.com/winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://127.0.0.1:artistalbumtitlehttps://help.winamp.com/hc/articles/8106455294612-Winamp-Portables-winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.696484562.000000000330E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		low
                                                                                                            http://client.winamp.com/nowplaying/artist/?icid=notifiermodern&artistName=winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://blog.largeheartedboy.com/winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              http://www.saidthegramophone.com/winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              http://broadband-albumart.music.aol.com/scan/winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://help.shoutcast.com/hc/sections/360003346493-Winamp-for-Windowswinamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://lib.openmpt.org/https://lib.openmpt.org/libopenmpt/download/https://forum.openmpt.org/https:in_mod.dll.0.drfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  http://schismtracker.org/in_mod.dll.0.drfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  http://search.winamp.com/winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://somuchsilence.com/winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    http://www.laridae.atwinamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    https://help.winamp.com/hc/articles/8112346487060-Podcast-Directory1ispodcastpodcastchannelpodcastpuml_wire.dll.0.drfalse
                                                                                                                      		high
                                                                                                                      http://forums.winamp.com/showthread.php?threadid=276371winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http:///.%s&=.wma%s?.wmaREPEATcountPARAMnamevaluestationencoding&amp;GETRef%dReference&=.wma?.wmain_wm.dll.0.drfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		low
                                                                                                                        http://www.milkdrop.co.uk/winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.694185077.0000000002EBB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        http://slirsredirect.search.aol.com/redirector/sredir?sredir=1841&invocationType=en00-winamp-55--as&winamp59_9999_rc1_full_en-us.exe, 00000000.00000002.687903585.0000000002763000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high

                                                                                                                          World Map of Contacted IPs

                                                                                                                          No contacted IP infos

                                                                                                                          General Information

                                                                                                                          Joe Sandbox Version:35.0.0 Citrine
                                                                                                                          Analysis ID:676551
                                                                                                                          Start date and time: 01/08/202210:44:142022-08-01 10:44:14 +02:00
                                                                                                                          Joe Sandbox Product:CloudBasic
                                                                                                                          Overall analysis duration:0h 9m 17s
                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                          Report type:full
                                                                                                                          Sample file name:winamp59_9999_rc1_full_en-us.exe
                                                                                                                          Cookbook file name:default.jbs
                                                                                                                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                          Number of analysed new started processes analysed:29
                                                                                                                          Number of new started drivers analysed:0
                                                                                                                          Number of existing processes analysed:0
                                                                                                                          Number of existing drivers analysed:0
                                                                                                                          Number of injected processes analysed:0
                                                                                                                          Technologies:
                                                                                                                          • HCA enabled
                                                                                                                          • EGA enabled
                                                                                                                          • HDC enabled
                                                                                                                          • AMSI enabled
                                                                                                                          Analysis Mode:default
                                                                                                                          Analysis stop reason:Timeout
                                                                                                                          Detection:SUS
                                                                                                                          Classification:sus36.evad.winEXE@15/116@2/0
                                                                                                                          EGA Information:
                                                                                                                          • Successful, ratio: 100%
                                                                                                                          HDC Information:
                                                                                                                          • Successful, ratio: 61.8% (good quality ratio 59.4%)
                                                                                                                          • Quality average: 87%
                                                                                                                          • Quality standard deviation: 24.5%
                                                                                                                          HCA Information:
                                                                                                                          • Successful, ratio: 100%
                                                                                                                          • Number of executed functions: 86
                                                                                                                          • Number of non-executed functions: 80
                                                                                                                          Cookbook Comments:
                                                                                                                          • Found application associated with file extension: .exe
                                                                                                                          • Adjust boot time
                                                                                                                          • Enable AMSI

                                                                                                                          Warnings

                                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
                                                                                                                          • Excluded domains from analysis (whitelisted): www.bing.com, ris.api.iris.microsoft.com, client.wns.windows.com, licensing.mp.microsoft.com, fs.microsoft.com, store-images.s-microsoft.com, login.live.com, sls.update.microsoft.com, ctldl.windowsupdate.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.

                                                                                                                          Simulations

                                                                                                                          Behavior and APIs

                                                                                                                          No simulations

                                                                                                                          Joe Sandbox View / Context

                                                                                                                          IPs

                                                                                                                          No context

                                                                                                                          Domains

                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                          www.google.com_EHIDmI62wV_eml.htmGet hashmaliciousBrowse
                                                                                                                          • 142.250.185.100
                                                                                                                          http://www.shushanshuyuan.com/where-to-buy.htmlGet hashmaliciousBrowse
                                                                                                                          • 142.250.203.100
                                                                                                                          http://www.shushanshuyuan.com/dog-food.htmlGet hashmaliciousBrowse
                                                                                                                          • 142.250.203.100
                                                                                                                          http://www.shushanshuyuan.com/special-offers.htmlGet hashmaliciousBrowse
                                                                                                                          • 142.250.203.100
                                                                                                                          PC_0293703-1.exeGet hashmaliciousBrowse
                                                                                                                          • 142.250.184.68
                                                                                                                          https://online-a.oni-ks.com/?R_i=axxxx@mdxxxxxxxxxs.comGet hashmaliciousBrowse
                                                                                                                          • 142.250.184.68
                                                                                                                          https://jw3sj9du.app.link/Get hashmaliciousBrowse
                                                                                                                          • 142.250.184.68
                                                                                                                          895GE.exeGet hashmaliciousBrowse
                                                                                                                          • 142.250.184.68
                                                                                                                          C6EB=8JHB39FI9B.exeGet hashmaliciousBrowse
                                                                                                                          • 142.250.184.68
                                                                                                                          https://www.kt-ft-jan.com/k/62d67c4b9ca70d000863e258?lid#dlwdallmi-labor@maryland.gov&00-90-98499-01-9eGet hashmaliciousBrowse
                                                                                                                          • 142.250.203.100
                                                                                                                          http://www.hirelbs.comGet hashmaliciousBrowse
                                                                                                                          • 142.250.203.100
                                                                                                                          Pacific Petroleum inc - Statement 25.07.2022.xlsxGet hashmaliciousBrowse
                                                                                                                          • 142.250.203.100
                                                                                                                          Pacific Petroleum inc - Statement 25.07.2022.xlsxGet hashmaliciousBrowse
                                                                                                                          • 142.250.203.100
                                                                                                                          Pacific Petroleum inc - Statement 25.07.2022.xlsxGet hashmaliciousBrowse
                                                                                                                          • 142.250.203.100
                                                                                                                          https://www.canva.com/design/DAFHy2NUYdA/h2lCJEO7uYzOXsdlQRDEyA/view?utm_content=DAFHy2NUYdA&utm_campaign=designshare&utm_medium=link&utm_source=publishsharelinkGet hashmaliciousBrowse
                                                                                                                          • 142.250.203.100
                                                                                                                          https://securepubads.g.doubleclick.net/pcs/view?adurl=http%3a%2f%2fwww.RealpageRealpage.cirurgiaplasticarecife.com.br/#.aHR0cHM6Ly9leG5paGlsby5jby8ud2VsbC1rbm93bi9vZmYjd2hpdG5leS5tY2dpbm5pc0ByZWFscGFnZS5jb20Get hashmaliciousBrowse
                                                                                                                          • 142.250.203.100
                                                                                                                          https://sites.google.com/view/8b7t34/homeGet hashmaliciousBrowse
                                                                                                                          • 142.250.203.100
                                                                                                                          https://www.heathersettlement.net/Get hashmaliciousBrowse
                                                                                                                          • 142.250.203.100
                                                                                                                          https://www.amberjack.shopGet hashmaliciousBrowse
                                                                                                                          • 142.250.203.100
                                                                                                                          https://2itchyfeets.comGet hashmaliciousBrowse
                                                                                                                          • 142.250.203.100

                                                                                                                          ASNs

                                                                                                                          No context

                                                                                                                          JA3 Fingerprints

                                                                                                                          No context

                                                                                                                          Dropped Files

                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                          C:\Program Files (x86)\Winamp\Plugins\dsp_sps.dllwinamp58_3660_beta_full_en-us.exeGet hashmaliciousBrowse

                                                                                                                            Created / dropped Files

                                                                                                                            C:\Program Files (x86)\Winamp\Elevator.exe

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):191824
                                                                                                                            Entropy (8bit):6.15472772719227
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:GG4HkEZ+dvAWd5Ik2stTqaK0bgti41lHAbMzx8u3xnyWmy57eVue/mhmWP:eQdvZ8iqli4qMvxyWm32
                                                                                                                            MD5:4DCA168AC0EE99081097BBBFB61CE6BE
                                                                                                                            SHA1:C439CEC675A319F3CB8E2EE29B8BF6BC5D9C0E35
                                                                                                                            SHA-256:E27ABACA6D598B5045C82DC8CC0924B557BF7871523E76EF061192CD90425BB4
                                                                                                                            SHA-512:53AE11717411E4566FEE6E9C37B2A88A4B609303E53A5993CBAA6E1E034C0D15D3E5A2D85CDAF81BCE5C441D66A987E2001EDCEE8D9EA07070C51356C7DBB321
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........t............~.....~.......zS.....`......`......`.....~.....~............O`.....O`.....O`Q.....9....O`.....Rich............................PE..L...)".b.................6...........:.......P....@..................................K......................................,...........(...............P-.............................................@............P...............................text.../5.......6.................. ..`.rdata.......P.......:..............@..@.data...t...........................@....rsrc...(...........................@..@................................................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\DSP_SPS\cockos - octave down.sps

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1762
                                                                                                                            Entropy (8bit):4.218147300889856
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:y4Gi/i50Sa8kD+C61AW61mPFPzKVebzZ/JbQNAgpL2gCPJv:y950SEvGAWGmdwcf8fnEh
                                                                                                                            MD5:01B592A27A4E65A94ED0A7852B888C95
                                                                                                                            SHA1:B9033111FC859388401801BDAE68E79B5262DEE9
                                                                                                                            SHA-256:D08BD3AA5105B6B026D357B6643266BE50F61C41E86428F3E5DB6D5AF653E70D
                                                                                                                            SHA-512:162083F6BE640B9A8E16630124C1176D67BA9A52C3E3D61B70C82E466AA387A32A73460E02B04A86D90E988050B7C53B62B0EB2A4E3F6740A1986FEB0D7DA5F8
                                                                                                                            Malicious:false
                                                                                                                            Preview:[SPS PRESET]..slider1=500..slider2=500..slider3=0..slider4=0..labels_0_0=chunksize..labels_0_1=200ms..labels_0_2=10ms..labels_1_0=overlap..labels_1_1=max..labels_1_2=min..labels_2_0=..labels_2_1=..labels_2_2=..labels_3_0=..labels_3_1=..labels_3_2=..code0_size=152..code0_data=2F2A20436F70797269676874202843292032303034202D20436F636B6F7320496E636F72706F72617465640D0A7777772E636F636B6F732E636F6D202D2073656E6420757320796F75720D0A696D70726F7665642076657273696F6E7320696620796F75206C696B652E0D0A20202020204672656520666F7220706572736F6E616C206F7220636F6D6D65726369616C207573650D0A2A2FFF..code1_size=448..code1_data=6862703D627566706F732636353533343B0D0A7330723D6D6567616275662862756673697A652B686270293B202F2F2072656164207468657365206561726C790D0A7331723D6D6567616275662862756673697A652B6862702B31293B0D0A0D0A61737369676E286D65676162756628627566706F732A32292C73706C30293B0D0A61737369676E286D65676162756628627566706F732A322B31292C73706C31293B0D0A0D0A69662862656C6F7728627566706F732C7273706F73292C0D0A20206

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\DSP_SPS\cockos - octave up.sps

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):5072
                                                                                                                            Entropy (8bit):3.6293199067819097
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:48:yJ50SErp14J26cl6c1FRlyc1Fu1Eqc1ck1ECc1c/M1SRcoT7VL807DynC:Syrp1ywb/VLJ7DyC
                                                                                                                            MD5:07E788BE76B4C698D0EAA8DDD11DAF18
                                                                                                                            SHA1:9DF6B02908A0CDD240C468607728B1532D20B743
                                                                                                                            SHA-256:EEAC376DCBFB2A16AEC1E4EF6F3CB9FAC98A8DB062A6382DDCEA6E9EC9EB1808
                                                                                                                            SHA-512:CA792EE98B9BB4FB48A94259A66B441D58FEC5EE8FB6BFAD933F79857B81D5E4E80C6E3222F14F3C63A9CFF8CC4E25B40639764AB4182367E6B5CFD45120A5D5
                                                                                                                            Malicious:false
                                                                                                                            Preview:[SPS PRESET]..slider1=414..slider2=0..slider3=0..slider4=0..labels_0_0=chunksize..labels_0_1=200ms..labels_0_2=10ms..labels_1_0=..labels_1_1=..labels_1_2=..labels_2_0=..labels_2_1=..labels_2_2=..labels_3_0=..labels_3_1=..labels_3_2=..code0_size=152..code0_data=2F2A20436F70797269676874202843292032303034202D20436F636B6F7320496E636F72706F72617465640D0A7777772E636F636B6F732E636F6D202D2073656E6420757320796F75720D0A696D70726F7665642076657273696F6E7320696620796F75206C696B652E0D0A20202020204672656520666F7220706572736F6E616C206F7220636F6D6D65726369616C207573650D0A2A2FFF..code1_size=2008..code1_data=0D0A61737369676E286D656761627566287265636275662B726563706F732A32292C73706C30293B0D0A61737369676E286D656761627566287265636275662B726563706F732A322B31292C73706C31293B0D0A0D0A69662862656C6F7728706C6179706F732C7162737A292C200D0A202020202F2F2066697273742071756172746572202866697273742068616C66206F6620666972737420626C6F636B290D0A2020202061737369676E2873706C302C6D65676162756628706C61796275662B706C6179706F732

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\DSP_SPS\cockos - pitch down.sps

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):2113
                                                                                                                            Entropy (8bit):4.13185632178424
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:yhiG9Qei50Sa8kD+Dm6aHPFPzKVmybzn/h6LbcNAgvd4P6:ygGO50SE0QdwmYU34fvdm6
                                                                                                                            MD5:57510DE600C5D88BFB18B2234DED89BB
                                                                                                                            SHA1:329F676A020BFA9C3067721B4BF34457708E59DD
                                                                                                                            SHA-256:DE99CA9F781E31F9324B223312F3D74C410F9D34C3C8D918D71BBFE719E502E4
                                                                                                                            SHA-512:6B41FFC2A9B497D3708880DB6DD723FBC9630FD9E929F4FBC92F99E1447DD5F53622A026F3F66B62E4E0A16CA741896DE9E095A58A6BCB256EF66E0E39CA1F43
                                                                                                                            Malicious:false
                                                                                                                            Preview:[SPS PRESET]..slider1=500..slider2=98..slider3=0..slider4=0..labels_0_0=pitch..labels_0_1=norm..labels_0_2=bottom..labels_1_0=overlap..labels_1_1=max..labels_1_2=none..labels_2_0=..labels_2_1=..labels_2_2=..labels_3_0=..labels_3_1=..labels_3_2=..code0_size=236..code0_data=2F2A20436F70797269676874202843292032303034202D20436F636B6F7320496E636F72706F72617465640D0A7777772E636F636B6F732E636F6D202D2073656E6420757320796F75720D0A696D70726F7665642076657273696F6E7320696620796F75206C696B652E0D0A20202020204672656520666F7220706572736F6E616C206F7220636F6D6D65726369616C207573650D0A2A2F0D0A0D0A62756673697A653D73726174652A302E3030312A38303B202F2F20746865206C617374206F6E65206973206D730D0A62756673697A653D62756673697A652636353533343B0D0A627566706F733D303B72..code1_size=529..code1_data=6862703D2828627566706F73202A2073636C297C30292A323B0D0A0D0A2F2F207072652072656164207468657365206265666F72652077726974696E670D0A7330723D6D656761627566287272696C656E2B686270293B0D0A7331723D6D656761627566287272696C656E2B6862702B

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\DSP_SPS\cockos - variable length delay.sps

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1916
                                                                                                                            Entropy (8bit):4.2701999741221
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:y3HxigR0L5i50Sa8kD+dNFay3wKRxO1xge1rBcfEP4DrL4CSYDDMxvRnl5lCSCBF:y3xM850SEUN3HAQMCSbvRlDCSvD/y
                                                                                                                            MD5:F097AE4E51B37A55DEB2027DF986FE99
                                                                                                                            SHA1:1CD3C6C092F35BF989F6683E799B8012EF847A0D
                                                                                                                            SHA-256:7C674B1655E11D647B2B8046C83CBFFFB6DAB38D5F26E4DD26CA246EF07834A1
                                                                                                                            SHA-512:FB9919983610BC64CE019871547CAA452C0D187238604C58E2FCF23BC3475EBFCF85E01E1BE8EBFBBCDDABB22A1C34FFB3AC86ED2FB736A7052E91C66F160D92
                                                                                                                            Malicious:false
                                                                                                                            Preview:[SPS PRESET]..slider1=1000..slider2=299..slider3=1000..slider4=466..labels_0_0=len..labels_0_1=1s..labels_0_2=0s..labels_1_0=interval..labels_1_1=10s..labels_1_2=0s..labels_2_0=amount..labels_2_1=1..labels_2_2=0..labels_3_0=mix..labels_3_1=wet..labels_3_2=dry..code0_size=167..code0_data=2F2A20436F70797269676874202843292032303034202D20436F636B6F7320496E636F72706F72617465640D0A7777772E636F636B6F732E636F6D202D2073656E6420757320796F75720D0A696D70726F7665642076657273696F6E7320696620796F75206C696B652E0D0A20202020204672656520666F7220706572736F6E616C206F7220636F6D6D65726369616C207573650D0A2A2F0D0A0D0A64656C6179706F733D303B36..code1_size=411..code1_data=6470706F73203D206470706F732B6470706F7373633B0D0A64706261636B203D202873696E286470706F73292B31292A64706261636B73633B0D0A6470696E74203D2028282864656C6179706F732D64706261636B292B64656C61796C656E292564656C61796C656E292A323B0D0A0D0A6F73313D6D656761627566286470696E74293B0D0A6F73323D6D656761627566286470696E742B31293B0D0A0D0A6470696E74203D2064656C6179706

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\DSP_SPS\justin - delay (with feedback).sps

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):815
                                                                                                                            Entropy (8bit):4.645128456355861
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:yRULv/vfpkyze1ryWoKlSIEpr+D7egaqf:yRqPpk4ZWoKlS1DQf
                                                                                                                            MD5:597AA6B353C6318CFFB90D35AECD1931
                                                                                                                            SHA1:AC8A742488A3D0AD77EDD447E4C996A092365FB6
                                                                                                                            SHA-256:53F910F3EE3AE5C775618B2957FA09697B5088BC233D8E40F80CD0A26616AD3D
                                                                                                                            SHA-512:4D521272B1BA6BF52FF8F25B4F319DBF86AEE07C48EE20AA407D6EDBA3B22C52A6D33639D12985D1DB42D134024B365901780271A8E33158338314B2F72174A9
                                                                                                                            Malicious:false
                                                                                                                            Preview:[SPS PRESET]..slider1=784..slider2=895..slider3=716..labels_0_0=delaytime..labels_0_1=1s..labels_0_2=0..labels_1_0=wet..labels_1_1=+0..labels_1_2=-inf..labels_2_0=dry..labels_2_1=+0..labels_2_2=-inf..code0_size=0..code0_data=00..code1_size=263..code1_data=6470696E74203D202864656C6179706F737C30292A323B0D0A6F73313D6D656761627566286470696E74293B0D0A6F73323D6D656761627566286470696E742B31293B0D0A0D0A73706C303D73706C302A736C69646572332B6F73312A736C69646572323B0D0A73706C313D73706C312A736C69646572332B6F73322A736C69646572323B0D0A0D0A0D0A61737369676E286D656761627566286470696E74292C73706C30293B0D0A61737369676E286D656761627566286470696E742B31292C73706C31293B0D0A64656C6179706F733D6966280D0A61626F76652864656C6179706F732C736C6964657231202A207372617465292C0D0A302C64656C6179706F732B31293B58..code2_size=0..code2_data=00..

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\DSP_SPS\justin - huge massive speederupper.sps

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):460
                                                                                                                            Entropy (8bit):4.779099877616762
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6:yQ+Wx3JHy9s+sU+kAoBl0Kei8vyvaZTvuqlQ1i1HV9NFUmTZxTuql3Trf:yOxJoRnSvjTd19ThFXf
                                                                                                                            MD5:758D7C4195DA318616A276D0AE37202D
                                                                                                                            SHA1:8E8D801DE22740AD71023CE7A5115E3928FD1F1F
                                                                                                                            SHA-256:A24AC3A1DF151EDF2BC8927C8502A9113452170F8D8B66AF5D4121DC2AD39F7A
                                                                                                                            SHA-512:44341E362767EF6CA05BA8CBD842D504225FB684971DE4F16F7874D757BFDB2B99A037897DF8368009C893D80C32DAC358833B573C99DE25A6F5BC8EBC91A304
                                                                                                                            Malicious:false
                                                                                                                            Preview:[SPS PRESET]..slider1=235..slider2=0..slider3=0..labels_0_0=speedup..labels_0_1=20x..labels_0_2=none..labels_1_0=..labels_1_1=..labels_1_2=..labels_2_0=..labels_2_1=..labels_2_2=..code0_size=6..code0_data=706F733D303BFA..code1_size=90..code1_data=6375746F66663D736C69646572312A32303B0D0A666F6F3D62656C6F77286375746F66662C706F73293B0D0A736B69703D626E6F7428666F6F293B0D0A706F733D696628666F6F2C706F732D6375746F66662C706F732B31293B60..code2_size=0..code2_data=00..

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\DSP_SPS\justin - loop sampler.sps

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):5759
                                                                                                                            Entropy (8bit):3.7022940445772026
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:48:yxRyF4DfTvzdCyF649swt9yFkVvSe4gOMWoQalrs1/lqnWnl2LlMlKqXFTuQTuaI:wy2zF4cswLyWVvSeDOMWoQr0Wc615E
                                                                                                                            MD5:930332C7D7D9406939F339B9BA50D283
                                                                                                                            SHA1:751F634C5F7AC18FAE03E6DD237078E585D9C770
                                                                                                                            SHA-256:34959970447081E809DD6B62231136EE96A13FEDA55E77CAFBE85CBA37FE1DC8
                                                                                                                            SHA-512:6B21BE5E3B3B8D94A58A56671879BB209A4B515220430D9EE211F772763995B19B34896E69829E200F6A99D20B0F969CF0AF0FD1694A21F64B6B0E4F16EDDB9B
                                                                                                                            Malicious:false
                                                                                                                            Preview:[SPS PRESET]..slider1=1000..slider2=1000..slider3=1000..slider4=1000..labels_0_0=idle mix..labels_0_1=loud..labels_0_2=quiet..labels_1_0=play mix..labels_1_1=sample..labels_1_2=clean..labels_2_0=record mix..labels_2_1=new..labels_2_2=old..labels_3_0=playlen..labels_3_1=full..labels_3_2=none..code0_size=254..code0_data=2F2A2074726967676572203120737461727473207265636F7264696E670D0A202020207472696767657220322073746F7073207265636F7264696E67202B206C6F6F70656420706C61790D0A202020207472696767657220332073746F7073207265636F7264696E67202B206F6E6520706C61790D0A2020202074726967676572203420746F67676C65732068616C6673706565642C2064626C3D726576657273650D0A2A2F0D0A0D0A6973706C61793D303B2069737265633D303B0D0A7265636C656E3D303B20726563706F733D303B0D0A706C6179706F733D303B0D0A73706565643D313B0D0A726576657273653D303B0D0A6C61737474343D303BF1..code1_size=2251..code1_data=6966202874726967342C0D0A202020202065786563320D0A2020202020280D0A202020202020202061737369676E2873706565642C696628657175616C2873706565642C3129

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\DSP_SPS\justin - low res delay.sps

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1227
                                                                                                                            Entropy (8bit):4.546808438627479
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:yEv/vJPu0k4ze1rcckeEHzq89rHCS7WoKlSp4urOqDeIf+8aqSw:yaZrkK/ckXzq8jCS7WoKlSu9af+7w
                                                                                                                            MD5:ED32351B2742C08E8DF8333C19836320
                                                                                                                            SHA1:5290CAB50CC8D5430652BAD1C131B7469FA8D163
                                                                                                                            SHA-256:42F430F77F32C42F60DAE9D00450580426C103C7C6DE27A414E704162046A220
                                                                                                                            SHA-512:FC7451B646125C33C0B5D7055017C14418C4E667ECF9A77A923AADB4C74338404B86A70D5CD172517C712E41BB453EFDD2E854A14A0FFB46B0C8BF990AA1EC36
                                                                                                                            Malicious:false
                                                                                                                            Preview:[SPS PRESET]..slider1=115..slider2=500..slider3=654..labels_0_0=delaytime..labels_0_1=1s..labels_0_2=0..labels_1_0=wet..labels_1_1=full..labels_1_2=-inf..labels_2_0=dry..labels_2_1=full..labels_2_2=-inf..code0_size=0..code0_data=00..code1_size=368..code1_data=6470696E74203D202864656C6179706F737C30292A323B0D0A6F73313D6D656761627566286470696E74293B0D0A6F73323D6D656761627566286470696E742B31293B0D0A0D0A6E6577313D28282873706C30292A7265736F6C297C30292A696E767265736C2A736C6964657233202B206F73312A736C69646572323B0D0A6E6577323D28282873706C31292A7265736F6C297C30292A696E767265736C2A736C6964657233202B206F73322A736C69646572323B0D0A0D0A73706C303D73706C302A736C69646572332B6F73312A736C69646572323B0D0A73706C313D73706C312A736C69646572332B6F73322A736C69646572323B0D0A0D0A61737369676E286D656761627566286470696E74292C6E657731293B0D0A61737369676E286D656761627566286470696E742B31292C6E657732293B0D0A64656C6179706F733D6966280D0A61626F76652864656C6179706F732C64656C61796C656E292C0D0A302C64656C6179706F732B31293B26..

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\DSP_SPS\justin - mix to mono.sps

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):397
                                                                                                                            Entropy (8bit):4.70892894657438
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6:yQ+G3JZf+sU+2DWeK2wuAii2gwF40TMt9c/7t6svv:yuY9DWeK2wccwF40Tp77v
                                                                                                                            MD5:22E5D535AFD0DC9985171FB3E4CBE3CF
                                                                                                                            SHA1:C0C8D7255F91E3AEE1762C616757FF38C322B18D
                                                                                                                            SHA-256:6906064AF46113B39CC44AFC758142A0447975402AC3DC54D1D2D53029EDB55B
                                                                                                                            SHA-512:D6B40AFE86B283C910418C9DFA47210BE44DB575DF99DAEC0C19DAC18F02BB43C1F86549CAE19F203B7AA1C53E8E1A9EBBDC394A36D463D4586344F1C26BDB3B
                                                                                                                            Malicious:false
                                                                                                                            Preview:[SPS PRESET]..slider1=0..slider2=0..slider3=0..labels_0_0=..labels_0_1=..labels_0_2=..labels_1_0=..labels_1_1=..labels_1_2=..labels_2_0=..labels_2_1=..labels_2_2=..code0_size=0..code0_data=00..code1_size=87..code1_data=0D0A2F2F20696620776527726520616C7265616479206D6F6E6F2C20776520646F206E6F7468696E670D0A73706C303D696628657175616C286E63682C32292C2873706C302B73706C31292A302E352C73706C30293B20C8..

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\DSP_SPS\justin - resolution reduction.sps

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):498
                                                                                                                            Entropy (8bit):4.769056644721317
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6:yQ+qmMBx3J89EgJ+sU+DDnzg3hTfMqothITfMqoJ2pT088vuKTS:yCmiaqyDU9MBUMSy3vuH
                                                                                                                            MD5:93E9DDEE2411E088DB3970A800682E8D
                                                                                                                            SHA1:F4C917AF52BBD7553F0071897F1C2F254C06F9B5
                                                                                                                            SHA-256:64FD2582835F1165E02B60C888DE546C0113E767E5D0EA6A7B9F69426255288D
                                                                                                                            SHA-512:68F1508D7D9BB790844BA5408CA796543148E2524A9066744377E7AE8BA4AD104F4EA3E0501B4618967522D06DEF6658961AEB4316EF7BF0B67D1F9B9096202D
                                                                                                                            Malicious:false
                                                                                                                            Preview:[SPS PRESET]..slider1=356..slider2=0..slider3=0..slider4=0..labels_0_0=resolution..labels_0_1=8 bit..labels_0_2=4bit..labels_1_0=..labels_1_1=..labels_1_2=..labels_2_0=..labels_2_1=..labels_2_2=..labels_3_0=..labels_3_1=..labels_3_2=..code0_size=0..code0_data=00..code1_size=54..code1_data=73706C303D28307C2873706C302A7363616C6529292A6973633B0D0A73706C313D28307C2873706C312A7363616C6529292A6973633BD7..code2_size=33..code2_data=7363616C653D382B736C69646572312A35363B0D0A6973633D312F7363616C653B62..

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\DSP_SPS\justin - reverseness.sps

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):851
                                                                                                                            Entropy (8bit):4.681533987718434
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12:yj1UzvcRKgclhlb/l3TEXTtXTz7GA3iT0sf2RU14vM:ypUzvcRilHbd3T+ZzqzHf2RUh
                                                                                                                            MD5:DB7AF85A018608C81852B6C385B9CA67
                                                                                                                            SHA1:7190B942CED8D2C3FBC8946CE9A2E796F52DE98B
                                                                                                                            SHA-256:AA6565610EAB3284F1C2191F0D9B07975203A5B983ECD9B774368CE57E9E443E
                                                                                                                            SHA-512:0335E6E9366992BF9A9BDA7D311CE363FCD98648C0D71F0A78BE0582495F839A93338EB0F633873229C53B3FF9C2B377BB075F0BF52D89A0D66723CD2C59539B
                                                                                                                            Malicious:false
                                                                                                                            Preview:[SPS PRESET]..slider1=500..slider2=500..slider3=0..slider4=0..labels_0_0=length..labels_0_1=4 sec..labels_0_2=0 sec..labels_1_0=wet/dry..labels_1_1=wet..labels_1_2=dry..labels_2_0=..labels_2_1=..labels_2_2=..labels_3_0=..labels_3_1=..labels_3_2=..code0_size=8..code0_data=706F733D303B0D0A11..code1_size=199..code1_data=73303D6D65676162756628286C656E2D706F73292A32293B0D0A73313D6D65676162756628286C656E2D706F73292A322B31293B0D0A61737369676E286D65676162756628706F732A32292C73706C30293B0D0A61737369676E286D65676162756628706F732A322B31292C73706C31293B0D0A73706C303D73302A776574202B2073706C302A6472793B0D0A73706C313D73312A776574202B2073706C312A6472793B0D0A706F733D69662861626F766528706F732B312C6C656E292C302C706F732B31293B4C..code2_size=50..code2_data=6C656E3D73726174652A736C69646572312A343B0D0A7765743D736C69646572323B0D0A6472793D312D736C69646572323B97..

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\DSP_SPS\justin - simple delay.sps

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):816
                                                                                                                            Entropy (8bit):4.639625071234759
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12:yAiauvP3vhhzXtkDOm4he1rBXaEcXaruWocllSyD1gKegaqf:yAYv/vfpkyze1rwEpruWoKlSyD7egaqf
                                                                                                                            MD5:33059349A4857D45DD97E7B684132BA4
                                                                                                                            SHA1:F899DC65C7B1FE119477E4AEE2219065974715A5
                                                                                                                            SHA-256:9251D4216A0F3162CE681ACC1686D1F820CE501BF71A5E030E82D82373F1794C
                                                                                                                            SHA-512:91D3F012C07911EA3C415BB49C56A8928E44595EC5E672139951FE0996AF83E55D4FDC0E6D7FA9FB9CA38278A253548DDB0BA5F1B502C93E4022045032A072C7
                                                                                                                            Malicious:false
                                                                                                                            Preview:[SPS PRESET]..slider1=111..slider2=802..slider3=1000..labels_0_0=delaytime..labels_0_1=1s..labels_0_2=0..labels_1_0=wet..labels_1_1=+0..labels_1_2=-inf..labels_2_0=dry..labels_2_1=+0..labels_2_2=-inf..code0_size=0..code0_data=00..code1_size=263..code1_data=6470696E74203D202864656C6179706F737C30292A323B0D0A6F73313D6D656761627566286470696E74293B0D0A6F73323D6D656761627566286470696E742B31293B0D0A0D0A61737369676E286D656761627566286470696E74292C73706C30293B0D0A61737369676E286D656761627566286470696E742B31292C73706C31293B0D0A0D0A73706C303D73706C302A736C69646572332B6F73312A736C69646572323B0D0A73706C313D73706C312A736C69646572332B6F73322A736C69646572323B0D0A0D0A64656C6179706F733D6966280D0A61626F76652864656C6179706F732C736C6964657231202A207372617465292C0D0A302C64656C6179706F732B31293B58..code2_size=0..code2_data=00..

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\DSP_SPS\justin - simple pitch and tempo (half-2x) control.sps

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):919
                                                                                                                            Entropy (8bit):4.559716061696378
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12:ysiz6vhKnnhRsX75PWqNTPrX9ahQA759TShAMuyjK995BoIzflhSgs:yu0G7BP273DMJjuQr
                                                                                                                            MD5:8C1FAACBE10FC5D6DFC6716A3A883DA6
                                                                                                                            SHA1:4EF0BC4EBD45E87428B3E241BE17C8DCD5EB368C
                                                                                                                            SHA-256:5F7AD27BCEBBF4015A410E455C7F288E4B39BB45EC6C7E5235DB9D5D83BD98EC
                                                                                                                            SHA-512:C2A21CB6B79CF759B721C8650E6BCC4604B1369773B90DAE348C9095512730A24A45706CA4F1317358CC2D0FA85AEA35E83B5FF6AE495D81CAE13E743FD8A496
                                                                                                                            Malicious:false
                                                                                                                            Preview:[SPS PRESET]..slider1=529..slider2=0..slider3=0..slider4=0..labels_0_0=speed..labels_0_1=2x..labels_0_2=half..labels_1_0=..labels_1_1=..labels_1_2=..labels_2_0=..labels_2_1=..labels_2_2=..labels_3_0=..labels_3_1=..labels_3_2=..code0_size=6..code0_data=706F733D303BFA..code1_size=241..code1_data=69662861626F766528736C69646572312C302E35292C0D0A20202F2F20737065656475700D0A2020202061737369676E28736B69702C61626F766528706F732C7370656564757029290D0A20202C200D0A20202F2F20736C6F7720646F776E0D0A202061737369676E287265706561742C61626F766528706F732C736C6F7764776E29290D0A0D0A2020293B0D0A0D0A706F733D696628736B69702C706F732D737065656475702C706F73293B0D0A706F733D6966287265706561742C706F732D736C6F7764776E2C706F73293B0D0A0D0A706F733D706F732B626E6F7428626F7228736B69702C72657065617429293BA4..code2_size=54..code2_data=737065656475703D302E352F28736C69646572312D302E35293B0D0A736C6F7764776E3D302E352F28302E352D736C6964657231293B19..

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\DSP_SPS\justin - simple volume control.sps

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):346
                                                                                                                            Entropy (8bit):4.789820321765436
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:W1Q+JMzyWk3JE5HAhaDLOlO4HXYMK7VYoREH7UjCXY+KBNvdWRtml//c28LSEoP7:yQ+n3JeUao/+sU+2DFZ/18+E418luf
                                                                                                                            MD5:B474E8F20A3BF124C8FF063486C2A8A0
                                                                                                                            SHA1:91089F38A751843EE18A07BAC91A840C8520DAD7
                                                                                                                            SHA-256:8A67FDB2CA8C4122FDD8042E1E2436FD282CC72DED0C143C20315BF633E463F2
                                                                                                                            SHA-512:2E4FFC55346C33DE98F64EF7325DB09CB756EE24A71F6221FEA79C7E1E3454440F89A356C19099C7E40654564898DCBFCCB702CB71E6932D44DD27920438A9AC
                                                                                                                            Malicious:false
                                                                                                                            Preview:[SPS PRESET]..slider1=889..slider2=0..slider3=0..labels_0_0=volume..labels_0_1=full..labels_0_2=silent..labels_1_0=..labels_1_1=..labels_1_2=..labels_2_0=..labels_2_1=..labels_2_2=..code0_size=0..code0_data=00..code1_size=38..code1_data=73706C303D73706C302A736C69646572313B0D0A73706C313D73706C312A736C69646572313BC1..code2_size=0..code2_data=00..

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\DSP_SPS\justin - stereo channel swap.sps

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):430
                                                                                                                            Entropy (8bit):4.733151155217743
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6:yQ+9Oi3JZf+sU+2DAmIzEYUkXcoS1BMiMSc/9TVDf:yoiY9DAmrrADXrDf
                                                                                                                            MD5:11D8484B214E6DFBBFCB25FCA4AAE744
                                                                                                                            SHA1:0C6D991233A01100F519ABD9CD6EFFD0A0161870
                                                                                                                            SHA-256:00DE343ADE80F026DAA8E3ADC4F4DB48939B9276DD4B8B7D3F60DE04F2036E98
                                                                                                                            SHA-512:0A5E82DEAA6C5A288574FD9001E9AE58DF8CDA08EBAD2E9380C279306D1A1C7A5D90FFF6CDED9D8AE2BC6944F79C905CFCF09574E7AE67D8F5DEABC9A1D1EDEF
                                                                                                                            Malicious:false
                                                                                                                            Preview:[SPS PRESET]..slider1=999..slider2=0..slider3=0..labels_0_0=..labels_0_1=..labels_0_2=..labels_1_0=..labels_1_1=..labels_1_2=..labels_2_0=..labels_2_1=..labels_2_2=..code0_size=0..code0_data=00..code1_size=88..code1_data=783D73706C313B0D0A73706C313D73706C303B0D0A0D0A2F2F20646F6E7420737761702073706C3120746F2073706C30206966206D6F6E6F0D0A73706C303D696628657175616C286E63682C32292C782C73706C30293B20E1..code2_size=0..code2_data=00..

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\DSP_SPS\justin - stupid stereo voice removal.sps

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):598
                                                                                                                            Entropy (8bit):4.73342313788446
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6:yQ+33J5uKRZm+sU+2DVgP58YZ8OWSoykXmpnisXTlDwkpc/Svb8ugvBxrRh:yvPRZX9DKqN5IpnxTYS4/f
                                                                                                                            MD5:DD28CA9CC401E0C1D0DF7715556DCA83
                                                                                                                            SHA1:FE3DFA8CCB8575D60AAC545E809026AC61E5CA11
                                                                                                                            SHA-256:026F0079DDDB4EF18DAC4D5F1B98D335932CA01CDCCDF858D9F1ECA1E96B7C71
                                                                                                                            SHA-512:779BA1B8AE836516319BE00D70F6D02A540A783C3746248E48D27B601533A5122B8228E80D505C45687EDD95CF30CB4F3BFCD1194DCB6A374DF0219E6C20F606
                                                                                                                            Malicious:false
                                                                                                                            Preview:[SPS PRESET]..slider1=759..slider2=0..slider3=0..labels_0_0=mix..labels_0_1=wet..labels_0_2=dry..labels_1_0=..labels_1_1=..labels_1_2=..labels_2_0=..labels_2_1=..labels_2_2=..code0_size=0..code0_data=00..code1_size=142..code1_data=6D313D736C69646572313B0D0A6D323D312D736C69646572313B0D0A613D73706C302D73706C313B0D0A0D0A2F2F206F6E6C79207570646174652073706C30206966207765206172652073746572656F0D0A73706C303D696628657175616C286E63682C32292C612A6D312B73706C302A6D322C73706C30293B0D0A73706C313D612A6D312B73706C312A6D323B18..code2_size=0..code2_data=00..slider4=0..labels_3_0=..labels_3_1=..labels_3_2=..

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\DSP_SPS\justin - tremolo and pingpong.sps

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):865
                                                                                                                            Entropy (8bit):4.723161821484744
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12:yOi3OMBCSKml5IKAQwBNST0JXIrAfUDr3GhW+CehINP2hvUaUi9ASx7:yO11C53AkgJXIPTuQWINSUBc7
                                                                                                                            MD5:25091B1F5FB0735FC0F780DE3CD11352
                                                                                                                            SHA1:DFE7435A7990E10C4BDCB10934D838C81ABDD316
                                                                                                                            SHA-256:D7B3662061FE0AD9C24DCD98AEA0C0A31CCBD3A11EFBB485A51418AE7E3F715D
                                                                                                                            SHA-512:55B520BFC41195CF4458D7967B47E83C6AE1609F820377423D57AD63BCA84F54F3691ED91BFF0B92A4E81759C38593650C0038CFF9F2DDE856D943E8B570BBDE
                                                                                                                            Malicious:false
                                                                                                                            Preview:[SPS PRESET]..slider1=672..slider2=270..slider3=310..slider4=0..labels_0_0=speed..labels_0_1=fast..labels_0_2=slow..labels_1_0=stereo sep..labels_1_1=pong..labels_1_2=none..labels_2_0=amount..labels_2_1=lots..labels_2_2=none..labels_3_0=..labels_3_1=..labels_3_2=..code0_size=82..code0_data=613D303B0D0A2F2F2074686973206973206261736564206F6E206368726973746F706865277320636F64652C206275740D0A2F2F2067726561746C7920657874656E64656420616E6420696D70726F7665648A..code1_size=99..code1_data=73706C303D73706C302A28636F732861292A616D6F756E74202B2031202D20616D6F756E74293B0D0A73706C313D73706C312A28636F7328612B7068617365292A616D6F756E74202B2031202D20616D6F756E74293B0D0A0D0A613D612B6161646A3BFE..code2_size=74..code2_data=6161646A3D28736C69646572312A302E303031292A34343130302F73726174653B0D0A70686173653D736C69646572322A2470692F323B0D0A616D6F756E74203D20736C69646572333B8D..

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\dsp_sps.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):41472
                                                                                                                            Entropy (8bit):6.263648621986232
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:768:tEoHJKCii9G+qjk3MG4BDWVPZa9ssUV4UlZKej/y4EmK28dbm25F:tuI4jQkBDKBx4Ul4ezy4JKZr
                                                                                                                            MD5:5D11DF40F6003CD81CBE3F2C239475A6
                                                                                                                            SHA1:EF22351D6B9ED13AD40038E8D9DE4FCA58487853
                                                                                                                            SHA-256:8C8A631071CC4D1811DB5F0658631608D750CFDAB00A3B129D6C9FF19E6662A5
                                                                                                                            SHA-512:ED8B2D166C1F3FBAEBC743EE0AB33A031FFA6B92B66D939A397A0EDF79CB3DA6D0B797FED905E955849FC3CF4A9F2D3B4EF0B1BF8378A9FEE1E32B7F0A1ADE14
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Joe Sandbox View:
                                                                                                                            • Filename: winamp58_3660_beta_full_en-us.exe, Detection: malicious, Browse
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........y...y...y..e...y..je...y...y..y..*v...y...f...y...f...y..Q....y...f...y..Rich.y..................PE..L......H...........!.....P...N.......=.......`......................................................................0m..r....f..d....P...)......................@...............................................l....`..<............................text...pN.......P.................. ..`.rdata.......`.......T..............@..@.data... ....p.......b..............@....rsrc....0...P...*...n..............@..@.reloc..............................@..B.<.P0......N=...Y..LG...-..LR..."..N_...........KERNEL32.dll.NTDLL.DLL.USER32.dll.comdlg32.dll.MSVCRT.dll.......................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\enc_flac.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):247808
                                                                                                                            Entropy (8bit):6.7304797833383
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6144:UFOY8jw5AS/8agi/PcUthIfQoL9QMZ2PBHc:UFOYpJgi/PcohId2m
                                                                                                                            MD5:8D1ADA5D3A1DBCD8C5DD5932FD30584D
                                                                                                                            SHA1:EE594A9E7713DF091B01FF9F6DAB654E834AF988
                                                                                                                            SHA-256:47965EA49EF9F3347CF176C673F5F077FF368F6887624208842062A939C1A060
                                                                                                                            SHA-512:7F6D6A15683E7983C80E80A825066B6FEEB4FBA85F831AD418D56943C83992F6024ADDBBC73AD659594F2B4D94902F42177124093086D36E6998447680F2ABA3
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$..........e.l.6.l.6.l.6...7.l.6...7>l.6...7.l.6..}6.l.6...7.l.6...7.l.6L..7.l.6...7.l.6...7.l.6.l.6.l.6L..7.l.6L..7.l.6L..6.l.6.l.6.l.6L..7.l.6Rich.l.6........................PE..L...2<.b...........!...................................................................................................(.......d...............................D...|................................$..@...................D...@....................text............................... ..`.rdata..............................@..@.data...............................@....rsrc...............................@..@.reloc..D...........................@..B................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\enc_lame.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):402944
                                                                                                                            Entropy (8bit):6.593431534536892
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6144:GuBTdLZgbYu+hk8s8Ou92a1HX1PeWh3LlPfGLNkkozOnaDcHFfzU1aFlQaKAOXVX:VT7gRIj2wdh3LlPfGLdozbkzaaK90k
                                                                                                                            MD5:6ECB5AA097450D88AAC828DB0DA7B29A
                                                                                                                            SHA1:A7D56B8678AD524FF04CCEB33761B40BAF6FC171
                                                                                                                            SHA-256:5D73F9D5D357CF6F3EBB0453A2C932CBF2D9D4F8AA7E5173B0E2C9C9B26261AA
                                                                                                                            SHA-512:20DE521002BD4CF9DB1B1B114B141B6D6621EA49C3ACBA5CEFE9A59048167B5E48C6185A6C257C17C8CD6B28A0E80835889656F960B8AE44293E6340F4A74D3B
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..s~.. ~.. ~.. j.!W.. j.!. j.!g.. ,..!a.. ,..!q.. ,..!m.. j.!{.. ~.. ... ...!c.. ...!}.. ...!... ..n ... ~.. ... ...!... Rich~.. ................PE..L....<.b...........!.....6..................P...............................@...................................... ...........<...............................p(..0...............................P...@............P..T............................text....4.......6.................. ..`.rdata.......P.......:..............@..@.data...............................@....rsrc...............................@..@.reloc..p(.......*..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\enc_vorbis.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):808960
                                                                                                                            Entropy (8bit):5.095779994950431
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12288:A3eP8jRbvsl41z+zKV+RcUcQwKrmxq3xz8G7h3btCy5:XEjF0l4Q/RcUcQwKrmxq3xzVlbt7
                                                                                                                            MD5:87B4DE9277CD939E9C07B23016B4F4EE
                                                                                                                            SHA1:59FF07C26387780500C5F8949BD4FB96DC1F6662
                                                                                                                            SHA-256:F2AD47EC4BC9624DCB86F0F002C9A4B4AB6D1BD55C24102B781E3907C91E7C58
                                                                                                                            SHA-512:0C9607585882C37B8049965850A40CF10803CD91175EBDE03C6333F315B03464DB9568D0A8DB39379A8BC3AA31F02232440F1C622BB276DF405361032BEE1CA4
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............}.I.}.I.}.I...H.}.I...H.}.I...H.}.I...H.}.I...H.}.IV..H.}.I...H.}.I...H.}.I.}.I.}.IV..H.}.IV..H.}.IV.GI.}.I.}/I.}.IV..H.}.IRich.}.I........PE..L....<.b...........!................fW..............................................................................0...........P....@.......................P..$5..................................(%..@...............t.......@....................text...h........................... ..`.rdata...}.......~..................@..@.data........ ......................@....rsrc........@......................@..@.reloc..$5...P...6..."..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\enc_wav.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):109056
                                                                                                                            Entropy (8bit):6.396670594102568
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:rKLKf4m9ppTnnPXpwCtRUeKVLccLneb3NPH:NH9bTfpwiRUX0dPH
                                                                                                                            MD5:FCAC1E314D82903A12938F16679AEB30
                                                                                                                            SHA1:214B52E9AF6DEF2911B6FAAC8EFC1399BB6257F0
                                                                                                                            SHA-256:2F62E387ECFEF65480765945DFC8FDE4B2E84B8B2627D096AB4412B46E75996E
                                                                                                                            SHA-512:F4EA4C8947A3D990159F9CD4B956E375F7E9644F5FD47C44F57882EFAAED1B85AD65E807C88BD0CA2A4DA614A451D116B907651E22EF61CF003FF0C30BA11821
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......].I...'...'...'...$...'..."..'...#...'.K."...'.K.#...'.K.$...'...&...'...&.w.'.."...'..'...'......'......'..%...'.Rich..'.........................PE..L...-<.b...........!................F*....... ..............................................................................l...d...............................0....{...............................|..@............ ...............................text............................... ..`.rdata...p... ...r..................@..@.data...............................@....rsrc...............................@..@.reloc..0...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\enc_wma.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):123392
                                                                                                                            Entropy (8bit):6.456376529328232
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:T8rp578kK2JLyxFihQtGRhtEDWo4JhZ+aeZVEZSf6NH:spWkLWehcjKochZjgGH
                                                                                                                            MD5:D83E796F7F59AFBB835215FF0EA1B476
                                                                                                                            SHA1:A42DBD12AAABDBB0E69171A1057582D3BC143940
                                                                                                                            SHA-256:98D9B1CFE4C60EB55F7DA2431CA252FD53CABDBBB3521ACDEF791482D029E08C
                                                                                                                            SHA-512:CF839C97C848792DEDACD47A7B242FEB6BED8EEFBD67CD5B928A0BCCA2A80A99A3E217DAA86D678032F3A8B0320B7DEE6F3019DDC125F0AE08A3BC4718D7D87A
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........5p..T..T..T..?..T..?..+T..?..T...!..T...!..T...!..T..?..T..T...T..e!..T..e!..T..e!..T..T..T..e!..T..Rich.T..........PE..L...8<.b...........!.....>...........5.......P............................... ..........................................(......d.......................................................................@............P...............................text....=.......>.................. ..`.rdata...s...P...t...B..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\gen_crasher.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):141312
                                                                                                                            Entropy (8bit):6.363744475054669
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:v7bYrPmvYQqMdLW4JSBtbNU6q9HBu5mbDdgeSPGkIgNPDrUJWbJ8I:zErPmgZnGS7m6ihu50DdgqWU8
                                                                                                                            MD5:2780F76B4CB44BF427C8F93CB1FBA93F
                                                                                                                            SHA1:B9A9FDC0244CA88B819580CE0FECFF435D49E875
                                                                                                                            SHA-256:F8EF8F2E3A181161B9401472B7BA2B00B2196B654E670479588AC56CA380FDD9
                                                                                                                            SHA-512:4F3E54D33826CCF040C727601ECA9A5C06D6B76EDDABDD6873025205E7861E848DBCF8F8FE429A17833D574DD31934C1577D6177BABDB562AFDE58BAB01F6AFB
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$MF:`,(i`,(i`,(itG+hk,(itG-h.,(itG,hr,(i2Y-hB,(i2Y,hr,(i2Y+hs,(itG)hm,(i`,)i.,(i.Y-hj,(i.Y(ha,(i.Y.ia,(i`,.ia,(i.Y*ha,(iRich`,(i........PE..L...W<.b...........!.....\...V.......`.......p..........................................................................x...............`.......................d.......................................@............p...............................text....Z.......\.................. ..`.rdata.......p.......`..............@..@.data...............................@....rsrc...`...........................@..@.reloc..d...........................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\gen_ml.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):445440
                                                                                                                            Entropy (8bit):6.558833709136308
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12288:BDb45r80Y67HAo67pIbSnhkR5segEiWR2bBO:RbC8967M7pWSng+giWD
                                                                                                                            MD5:76DF987D4B5665C824EEEF5B24FDDE48
                                                                                                                            SHA1:520F11E085848E67B2326ACFB544E111EE397033
                                                                                                                            SHA-256:7214E9234284F136E9406CF87EE22A2F1828A1FF200667E462E63DF457870F00
                                                                                                                            SHA-512:450C5203B7D4F465E6C12834E55BB4F8ED813CDFDED1AD12B8EA420E29BAD2CF70153BCE419BC21C332343321875996F831CFC7A137250A70B837E79E2E365E8
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............................S....8......................................u.................:......R..........Rich...........PE..L...^o.b...........!................y........ ............................... .......................................................P..0c.......................W................................. ...@............ ..P.......@....................text...$........................... ..`.rdata..r.... ......................@..@.data....:..........................@....rsrc...0c...P...d..................@..@.reloc...W.......X...t..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\in_avi.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):179200
                                                                                                                            Entropy (8bit):5.950354700494592
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:f47KQMzs8C2maQooOExtyARVvQ92uPIJnvSrbcRgiN9MFj/UrCrlw3QxuIu31/T2:fNs8C2maQooOEbyARVv4P88bcRgiN9MP
                                                                                                                            MD5:CD35CC3D70C6D705196D36267A9B85AA
                                                                                                                            SHA1:BE01D516EC233F79F43D571670D8EFEFE35E4BF8
                                                                                                                            SHA-256:4B73BD994A92E654EA220E6E6BDB2ADD7645D539CAB26E05F47AF4E0A91E1806
                                                                                                                            SHA-512:779C873BFE865A1BF9828EF0C5D6A17273C1BA7B29B6E930B3430A9BA0ECF99FC50A816686CF5A3C48E192DA4E01837A0F333807E9B92AA800CD2B1702083308
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(..F...F...F...E...F...C.1.F...B...F..C...F..B...F..E...F...G...F...G...F.~.C...F.~.F...F.~.....F......F.~.D...F.Rich..F.........................PE..L....<.b...........!................%...............................................................................05..x....5..d....................................!...............................!..@............................................text............................... ..`.rdata...~..........................@..@.data....w...@...j..................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\in_cdda.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):174592
                                                                                                                            Entropy (8bit):6.523578648584277
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:6lM3vzWp32kDLk/c4BfYYXvmXQ1d0mXpAJAOODYip7K+q8y6lNIDfVH/sZu6+:rr82ZcQfd91dLqzODp7BwNEM6+
                                                                                                                            MD5:A21A4501DB07E4F3D98C850861D26403
                                                                                                                            SHA1:10C8FABAF4D47E32E20CA282316448662A495204
                                                                                                                            SHA-256:A2173A84B3D21FA99B5241F00FBE507B71039CF42438ED8F8B8A763308DFCF16
                                                                                                                            SHA-512:AF97B9399142B4D331E7827FC16809E5868E39BF04733135E684F0688A2F179DE7CDA8CC2A1F77D07F4D8C10A0E1E82247BB2060380148DBFCE6AB60D1DC6FBF
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......QH...)...)...)...B...)...B..)..G\...)..G\...)..G\..9)...B...)...B...)...)...(...\...)...\...)...\!..)...)I..)...\...)..Rich.)..................PE..L...(<.b...........!................{................................................................................o.......p..d.......x...........................|Y.......................Y..........@....................i..`....................text............................... ..`.rdata..D...........................@..@.data................l..............@....rsrc...x............x..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\in_dshow.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):205312
                                                                                                                            Entropy (8bit):6.590004838300293
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:adFOFdZdyXImIX96w3ZvntVdNZF3tyuvORW1Ed54h5uQ6IilcCoeQWYnj8vK3CMb:adFIywN667Nb7j1U54W+njR3CM
                                                                                                                            MD5:1027FC3E2E6C1D6EC13C9CE05D5C64BB
                                                                                                                            SHA1:30B232B2A74D608B427CDB4CF3825812A57411F1
                                                                                                                            SHA-256:9920096388D56A66AED878877F3946F3C1F14FE3FC5A2328F0DFFBCAE1523EE8
                                                                                                                            SHA-512:916A830FA51C7099B25843BA5E053F8D0BE23106C22D2043E93FE353FA55555DA287EB219B586846C9A5E7272A03FAEBCD13FA1230082495BE46767D900AD1A7
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........j....C...C...C..B...C..BT..C...B...C...B...C...B...C...B...C..B...C..B...C...C;..C...B...C...B...C...C...C..C...C...B...CRich...C........................PE..L...5<.b...........!.........r......................................................................................@...x............@..`....................`..t&..................................@..@...............(.......@....................text............................... ..`.rdata.. ...........................@..@.data....h.......2..................@....rsrc...`....@......................@..@.reloc..t&...`...(..................@..B........................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\in_flac.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):267264
                                                                                                                            Entropy (8bit):6.737478904547126
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6144:pKvLiZVMJhFllymX1THkaSLXYsfE/kpwswZSAO/YE:peifMJhFfFFHkaSrYnSR
                                                                                                                            MD5:5615966A9259E24E7F12F7534AEA7090
                                                                                                                            SHA1:734AE71FFFE53067E640A885A5131ECD7D1046A7
                                                                                                                            SHA-256:9708AB68DD35402D30ADE9349830FD3EA29BD069CA060C2735DD63C189306B98
                                                                                                                            SHA-512:427FF9DAD79DDC8A6597B56C079394563C0637EBB6600A1929E5115A89FDD51028A045C3AEBFCAF5859446ED9700E0F5992A9B69A3FC4DD53881B474D8B3E154
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........`..Y.n.Y.n.Y.n.Mjm.I.n.Mjk...n.Mjj.@.n.?n..[.n..tj.H.n..tm.@.n..tj.V.n..tk.|.n.Mjo.^.n.Y.o...n..tk.V.n..tn.X.n..t..X.n.Y...X.n..tl.X.n.RichY.n.........................PE..L...&<.b...........!.........f.......O.......................................P..................................................P............................ ... ..<...................................@.......................@....................text............................... ..`.rdata..............................@..@.data...X...........................@....rsrc...............................@..@.reloc... ... ..."..................@..B................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\in_flv.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):163840
                                                                                                                            Entropy (8bit):6.501432040937364
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:9l6eEFAfPgkXA1t0PbASYth/hmvrzkAy5+pCG+j1Y/qgBIHDdOQk5uxozGX7frWx:9wIXA1t0PUHthZpz53W/qgBuDd0GLTW
                                                                                                                            MD5:E7BB8B5F8838CA5B92BE35C7C9E01FC3
                                                                                                                            SHA1:FD4B5AF020CA7A09148B8202D2E01B888FDA3FE8
                                                                                                                            SHA-256:014EEB1DB93A9D20658AA36E4D819831A59E449C60E64E736823B8555F33B679
                                                                                                                            SHA-512:5AFAA23C94298F4F4364F844BC395665506C3E98F6600B2F1D8C1280C3C8FD619B3075A17520BFFF648599FA8486A080694B2947C6CFDFFA599041FDB1C996A4
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U.v.4i%.4i%.4i%._j$.4i%._l$.4i%.Al$.4i%.Am$.4i%.Aj$.4i%._m$.4i%._h$.4i%.4h%.4i%YAl$.4i%YAi$.4i%YA.%.4i%.4.%.4i%YAk$.4i%Rich.4i%........................PE..L...&<.b...........!................H|..............................................................................PL..x....L..d...................................,4..............................H4..@............................................text...o........................... ..`.rdata..............................@..@.data...t....`.......J..............@....rsrc................Z..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\in_midi.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):252928
                                                                                                                            Entropy (8bit):6.565855365604283
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6144:i8VZN7NvaDqWSzZ6m8sajzd1IVf5BFVvAOaXL12iR:i8rNhiuzZ6m8sajzAvoJ2iR
                                                                                                                            MD5:07968039FE10543571766D8ED92552AF
                                                                                                                            SHA1:B01FA3A05D7A11700132B8C4DB6D3C56D1B9BCB4
                                                                                                                            SHA-256:8F44AFB59661FDD665900E863E04D59C1A6D3C5F9A58EBCA805E1D767A3B7EB7
                                                                                                                            SHA-512:F12F199716D56926A9B5B3A70BA1BCFC7296D13C362421C8607667D8C3E2B5A5E7D77F7BED6421CDCD031358C82BF120411D94779E6932987797BF06104F08E3
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.........iPj...j...j...~...y...~...........h...8...e...8...|...8...C...~.......~...e...j...........k.......p.......k.......k...j..k.......k...Richj...........................PE..L...-<.b...........!.....|...|.......;....................................... ......................................`_..x...._...........=.......................*..,@.......................@..........@...................D[..@....................text....z.......|.................. ..`.rdata..............................@..@.data....1...p.......`..............@....rsrc....=.......>...r..............@..@.reloc...*.......,..................@..B................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\in_mkv.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):162304
                                                                                                                            Entropy (8bit):6.470932631670039
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:sA6+Vm2bKJdCknNjnoX68ZgBI23V/v4uT2sRzXWQMlWoIvkU+HJMD61kkTWfNZvw:X6B0KCkNjoX68OBl3VIKxzXWQ4WkU2Ms
                                                                                                                            MD5:AF7B7CF6BFCC426828C82D70DB067456
                                                                                                                            SHA1:E917C160ACCAB92704243ACBC5CDDE2FE777DA8C
                                                                                                                            SHA-256:23AD66C99D2D3258589DA40CA9D6F2BEFCAA40F7B201BAB21A5C79E589AA08C0
                                                                                                                            SHA-512:B28D9AFF20893D51BE3CC910C121ABEDFAF21BFCE4FB28B5810254A83F45BA4832CAD349237CB9ED9FDA2B1C4DE4389FFD819CA2D4907332D3746CEE835C09A3
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%q<.a.R.a.R.a.R.u{Q.k.R.u{W...R.u{V.s.R.....`.R.3eW.C.R.3eV.q.R.3eQ.t.R.u{S.h.R.a.S...R..eW.{.R..eR.`.R..e..`.R.a..`.R..eP.`.R.Richa.R.................PE..L...-<.b...........!...............................................................................................PS..x....S..d....... ............................@...............................@..@............................................text............................... ..`.rdata...|.......~..................@..@.data...l....`.......H..............@....rsrc... ............X..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\in_mod.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):2120192
                                                                                                                            Entropy (8bit):6.796639814067031
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:49152:b8nt7pgfGig0D4qECPMw76Ko3oK4ZsBkDi4oX6kqwkie5M:wn5CKo4qECPMQ6K2BIi4oX6T7i
                                                                                                                            MD5:B9DC9931D99006FF639A98BBD95A4875
                                                                                                                            SHA1:A8F4712B98641706D7187C1F87B4653E1F6B2770
                                                                                                                            SHA-256:BA74DAA15AE125BB4C911882BEEFF4710876A33BA9A57CFF01561898E01B79E7
                                                                                                                            SHA-512:A4B25D7227C1E296A5E006FCF0A8240C9B21ADE1D92FB8D5BA222BAD9B3F14A082DE4CEA1BAAAD723DFBFB7FC516EA3CBD373B99EA6433AFA128961EB27E9E56
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......4'..pF.QpF.QpF.Qd-.PZF.Qd-.P.F.Qd-.P]F.Q.).QuF.Q"3.P$F.Q"3.P.F.Q"3.PXF.Qd-.PvF.Q.3.PCF.Q.3.P.F.Q.3.PuF.QpF.Q.F.Q.3.PvF.Q.3.PqF.Q.3.QqF.QpFbQqF.Q.3.PqF.QRichpF.Q........PE..L...a<.b...........!.................n....... ...............................@&...........@..........................=.......>..d.....%.......................%......w.......................x.......w..@............ ...............................text............................... ..`.rdata...)... ...*..................@..@.data... ....P...4...8..............@..._RDATA...H...@#..J...l..............@..@.rsrc.........%.....................@..@.reloc........%.....................@..B........................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\in_mp3.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):331264
                                                                                                                            Entropy (8bit):6.589442072697514
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6144:fs1eS/yhxfxCYUhYrKnOLW0t5RdhknkAO+o/Ij/2:LSKLfxCYUhYrKns98
                                                                                                                            MD5:180611730CC326089D09D2FADBF6363C
                                                                                                                            SHA1:B5EF1F5807BE61FC4A1C894D672E942CA7BD1298
                                                                                                                            SHA-256:EA0007F939239A5C8ECB4B3B94010EDA3C91459ADA0A31B15AC597A1A42ACAA4
                                                                                                                            SHA-512:9399105D45477F3DFFE03EE5656AF303EA7BD730D6B91D393826D55BFE2F4BF24436D9273A70DEFDC1DE084492808798E14A71DD1E0E139C75BA44972161C9D9
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......2...vnx.vnx.vnx.b.{.dnx.b.}..nx.b.|.bnx.....tnx.$.|.fnx.$.{.cnx...y.tnx...|.qnx.$.}.Qnx.b.y.}nx.vny..nx...}.Anx...x.wnx.....wnx.vn.wnx...z.wnx.Richvnx.........PE..L....<.b...........!.....:...................P.......................................................................p.......r...........A.......................1..\V.......................V..........@............P......Lp..@....................text...y8.......:.................. ..`.rdata...1...P...2...>..............@..@.data............*...p..............@....rsrc....A.......B..................@..@.reloc...1.......2..................@..B........................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\in_mp4.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):197120
                                                                                                                            Entropy (8bit):6.611591520010802
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:Gj3wYDtlwTt4ppm8/TvgSEBC5ituJOI+qWkVo5p/cJp8t+eIPr8HBbOp/pAg0Fun:2wYBlwBamavBXVo5p+yIz8HIbAOCmAC
                                                                                                                            MD5:68C0C45BC97EB2DF17F3AA0D114EA8A4
                                                                                                                            SHA1:DD3127E853D4E7C6305BE8857D0E9BAFB6F082C5
                                                                                                                            SHA-256:422FF019362736B1C17D97B6E35DD7FF6D77F20AA30ADF5A54681AF8EABDC4A8
                                                                                                                            SHA-512:97F93BC33B25B5E3C7E6C853F1DA1377F082C1B7AF6792D85AC6B3CDA98E68A64B952C1E28D9BFA820116924E8988A66A9D6691EA7A6CDAB86EDECB3FD46A481
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........h.'...t...t...t.b.u...t.b.uF..t.b.u...t.|.u...t.|.u...t.|.u...t.|.u...t.b.u...t...t...t.|.u...t.|.u...t.|.t...t..dt...t.|.u...tRich...t................PE..L....;.b...........!................x........................................@..................................................d.......@.................... ......L...............................h...@............................................text............................... ..`.rdata..Z...........................@..@.data...p(..........................@....rsrc...@...........................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\in_nsv.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):192000
                                                                                                                            Entropy (8bit):6.387331151705391
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:Ma8VkuWiJ+yYA8du++MoIgt3J0+L+qhgxJeOv0BM7ORKBNtkH35tAR7M8FyLQNzJ:FxiwtdAL4xUiOI7kXTAZM8RJmUv5
                                                                                                                            MD5:B668CD90C51FD2700022E1C0518F4817
                                                                                                                            SHA1:03930F2E2C279C7689A0FDA0150575A487FF13BF
                                                                                                                            SHA-256:81ADBA0E50D1EE8399B2EDFFC1F06E604BD95BD69AE54A7D96102D825AA4AB7C
                                                                                                                            SHA-512:C020DE7A10D5543C62DF01620883461A66F32DA14E23ED88D45928F20A7C2C7D03A4BE49E1B048388153B3E4579944120770035CD1A43045AC6CB6DF236A0037
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$.,.`.B@`.B@`.B@t.AAo.B@t.GA.B@t.FAr.B@...@a.B@2.GA@.B@2.FAo.B@2.AAu.B@t.CAi.B@`.C@.B@..GAh.B@..BAa.B@..@a.B@`..@a.B@..@Aa.B@Rich`.B@................PE..L...F<.b...........!.........4..............................................`......................................`....... ...d.......h>...................@.......w...............................w..@............................................text............................... ..`.rdata..............................@..@.data....Q..........................@....rsrc...h>.......@..................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\in_swf.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):163840
                                                                                                                            Entropy (8bit):6.464188249143032
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:jcOHcAq6UOu3exjusstuJL8rWSpOgK4hFz3fric+O7MNq5T2LCPDca4KGw4:A7au3kIrx7nfricDMNM2P
                                                                                                                            MD5:17B4B1F2038A37AD35E4F0B779C229FD
                                                                                                                            SHA1:CEB31DEA70CB0F00C249DB6E2142600DD74CCEF0
                                                                                                                            SHA-256:35C4CF7A46FDC29CB0B7E5BBC3B8B5B348360177D2C06ADA8CF6006715694B34
                                                                                                                            SHA-512:D289D4B0D9AD0011DF3B5E15CE3C758BC0EE72BB7CA23C314D997050A693C0A5CD0A68AC34784AFD0B5CC0969CE5ADE5FE26C4862947863744A8328486A39EF1
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3..NR..NR..NR..Z9..DR..Z9...R...'..lR...'..^R...'..]R..Z9..XR..Z9..GR..NR..=R..'..GR..'..OR..'f.OR..NR..OR..'..OR..RichNR..................PE..L...%<.b...........!................+7...............................................................................Y..x...(Z..d....................................G...............................G..@............................................text...d........................... ..`.rdata..............................@..@.data....#...p.......R..............@....rsrc................^..............@..@.reloc...............h..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\in_vorbis.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):440320
                                                                                                                            Entropy (8bit):6.8270147161705355
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6144:HjUyV7f5vCCDR3efFqu7OmAFx1lAn5QckcQ9/pTR0CsAOtVjDAtq4dsP:Dnf1hdMFqu7OXFx1l85uzls3OqIsP
                                                                                                                            MD5:9115368102DD69D572B094868971D707
                                                                                                                            SHA1:F34BEF8CD993D1D0DECC20AD834456C2549D80A0
                                                                                                                            SHA-256:7F3D91EB9DE2746FDC82884CAC85E425C8242BF999AB584DEEFD00190CE0242C
                                                                                                                            SHA-512:97BD5FAE8DE21830727F726C9E34B014CD38BEB3BE032E235A1E046062B4DEC8CCD613BC13BEA9D46635DDB75046A95E56F3BEABD18E7B214A67228EBEBCABDC
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........).s;H. ;H. ;H. /#.!.H. /#.!.H. /#.!!H. i=.!.H. i=.!*H. i=.!-H. /#.!6H. ;H. .H. .=.!,H. .=.!*H. .=.!:H. .=Q :H. ;H9 :H. .=.!:H. Rich;H. ........................PE..L....<.b...........!.................V...............................................................................,.......-...........E......................x*..0...............................P...@............................................text............................... ..`.rdata...,..........................@..@.data....;...@.......2..............@....rsrc....E.......F...F..............@..@.reloc..x*.......,..................@..B........................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\in_wave.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):2176000
                                                                                                                            Entropy (8bit):6.402647126247059
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:49152:6ZLVhdsPfs2YvDvZyl98HlGE9XwovRc6cQOBgGxc/rztCsvk8:+LVhdsP02YvldlCq
                                                                                                                            MD5:C20AF000F7369C27C318E881FD8D1524
                                                                                                                            SHA1:D77E43901047D29BD42026FCD96DC85C0318EEA5
                                                                                                                            SHA-256:33760373BDCA9AFC1ADC0191E69B527F02FC774D136F7F9B5989EA3D4E685AC8
                                                                                                                            SHA-512:794CA983646FFF2E6099D42F5EE66E3A9322D987E9E7D953E2FC2D93B94573FBC6FA8AF54F2C4ED347DFC3E892EF72FBDAB6051605CBBC27786CFD1B24995983
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........F...F...F...R..j...R......R..e... .\.L......f......V......_...F...O.....y...R..A...F........A.....G....^.G...F.6.G.....G...RichF...........PE..L....<.b...........!................)S.......................................p$.....................................`1 .....t2 .P.....#. .....................#......# ..............................# .@............................................text.............................. ..`.rdata...|.......~..................@..@.data....m...@ ..X..., .............@....rodata.......#....... .............@..@.rsrc... .....#....... .............@..@.reloc........#....... .............@..B................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\in_wm.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):261120
                                                                                                                            Entropy (8bit):6.5354795647684965
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6144:yhW+0vOq0OAh5XUilZ+tgEPir+uJJ1zFxAOEEX:yYX365XUilZ+tRqTX
                                                                                                                            MD5:82C780204DE66F39C4A7C7975B13FD04
                                                                                                                            SHA1:D83667306EA0F6AF35B78582F229AECA304FC98C
                                                                                                                            SHA-256:BD2F9E67D5B39D59E30C178393A65D81430263A6410DC3E3846316E847DCFAC6
                                                                                                                            SHA-512:0F9E8225346002FA0B189C98B80F4556A4A1FBE87CB2E7F2D79017E166E6D94B062175EAA4242154161FFFB2F82F0E4E978D1B4A9F881FCDA567489D051FCF5E
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........I.BC(..C(..C(..WC..L(..WC...(...]..f(...]..S(...]..U(..WC..T(..WC..H(..C(...(...]..r(...]..B(...]B.B(...]..B(..RichC(..........................PE..L...B<.b...........!.........|......*........................................P..............................................H...x........$................... ..|*...p...............................q..@............................................text............................... ..`.rdata..............................@..@.data...@5..........................@....rsrc....$.......&..................@..@.reloc..|*... ...,..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\ml_bookmarks.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):149504
                                                                                                                            Entropy (8bit):6.475587469284566
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:zthc0VkAXTnv2gHvMRx6rLIxNxtt8aOLuFCaQHKPiAlLscTT1lJd5fJH6m6gKxcX:xhcKXXT+K0RdDQLAQH69r
                                                                                                                            MD5:B3F66B7B419D0F3DF9FC5BCBB89790D7
                                                                                                                            SHA1:737BD8754AF7F70ABBE7805365ACBC5C9C6A4BA9
                                                                                                                            SHA-256:052641AB33637C201A1F09B8833EC8E34B188F039295FFB1412CEB949FC3416D
                                                                                                                            SHA-512:3A67A44C6CF4382710CF2CDCB89471900DA4E324CD2A83D9F5935A1C0A72D418720F16E6614CDEF823A9EAE3F86F49B622FEC7782B62395825653549B909F565
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<..x...x...x...l...t...l......l...j...*...Z...*...w...*...j...l...u...x..........q.......y.......y...x...y.......y...Richx...........................PE..L...[o.b...........!................h]..............................................................................`...`............P.......................`......l...................................@...............P............................text...\........................... ..`.rdata...|.......~..................@..@.data...\....0......................@....rsrc........P......."..............@..@.reloc.......`.......2..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\ml_disc.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):288768
                                                                                                                            Entropy (8bit):6.3999360201126
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6144:5DndYJ3/onR70vk/krhq/y32a3fu+KCx+lQ6bJw4T:VSPAN0vTrhq/y326ajHf
                                                                                                                            MD5:D9FD7A42A46209A4A25075CED72AB89B
                                                                                                                            SHA1:B9DECEF672BCFD4B2CE2BE6E7408BEF8BDFCE0E7
                                                                                                                            SHA-256:9DF2E1520BE2C7707FB6BC64361D752F7592F7FCCA9F01E9F4F7589D7834B7F3
                                                                                                                            SHA-512:3D2C7F6CB4023877C56847CD2492333CD16ADC7AE0B866E87907B7FA3D7562F3597B55B2F6DA9ED6E311B0F7FDEC318BBB434A9AD36CD23CF13850B6C0D3AC42
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R._.3...3...3...X...3...X.. 3...F...3...F...3...F...3...X...3...X...3...X...3...3...2..{F...3..{F...3..{Fw..3...3...3..{F...3..Rich.3..................PE..L...do.b...........!................U................................................................................b..\....c..........`....................p.. ,..,U..............................HU..@............................................text............................... ..`.rdata..............................@..@.data....-...........n..............@....rsrc...`............|..............@..@.reloc.. ,...p.......:..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\ml_downloads.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):184320
                                                                                                                            Entropy (8bit):6.42457370393717
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:KkmuasPmvIAqrbOfuahnOWmJhtrimlx7mO8NaTXoZUM+ePcE++:mzIDbPahnYpimLX8AK0I
                                                                                                                            MD5:87077F22F2F98CDBAD2905B2A687CF6E
                                                                                                                            SHA1:11B71424DCCCFD49C89179933329AB66C57F4AF0
                                                                                                                            SHA-256:9755887BE68C0C0D7D7C4072389DEFE8401F65D53235A8063FD72C9321B12E30
                                                                                                                            SHA-512:5ADBEA749CC696198215030BB33A7EA7306F7F0DB916BA85B6BD168D06206C2AD3266EBA764707F7DF2A3BC337628E68A4BA9A73ECC46D7836DCF2B58A4F54C9
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$............j...j...j...i..j...o.7.j...n..j.......j..o..j..n..j..i..j.].k..j...k..j...k.-.j.].o..j.].j..j.].....j.......j.].h..j.Rich..j.................PE..L...&<.b...........!................................................................................................|..`....}..x.......8,..........................,f..............................Hf..@...............H............................text...i........................... ..`.rdata.............................@..@.data....'...........v..............@....rsrc...8,..........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\ml_history.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):172032
                                                                                                                            Entropy (8bit):6.470577206666901
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:OHO38lFnpr0xem31LVPZFaeWhL9vwFGNCckWiThZLK0Rw0CLZtk1XdYVrcCp:eOeFd+lxRnWh1WGwckjTlOZocco
                                                                                                                            MD5:B8909952BDA5ED28AAD4A5DB570B12AB
                                                                                                                            SHA1:758CBCCB3327A9AB2BD28CD5D72A47B22A7C47DB
                                                                                                                            SHA-256:5840A2EA9A9E4156FBE2CB41BD49B3B1650A7F15C682BE8CAEA1AF0B93DB7990
                                                                                                                            SHA-512:09EEC40F9751B910D4A7C42A26225E8E59F2F364F16865AF4DB8FCDE8BCFFB326A3267676BFDDA4D4207573B202B8A6873430396967625D9363F5D1366046DE3
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......-...i..]i..]i..]}.\b..]}.\...];.\K..];.\{..];.\~..]..\k..]}.\|..]}.\b..]i..]...]..\}..]..\h..]..H]h..]i. ]h..]..\h..]Richi..]........................PE..L...[o.b...........!............................................................................................... [..`....[..........@.......................p....I...............................I..@............................................text...z........................... ..`.rdata..............................@..@.data...8....p.......T..............@....rsrc...@........ ...b..............@..@.reloc..p...........................@..B........................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\ml_impex.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):235520
                                                                                                                            Entropy (8bit):6.487282210936495
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6144:wQQaiLuT1tGWZC9H+pUImkua4d6uhTAsfle2E:wQTiLuhtGWZC9HcUImJEP
                                                                                                                            MD5:999F9E68FDE908DAB67EF5571FDC90BF
                                                                                                                            SHA1:7EA89F9C2FDBFFC67DC1500DECA0E6F67A783952
                                                                                                                            SHA-256:6BEBE888729FFC25172728AD087B76C12EAA264783B93116B93BE3776B890C8D
                                                                                                                            SHA-512:8F66F9B985266081AC394ABEC028FCEC113A40E9ABAD47E1AB287FF67254BC073FB59CCF7DF55378988E26FC354FF95D845DE112EF8089046F2E7A41C6FF854B
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......KQ.p.0.#.0.#.0.#.[.".0.#.[.".0.#]E."+0.#]E.".0.#]E.".0.#.[.".0.#.[.".0.#.0.#.0.#.E.".0.#.E.".0.#.E{#.0.#.0.#.0.#.E.".0.#Rich.0.#................PE..L....<.b...........!................H................................................................................V..\...lV..x....... ........................ ..85......................@6......X5..@............................................text...A........................... ..`.rdata..............................@..@.data...X&...p.......T..............@....rsrc... ............h..............@..@.reloc... ......."...v..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\ml_local.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):481280
                                                                                                                            Entropy (8bit):6.510058805425647
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12288:Vfe/Adk2AORLe9lBf9yJkqhJ+6b9YPoxq:pe4dZMXl94P
                                                                                                                            MD5:CDE82AAFDCFF5EE6758635CACA8E96AF
                                                                                                                            SHA1:BC9A4FA5330FD04FE7AEB3223CEAF232B359E01E
                                                                                                                            SHA-256:708F5FBB6BEEED3196A0B93CD9D77A3627541F3FF6467581D886900D0E9DC554
                                                                                                                            SHA-512:2CB49BE2633E6B2F8059B803236297B037BB0A19220E71F86413BDB5C0B5F08C870AF18CC5754141A2ECE2DBFFAC685E3C58707F2EB2929134CFA49E6345D647
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......QUH..4&..4&..4&.._%..4&.._#..4&.s[...4&.GA#.14&.GA"..4&.GA%..4&..A'..4&.._"..4&.._ ..4&.._'..4&..4'..5&..A#.'4&..A&..4&..A...4&..4...4&..A$..4&.Rich.4&.........PE..L..._o.b...........!.................J....... ..........................................................................\.......................................db......................................@............ ..H............................text............................... ..`.rdata..J.... ......................@..@.data........ ......................@....rsrc................$..............@..@.reloc..db.......d..................@..B........................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\ml_online.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:modified
                                                                                                                            Size (bytes):262656
                                                                                                                            Entropy (8bit):6.546489852889598
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6144:XOigTcDtZu5w7dS3WfsfovwnDMuA26jPs+l:RAEA6Q3Wfsfovw5+l
                                                                                                                            MD5:421FFEA27FB05C6DAFD773CEF8D2D626
                                                                                                                            SHA1:E94793F729CC7377ED6789A2A18B771A447F0A78
                                                                                                                            SHA-256:383E99CBAE861B3B4AA47526F6C28DBB54D6764A914B1C2BEB46A5E9373ABBB1
                                                                                                                            SHA-512:B9E05D486F6DC883C38C09D7551590571031D15270832C069AD5EA968C62F708C93ED0017EE45A2657CBA4303ED6970B89414C31D056C28192CD2AEFE830F9DF
                                                                                                                            Malicious:true
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5$..qEm.qEm.qEm.e.n.}Em.e.h..Em.#0h.QEm.#0i.~Em.#0n.eEm.e.i.gEm.e.l.`Em.qEl..Em..0h.\Em..0m.pEm..0..pEm.qE..rEm..0o.pEm.RichqEm.................PE..L...[o.b...........!.........X...............................................P...................................... |..t....|...........J................... ..8'...Y..............................8Y..@............................................text............................... ..`.rdata..............................@..@.data....2...........x..............@....rsrc....J.......L..................@..@.reloc..8'... ...(..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\ml_playlists.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):243200
                                                                                                                            Entropy (8bit):6.509734906248916
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6144:oBCigsmyw1ntmmjcIqI7ZupUAbWXpkcQXBbgjflifu:sCiCyw1ntmmjcIqI7ZupUAbWXYz
                                                                                                                            MD5:132B069B4BFEB4E86313F6FB01C548FF
                                                                                                                            SHA1:ED6DAEA0C26A79896388DAE621408B77AA241E1B
                                                                                                                            SHA-256:4B89BB5B3E304DC1FCEF183B6821E6EB4C41073CE615D2F7D1A0A423BCEA9B71
                                                                                                                            SHA-512:C52509EA86339D830E3685AB1D1EF9929A9CA5F93490DEEABC0DBE98BC2C0D236EDB05ACAD36479F7F7EB44A12F22096A7B512AC833155CA10188106B542233B
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............G...G...G...F...G...F...G...F...G...F...G...F...GS..F...G...F...G...F...G...G|..GS..F...GS..F...GS.=G...G..UG...GS..F...GRich...G........PE..L...[o.b...........!.........F.......;.......................................0.......................................O..`....P...........1......................x*...3.......................4.......3..@...............l............................text...3........................... ..`.rdata..............................@..@.data....C...p.......J..............@....rsrc....1.......2...X..............@..@.reloc..x*.......,..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\ml_rg.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):172544
                                                                                                                            Entropy (8bit):6.565934430321079
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:sAE5EML1/B9Qi9cg+oLi4hXuevEc0WkatuJE6qhq1YXEu/0chEs4m8xLqC08JKAh:sAE5+oum+XFIX/lqs4Lqf8YAOdPXHi
                                                                                                                            MD5:DEEBD3ED4D7B904805EBFA7F8FF2A165
                                                                                                                            SHA1:61D47BA2D5E03BC27953646FE6938DD023735995
                                                                                                                            SHA-256:60991052410D17B0077F1339ED8F5108BC8F3D31093BD7B72E9C5F7DBC61FA27
                                                                                                                            SHA-512:985077B4A6665FD66CC35DF8FCF2DA13DE0605E0160D3EA3D5FEE3ABEF98D2D5E79368C617E9FCC2C26BC77A256BAD3D52D8053EA0EB7503C43B4A242FA578A9
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D...%..%..%..N..%..N.m%..N..%..P..%..P..%..P..%..N..%..%..%.#P..%.#P..%.#P ..%..%H..%.#P..%.Rich.%.........PE..L....<.b...........!.................T..............................................................................p|..x....|..d.......x............................l...............................l..@............................................text............................... ..`.rdata..............................@..@.data................p..............@....rsrc...x............|..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\ml_transcode.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):137728
                                                                                                                            Entropy (8bit):6.393375927092307
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:ECBrYAsH7m1DpD3P3+kzW7Qk6qlK4Cm9xOBFPk8OabD:EQrcH7i5vtCQPql9Ow
                                                                                                                            MD5:D4B5EBA07C90C60DFC44550D0E1A83BB
                                                                                                                            SHA1:50ACD9863F740064A88B5B0173138A229436B4C4
                                                                                                                            SHA-256:FDF1111A97383E50942FD6AE4EF9A05EA09DC8E3713968E9399C3F7C389CE026
                                                                                                                            SHA-512:B6CA101211D49A732D913B999494191140E82C42B614E137C96C51833C647BE3C1791B46E6463C541A6375699E2029C91AB14066379141EE8BE3649E2938E9A0
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......vABt2 ,'2 ,'2 ,'&K/&> ,'&K)&. ,'&K(& ,'`U)&. ,'`U(&# ,'`U/& ,'&K-&; ,'2 -'. ,'.U)&5 ,'.U,&3 ,'.U.'3 ,'2 .'3 ,'.U.&3 ,'Rich2 ,'........PE..L...9<.b...........!.....`...........Z.......p...............................P..................................................d.......p....................0..L.......................................@............p...............................text....^.......`.................. ..`.rdata...|...p...~...d..............@..@.data...............................@....rsrc...p...........................@..@.reloc..L....0......................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\ml_wire.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):278016
                                                                                                                            Entropy (8bit):6.517111885608244
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6144:KAghbnqySLBDpqq8qte6xOpA75JtCW3GNdsB:KdhmySLBDpqq8qte6xFww
                                                                                                                            MD5:A057040B1CFA56F0DAF4DF2874059AF6
                                                                                                                            SHA1:BF4120C04BF681246F34F42CA1C9372D6986CC6A
                                                                                                                            SHA-256:1D9A6AF1C8204FE94F9DF2EE238CF5B9F31F88EE0FF7EF0FD2BB353EB957FC60
                                                                                                                            SHA-512:B966E2F5BB7D1BE1B42CC18FB9D71530C48F7C604AE8F44594EE76045784693C5BF6158CABC19740F08FA6C34116B8ED8E959439BE9495CD7B4AC87CD5FDED88
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........C.."..."..."...I..."...I..."...ML.."...W..."...W..."...W..."..{W..."...I..."...I..."..."..b"..{W..."..{W..."..{WN.."..."&.."..{W..."..Rich."..........................PE..L...[o.b...........!.........\......$\.......0..........................................................................\............0.../...................`..|,..................................(...@............0..\............................text...|........................... ..`.rdata......0......................@..@.data...lM..........................@....rsrc..../...0...0..................@..@.reloc..|,...`......................@..B................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\nsvdec_vp5.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):142336
                                                                                                                            Entropy (8bit):6.334015077483058
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:J/oKVg2nJizkW5DiKbbBJbzBJbjBJbdBJbULZEzhSP/drnbdJCn3TWJP+TxDjw:JwyhnAztBJbzBJbjBJbdBJbydrnbdJC9
                                                                                                                            MD5:61874D89DE846E31B82B3CBCA3009298
                                                                                                                            SHA1:9D6886296A5568CE83A2169066BB103CF7F10144
                                                                                                                            SHA-256:E5E4CA932C206A4BDF47A77AA4BF5C6B4AD9BEB4B08492DCB8ED4ACDA10344AA
                                                                                                                            SHA-512:D679E821381761B214C76092A52AB556B288C8A58149F57CC7E10E5CDD5A2E0D322CFC70CD65C4AFACBB01D5BD9CE40C49C0E2DCA849522E888E7DA7EF158F26
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-L+1i-Ebi-Ebi-Eb.XFch-Eb`U.be-Eb;XDcj-Eb;X@cx-Eb;XAcc-Eb;XFcm-Eb}FDca-Ebi-Db#-Eb.XLcW-Eb.XEch-Eb.X.bh-Eb.XGch-EbRichi-Eb................PE..L...b<.b...........!................~........................................p......................................p...T............P.......................`..........p...............................@............................................text............................... ..`.rdata..~).......*..................@..@.data...Pk.......L..................@....rsrc........P......................@..@.reloc.......`....... ..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\out_disk.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):133632
                                                                                                                            Entropy (8bit):6.441260053936073
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:/fpfmHFKZvlW8T6QAIJ9tnY7jXzT8ieo42d47RX8QHUkJd:/heH8RmQbJDQjjT8o85d
                                                                                                                            MD5:CDBC1E80BF84A8C0DFBEAD9F64B22FC5
                                                                                                                            SHA1:0EA6383DCA213913474E918661A0AB8903367795
                                                                                                                            SHA-256:CE89DEA16670DB381805CDC8660D1F48E2C7D675A9C75CD7F2B8291011818297
                                                                                                                            SHA-512:24426F717748416DAA49633F9F316503A623223A7BD6A6EE4E659E785375551AE7CD44A9D3DDA7DD4C7CBC56B984A0A942A791CD182F11E6D900E1D7C43C663C
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........%#.HDM.HDM.HDM.\/N.BDM.\/H..DM.\/I.ZDM..1I.GDM..1N.ZDM..1H.hDM.\/L.EDM.HDL..DM..1H.IDM..1M.IDM..1..IDM.HD.IDM..1O.IDM.RichHDM.................PE..L...A<.b...........!.....X...........>.......p...............................`..........................................T............ ..H....................@..T....................................t..@............p......T...@....................text....V.......X.................. ..`.rdata...x...p...z...\..............@..@.data...L+..........................@....rsrc...H.... ......................@..@.reloc..T....@......................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\out_ds.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):184832
                                                                                                                            Entropy (8bit):6.486138935701242
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:tAdsrHaCev4frGemqw/n86z+u1s2zbyYgxbl65iHVRQAg0Fu8I5LbUzdfu+CBih:qd/Cev4TYqw/Bqb2iYg650UAOpt
                                                                                                                            MD5:CA935CBC31DD81DDA8AA7A90E8265BE4
                                                                                                                            SHA1:A5AE3DA4C03A4724C272493FD678CAB2C914935E
                                                                                                                            SHA-256:3E38186584843B753EBFBB0FEF08350F8B7BBFF029DE67A742307FCC4B9FDCDA
                                                                                                                            SHA-512:2495209F209AC90D16D3DB124D052B330874C683177086BA7C61F01B05CA2B9468FA8A0A32119BC5A5A415E321B8944B33B13A2B5044A66E0E6D988885797BB5
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Y.t.Y.t.Y.t.M.w.M.t.M.q..t.M.p.M.t...q.F.t...p.V.t...w.O.t.M.u.^.t.Y.u..t..q.T.t..t.X.t...X.t.Y...X.t..v.X.t.RichY.t.................PE..L....<.b...........!.........H......O........................................0.......................................y..P....y..<.......80......................4...lj...............................j..@............................................text............................... ..`.rdata..L...........................@..@.data....0...........v..............@....rsrc...80.......2..................@..@.reloc..4...........................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\out_wasapi.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):102912
                                                                                                                            Entropy (8bit):6.416143928975074
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:9ACqx/bB/YwbvLpf7fMI9aG6G+2pBR4ZIqFuY05yQQIZ2Q8sWkcdJL6+edxgAx:eCqxOszpfAI9aU+u4ZIq5QQIWJPSxdx
                                                                                                                            MD5:F70F711101C24302E985BB8CC2571E5A
                                                                                                                            SHA1:33C1D8BD078317AD156413BC5AFEDF98263A93D7
                                                                                                                            SHA-256:17F191AC53C88AD535D5E2A73BEDFAD7A7F2869845ECEBA6B489D322A667E8C8
                                                                                                                            SHA-512:98D602140BEBF7B063DB4CB9EB62DB2E79731D71FAF0774BADFD7192BD15D544F920764B612C046A133A207956C7F159132F686496CF5EC0ED6391AE9A157847
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........@.0.!.c.!.c.!.c.J.b.!.c.J.bf!.c.J.b.!.c.T.b.!.c.T.b.!.c.T.b.!.c.J.b.!.c.!.c.!.c,T.b.!.c,T.b.!.c,T.c.!.c.!pc.!.c,T.b.!.cRich.!.c................PE..L....<.b...........!................A.....................................................@.........................@v.......v..P...............................\....n...............................n..@...............$............................text...H........................... ..`.rdata..zm.......n..................@..@.data...0............p..............@....rsrc................z..............@..@.reloc..\...........................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\out_wave.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):122880
                                                                                                                            Entropy (8bit):6.390196683215102
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:SUyTihEq/vFHVCFYZeOyGmbHpTac27Wv:JPB+FXOy7/R
                                                                                                                            MD5:E56F73A5B3C38F591A631F6112BA519F
                                                                                                                            SHA1:47A4323922F5D6474E91C9D23468E4CACA892227
                                                                                                                            SHA-256:2C06F6A9B2AC25CD2D89D7A748CC2E0F82901356BAA5FC6769785195E248B6B7
                                                                                                                            SHA-512:A4C874F28F9BD6C24E58A393079FA9BEF1D6A4AC97C42E3641E20ABC3501A5CDDADBF4049477433C6740206E723D61B194131FF4231D933FDA0A1E91934FD97F
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........aJH...H...H...\...E...\.......\...^.......G.......Y.......j...\...M...H..........K.......I.......I...H...I.......I...RichH...................PE..L...G<.b...........!.....(..........k9.......@............................... ..........................................T.......<...............................D..................................XC..@............@.........@....................text....&.......(.................. ..`.rdata...~...@.......,..............@..@.data...\...........................@....rsrc...............................@..@.reloc..D...........................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\Plugins\winampFLV.swf

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:Macromedia Flash data (compressed), version 9
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):36782
                                                                                                                            Entropy (8bit):7.994253160540749
                                                                                                                            Encrypted:true
                                                                                                                            SSDEEP:768:jMH5sAx5D6j4JK75Z+gDlUqwVMRleyAUDAEoTYhjDSJVFvo+t6:cvD6jN7v+cULeRleFqAEjhHMT6
                                                                                                                            MD5:5805A42017AAD6E8276AF8475286934D
                                                                                                                            SHA1:E2A03853BC713CB5E032893252E632EBB56267C3
                                                                                                                            SHA-256:962B8C80DDBD7E2F4831953DB053F0E3FE5F1DFA7015DE793B9EBD621D184EAF
                                                                                                                            SHA-512:FDD25BAFAED24D82113EF2B64CCAFF9FF54047986A92F963591E9B57ED41D71EEE326D81E98F4046AFE1F612C94B94482FDDBE6CFF57E55E05DE6C11C2EFB045
                                                                                                                            Malicious:false
                                                                                                                            Preview:CWS.....x...|\..8..t'.r..-w,...m...dKw.$.S.q.N.a.N.l.PL16.$@..8@h..!..B'@......PB... ..;[....N.|..|..>X.vwvvvvvv.N....t.B..T5...*]{...M..t4Z...o.$.v.e_N.1..S..?.........nd.......V...A........!.U..z1.9y......k.&(p.Aa..5$..+.%.D+.Gy..C......?.v.IM...{d.a..o[.../$_..O<2p.....Z8cE....4=j.....*.T._...OK..x.e......<}O.W..u.....y....m..........<......V\..-.}......3n.s?]....Q]]}.+..8krrV.c.}.....m.....#....=.......w}....G..../wNl...s...kU.......?..K/...O...............}.E........p....nM$o..........7.]...k}.7..H..u..=..1..C..._...u..[nq.<...'...W.....~p.?].^.|.g....+&|......x...o....s?.....E.W}.}Oli.I..~......m.7-.........9..7....K>\rp..#........_.q...|._..l...n....G..u_.^.....[n...7}..O.M}zcb...k...?....G..-.z...^..i.6~..W.C..h..n..t........n=._.../.,MO.<...'.....\...m..y...h]3.......+.....g...r.5.\....E/]u^.-k.vi..W_.Y...~......5...fl.t.u.L;.k.9....K..6.v....?r...^nX...S.\....~....._||.?{.]+?..u.!......................W...G...

                                                                                                                            C:\Program Files (x86)\Winamp\Shared\ElevatorPS.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):80384
                                                                                                                            Entropy (8bit):6.213593373702466
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:/qvE0CvFOcs0wZjQsz7BhOdsZVrsWkEcdmTT6Xp:CvKkcs7Qsz7hPKlmf6Xp
                                                                                                                            MD5:93CB7EAF9E06C08458E0099C62C148ED
                                                                                                                            SHA1:9D8925F87F67542D2BD21CFFA69A10FC7FCFD0A0
                                                                                                                            SHA-256:9A98C0115C8ED309409E7521B33E0D4E15FA528264A0A370E9F7FEB363BA3AF5
                                                                                                                            SHA-512:2BB8FA028D49E4E9D62735D4329EDA63A630F3BA315777528BC5A2643250275BE3BB41733CBF9259F8DF468DEFF43FF129AB70013FB4713E54A30005BC27F4C3
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........A.. .. .. ..K.. ..K... ..K.. ...U.. ...U.. ...U.. ..K.. .. ... ..GU.. ..GU.. ..GUG. .. /. ..GU.. ..Rich. ..........PE..L...!".b...........!................}...............................................................................@*.......+..<....`.......................p..\...."..............................."..@...............X............................text.............................. ..`.orpc...4........................... ..`.rdata..pc.......d..................@..@.data...,....@......................@....rsrc........`.......$..............@..@.reloc..\....p.......*..............@..B........................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\Shared\ReplayGainAnalysis.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):78848
                                                                                                                            Entropy (8bit):6.277100800876325
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:XU2h1FyH5hOEnivF8KqXyyhx4K4kZ5QGsWNxcdRWy:XdyHvOx8KqXyTK4kDfARWy
                                                                                                                            MD5:65550B8CD671D8A7D669D6188B938A89
                                                                                                                            SHA1:5BE9703BD56D3A489706420427F311B97A08FC4A
                                                                                                                            SHA-256:805D1628674D135451FCC3E22E8E73131F5767E5B8889D57AA30CB8ED1D30B4A
                                                                                                                            SHA-512:A8B480EE743EF4293A0D14CE2D4974AA1190AD7E5EB357C0BEC583FB0CD4307BF0B180D5BF06C4A445ADFFE22C7D8E7B0A4AF3F2827554219141E5E51BEB6EDF
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........5PC.T>..T>..T>..?=..T>..?;.OT>..?:..T>..!;..T>..!:..T>..!=..T>..!?..T>..??..T>..T?..T>..!:..T>..!>..T>..!...T>..T...T>..!<..T>.Rich.T>.........PE..L....<.b...........!................l........................................p......................................`.......`...<....P.......................`..........................................@............... ............................text............................... ..`.rdata...e.......f..................@..@.data........0......................@....rsrc........P....... ..............@..@.reloc.......`.......&..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\Shared\jnetlib.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):2688512
                                                                                                                            Entropy (8bit):6.857238798258794
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:49152:IZZ1GzkUHE3we8y3v5kaBo6fzqDPXT+6X9EJxVTDF:IZZ1wkUH7F62rT
                                                                                                                            MD5:F35C962EB6957DF2057B722C06281D46
                                                                                                                            SHA1:569D2DFE3702A471D5184406DBECCEC854E597D1
                                                                                                                            SHA-256:B8B5C2BE55D48095F1675E01B901C266659451910456D9C65106A627A41DB738
                                                                                                                            SHA-512:5D130569FA45C8A8D2BFDFA3132C3F5FD9E3C05FADADD7B27CC79E2BCBC9E780FC6248BEB5BB47C94925E5E21E1F00B386B7D0D58C19B87EB46AE2F217C9133A
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!.JGe|$.e|$.e|$.q.'.k|$.q.!..|$.q. .w|$.7.!.F|$.7. .t|$.7.'.}|$... ..~$.e|$.r|$.q.%.h|$.e|%..|$...!.h|$...$.d|$.....d|$.e|..d|$...&.d|$.Riche|$.........PE..L....;.b...........!.....l..........0........................................P)...........@.........................P7'..... B'.......'.......................'.8n... '.............................. '.@............................................text....j.......l.................. ..`.rdata..8............p..............@..@.data....n...`'..N...B'.............@....rsrc.........'.......'.............@..@.reloc..8n....'..p....'.............@..B................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\Shared\libalac.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):36864
                                                                                                                            Entropy (8bit):6.386722306092788
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:768:VCU3aCk0Nmxslyt6Cx1AcJxxzoLn9hoi+/HPmzMcI1I4:V13a4Aod29oLn9hoi+Xm4B1
                                                                                                                            MD5:1F02E274153DC6282B7B7D0D75A4AC58
                                                                                                                            SHA1:77DDF61BE56FC4F3F051253F8C9C82DDEBE2AFCB
                                                                                                                            SHA-256:18913C3F1B2681CA268CBA2B692A8CE966A11661776EBDC31636D133950F24BB
                                                                                                                            SHA-512:D3718CC0E3F3F3A2212312B9DA2ED18E90F76D20288BAA26B595EB5E41BFFF679A275A3D0B0B98156E22DAEADF2119D629F932155225110D75241A76610993C3
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!xV.@...@...@...8...@...5...@...5...@...5...@...5...@...2...@...@...@...5...@...5...@...5...@...5...@..Rich.@..........................PE..L......b...........!.....n...........r..............................................q/....@.........................p..........x...............................d.......T...........................p...@............................................text...Pl.......n.................. ..`.rdata...............r..............@..@.data...............................@....rsrc...............................@..@.reloc..d...........................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\Shared\libmp4v2.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):338432
                                                                                                                            Entropy (8bit):6.5447742382137495
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6144:Y0R/tmaf/qflpFTmlmiOf4WX4bdaOrQYTw2mUseowk6C6LS3X8QBxbi:YA/tmk/2lLmwiOf4WIbdaK5Owk6C6Qrk
                                                                                                                            MD5:41402CBA4F8EB0C8DCE9D33C97249551
                                                                                                                            SHA1:DCBAB19634C7591F0C96371025DA0D05BD0781CC
                                                                                                                            SHA-256:701B5F3D3AC59B18B72B3A8E59436A4F2FD198E9F32E9AFACA3639FEE58DDCFC
                                                                                                                            SHA-512:6EB8326115DE57C9728FA817B8ACBDE45F450232276CBCC3FF88BDD40994842E102E23B2EA561544B6A5DC9298B0A8498147A78A4095536D97C7DBB05386EE8A
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......h.5.,.[.,.[.,.[.8.X.".[.8.^..[.8._.>.[.J..-.[.~.^...[.~._.<.[.~.X.:.[.8.Z.).[.,.Z.N.[..._.-.[...^.h.[...[.-.[....-.[.,...-.[...Y.-.[.Rich,.[.................PE..L....z.b...........!........................................................`..................................................<.......X.................... ...>...V...............................W..@...............\............................text............................... ..`.rdata...8.......:..................@..@.data....(..........................@....rsrc...X...........................@..@.reloc...>... ...@..................@..B........................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\Shared\nde.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):184320
                                                                                                                            Entropy (8bit):6.529290885994402
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:R9jCyuKidKzvR2opC9dxPvbbU/21a+sUwZIm2FyfFU+XUKFKQG+njKfE:iyCdI9+xXXU/GKRIlFyfqX5c
                                                                                                                            MD5:CA039BC4F9316EA752AAA43A0A255268
                                                                                                                            SHA1:73EF5210D56C130154AB7B82B1C9DC7B5DAA2BC9
                                                                                                                            SHA-256:011AFD3541907A98DB519AA5F1CD63C3678EC843D1CA80E7E2C2BF0294007916
                                                                                                                            SHA-512:B6567472406D6C1C776214FC9CDE90D7A166693F9DAF5FE4B97C74CBB5EEB48A9C3704EF9D80F688E808C25F4B7C6C2A7D84D03A0C15F8AD79EE5E740EA28FE0
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6T+.r5E.r5E.r5E.f^F.x5E.f^@..5E.f^A.`5E. @@.V5E. @A.b5E. @F.g5E.@D.p5E.f^D.u5E.r5D..5E.@@.k5E.@E.s5E.@..s5E.r5..s5E.@G.s5E.Richr5E.................PE..L....<.b...........!................................................................................................p.......0...d....................................y...............................z..@............................................text...W........................... ..`.rdata..............................@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\Shared\nsutil.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):419328
                                                                                                                            Entropy (8bit):6.352727132925784
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12288:Q3Wxmke9yLEkayfMISyF+eKyYX7Zyr8wWxAx+x0CpzCGGn5:7mkeBxAx+x0CpzCGG5
                                                                                                                            MD5:BC22881F6B1734B60688326532455007
                                                                                                                            SHA1:A2B7FD678AF380A4646E79847088E905A135ED5E
                                                                                                                            SHA-256:C3D483430A9EB6CFA936D27C266113AF42995E1732BB90250BD1339808D60D32
                                                                                                                            SHA-512:93174146628625FF1517A84A2480EF62375AAF5DD13B991F1991A3D3885AAB6B3D07998161252229DA4CC8E747A872879B801683524C2CA8D8C0FC4B478CF1BB
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&Ab.G/1.G/1.G/1.?.1.G/1.2.0.G/1.2*0.G/1.2+0.G/1.2,0.G/1.,.0.G/1.G.1.G/1.Kp1.G/1..R1.G/1.G/1RG/1k2&0.G/1k2/0.G/1k2.1.G/1k2-0.G/1Rich.G/1........PE..L....;.b...........!.....8...........=.......P.......................................................................Z..0...._..x....................................V..8............................V..@............P...............................text....7.......8.................. ..`.rdata.......P.......<..............@..@.data...$....p.......P..............@....rsrc................X..............@..@.reloc...............\..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\Shared\nxlite.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):243200
                                                                                                                            Entropy (8bit):6.690394440430325
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6144:xG4NVXmdcSsKUQbNAKB7ZimMjWa4vvo/HKBZWy:xG0ZSsKUQpAs3MqjI
                                                                                                                            MD5:0E9A54FE0F59D5EB96BD3BF0692165C9
                                                                                                                            SHA1:7218FE37C1F5018BBF0B2515F9F6AEAFAD0F1926
                                                                                                                            SHA-256:58A2379194B85CFAEFC7FF56CE259E4ECF2FE9E1CDDCDF5056E7553AF1EBBBC4
                                                                                                                            SHA-512:575A3FF27CC9DEBFACB6AD7AF1FD0AAB4E2C8BAEB002D0BEF6269D4CD401119B0D4F651BA2EC500109018A9F7AA88A96E964B32ED1378A2E3CB43BB932127620
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$......... ...N_..N_..N_..M^.N_..K^o.N_..._.N_..J^.N_..M^.N_..M^..N_..K^.N_..J^.N_..O^.N_..O_..N_..J^.N_..K^.N_..N^..N_.._..N_..._..N_..L^..N_Rich..N_................PE..L....<.b...........!.....................................................................@.........................`s...... ~..P...................................|`..............................._..@....................q..@....................text............................... ..`.rdata..............................@..@.data....#...........|..............@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\Shared\read_file.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):85504
                                                                                                                            Entropy (8bit):6.357595531716699
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:FNBnN2peCGiNT+gX4AUeFph+oZHNZDj939eoPgxR/nRuB3cq5UTli:FNpXCGiggXjpFJNZDhkoPIR/nRkCTli
                                                                                                                            MD5:75BDDC7FA62FFA18B3FBF3BB01152D92
                                                                                                                            SHA1:FD738C84046A150C7933D829628E6388FE969279
                                                                                                                            SHA-256:26429F39B1FCA0729A7CED2BADAB15896764839913F60F946B0E537AD994391D
                                                                                                                            SHA-512:3EC1EF6675B809DF6A85D111A7300DDF6AA9C8A3501305D0CDB179F18FA71D94DAEF200A63753C01DFD10EA0D318C04041DD5B3DF963E64E651137C8E8E9C4B3
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......zJ..>+..>+..>+..E7..<+...7..9+..Q4..:+..Q4..<+..Q4..<+..>+..{+..\4..;+..8...1+..8....+......?+..Rich>+..................PE..L....M9=...........!......................... .......................................................................;..z....8..P.................................................................................... ...............................text...>........................... ..`.rdata..Z.... ......................@..@.data...4W...@.......&..............@....reloc..$............@..............@..B.rsrc................J..............@..@................................................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\Shared\tataki.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):202752
                                                                                                                            Entropy (8bit):6.511952036128252
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6144:6EIUHPio+03d1atp1PkX7dpQrASSR2MdzAS9y+Ax:65UHPioT3d1atp1Y7dpQrASSRC
                                                                                                                            MD5:5F765213605579B92E992DD490A4A952
                                                                                                                            SHA1:387E8B24D22FD6737A3FEE8B26EAC8B498E152F4
                                                                                                                            SHA-256:D6D4FD6A90C8708265CB842809853CFDC6C0A9091063239109E06ACF8C0888FD
                                                                                                                            SHA-512:DD7067DA422B8E670B6B6C3CF057A7148C2C8C3EB95428AD0DBAB94A1AAF6971C617DFCEBD8FF60546B54292A39F0A060F048C3944DE3563855B15A440248EAC
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i`"M..qM..qM..qYc.pC..qYc.p...q.}.p^..q.}.pZ..q.}.pk..qYc.p^..qYc.p@..qM..q...q.}.pZ..q.}.pL..q.}.qL..qM..qL..q.}.pL..qRichM..q........................PE..L....<.b...........!.........................0...............................P......................................@....9......d.... .......................0..x.......................................@............0......l...@....................text...:........................... ..`.rdata.......0......................@..@.data...x...........................@....rsrc........ ......................@..@.reloc..x....0......................@..B................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\System\aacdec.w5s

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):96256
                                                                                                                            Entropy (8bit):6.291593425381584
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:9GmHEHzAn9UcSAGoqzhmQvsMRTl3vTjVp7ZjxVj7wsWUSJcdyXKy5eN:9z4zA/G5zcQTRTl3vTPdxFdty6y5e
                                                                                                                            MD5:F8B47E319D874366FCC5F11036565159
                                                                                                                            SHA1:DA73FB74C68804E660EEAA0477B5176093A7321D
                                                                                                                            SHA-256:FEB9FBB0BEF4088291EEA2192E932DE93BCE3554FCE3A695AE38A8AA72D01726
                                                                                                                            SHA-512:A6F55134374D19656EE793D78B1F3F4868F5049F78E46A685523E3F5CCC101E31025B56A404FD70B9D9437388B15D035CB8E79F8638D06503EEAC1FEE70ED4D5
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........=p..S#..S#..S#.P"..S#.W"..S#..V"..S#..W"..S#..P"..S#..R"..S#.R"..S#..R#..S#.V"O.S#..W"..S#..V"..S#..S"..S#...#..S#...#..S#..Q"..S#Rich..S#................PE..L....;.b...........!.................;....................................................@......................... U..X...xU..x....................................?...............................@..@...............4............................text...5........................... ..`.rdata...l.......n..................@..@.data........`.......P..............@....rsrc................^..............@..@.reloc...............d..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\System\adpcm.w5s

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):89600
                                                                                                                            Entropy (8bit):6.231686508271542
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:IDMmfuVy+FNKe2V6Xo0UocsFiBtADqHwpIjOX3ZMVfsWWmcd70Cou/sn:1mfd+FQ/0Uo/iBtADqH923eK7dou/s
                                                                                                                            MD5:D13E452C28183FC4D6E863B3EEFED7D6
                                                                                                                            SHA1:2A8A27B689695D3C9DF6012207DC0D8FF889ACDC
                                                                                                                            SHA-256:F720FA6C94870C80DD63FABD1BBADC3DEBEC8270971558A8215C1C1D5462139A
                                                                                                                            SHA-512:9F818F72A2975D4E960CBCE97463E0BBD86046E627562BB60EDF3F75916F513D92D396EE4B431AE513DBE8A7E5FFF1D29D511DD4B1B4976DA0FE143759A0F3F6
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:...~...~...~...j...t...j......j..l...,..^...,..q...,...o...j...}...~..........{...................~.b.............Rich~...........PE..L...P<.b...........!................a+.............................................................................. ?..X...x?..(....p..........................x...l/.............................../..@............................................text............................... ..`.rdata..le.......f..................@..@.data... ....P.......8..............@....rsrc........p.......F..............@..@.reloc..x............L..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\System\adpcm.wbm

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):90
                                                                                                                            Entropy (8bit):5.51436233576259
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:O+yWqXfdDl0+h1mojFhFUeql+DoNz:O7WqXfdDl0+akF7dPD6
                                                                                                                            MD5:E429629D090E3B1ED4DB75AEE35EFC96
                                                                                                                            SHA1:F37AD76303B6FBDFD4820A8A6386CA220932C70B
                                                                                                                            SHA-256:FBD9D49C94D98F0DE4D07370D94AD002A670C15937BE86005C627F377174BE85
                                                                                                                            SHA-512:A3A97D6CB886BF7F0497548339B3F50D4E74989CC68F96DEED7030D4E93C9804932EC1222AACB73E9FB372208425E73C531936AA9EFC91FA6995E2E128B43CA2
                                                                                                                            Malicious:false
                                                                                                                            Preview:...$.. H.;.:..vlf...ADPCM FLV Decoder.........YD..O?....iva...ADPCM AVI Decoder..

                                                                                                                            C:\Program Files (x86)\Winamp\System\alac.w5s

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):84992
                                                                                                                            Entropy (8bit):6.283373931133044
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:arBpcc+WLiglRMl6iJ4w8MiJkcrVChsVjOi0HKZXWsWscdbNJadU0mE:Q0c+WT/86iJ4qiJkcrVCs5dV+bNJadU4
                                                                                                                            MD5:3C40FCE659C01CEBB65FB5B1FE17939C
                                                                                                                            SHA1:6BA3332133162A927C0E7C921F72EAEAC379D66D
                                                                                                                            SHA-256:33EF03F300A5E66DA62E38983ED0E85D4DBBDBE3E33AA0ED3F55CC4E89363C70
                                                                                                                            SHA-512:E0A651A3C516FB4470665CFC833B380A297432A0B7D0C4B94032D67B8FB6051D4E66E9CB6E76E185521684B905F072CB9D47FAC8F5788375FF82E7354CCF774E
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&...b.n.b.n.b.n.v.m.h.n.v.k...n.v.j.p.n.0.j.m.n.0.m.p.n.0.k.A.n.v.o.`.n...o.a.n.b.o.8.n...k.f.n...n.c.n.....c.n.b...c.n...l.c.n.Richb.n.........PE..L....z.b...........!.................................................................................................;..X...H<..<....p..............................|................................-..@...............0...|;..@....................text...6........................... ..`.rdata..`c.......d..................@..@.data...4....P.......,..............@....rsrc........p.......6..............@..@.reloc...............<..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\System\albumart.w5s

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):131584
                                                                                                                            Entropy (8bit):6.452166066751636
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:1JOKkq9F/X5swWkI2dgWEztaaOtneRTp28SZ0:1JGUXsvkIFOOxSZ
                                                                                                                            MD5:A1865ED9E851F53EED40A44B19C3F94C
                                                                                                                            SHA1:6BE8F23DA0599A9722D9E9D9B28DBC9AB3143C56
                                                                                                                            SHA-256:5651C88373058C7AA874D3D536F54E2580BB3A98C62B6E3B12E860086D121821
                                                                                                                            SHA-512:8034FA4C7675279668CFB0B1D0DF9B57E994D7E8E100BCA7ED1AFE888CBAECF8780CD2B5083F474FB8926C61FAC2E673479780ED094F8E36160A309C97979635
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Uu.*...y...y...y...x...y...x...y...x...yCa.x3..yCa.x...yCa.x...y...x...y...yL..y.a.x...y.a.x...y.a.y...y..dy...y.a.x...yRich...y........PE..L....<.b...........!.....b..........)C.......................................P..........................................\...l...<.... .......................0..........................................@...............L............................text...4a.......b.................. ..`.rdata...u.......v...f..............@..@.data...<...........................@....rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\System\bmp.w5s

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):122368
                                                                                                                            Entropy (8bit):6.621755076483863
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:69Gf6R57PNYQUK+vwsLbOtNodvaEwVvH6/mmTXK:6ow71dUKVDo5QtG
                                                                                                                            MD5:1FC957B094F5A5FCBBE4E4B3546081EF
                                                                                                                            SHA1:6459399E5FA32D648A96C5F326346DF5FB45711E
                                                                                                                            SHA-256:719834FF60108AEC740F42553AE6C7474AEB6B9C99995D03C1FDADCC345087E6
                                                                                                                            SHA-512:2843990CAAB8916C5AD6FAE669A34BCD379F249785CAF05C281F68D03EECF7EF8EE9ECD117FF3BB19140A95CB084066FA846154B7464F0526B5183769BF540AA
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......0...tq..tq..tq..`...~q..`....q..`...fq..&...Tq..&...{q..&...eq.....rq..`...sq..tq..)q.....}q.....uq...0.uq..tqX.uq.....uq..Richtq..................PE..L....;.b...........!................A^.......0............................... ......................................p...T.......P...............................`......................................@............0..L............................text............................... ..`.rdata.. ....0......................@..@.data...............................@....rsrc...............................@..@.reloc..`...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\System\dlmgr.w5s

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):115712
                                                                                                                            Entropy (8bit):6.445613624923492
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:ztZ59uOE0QmG6d9DpZgj+xJY68+bomLh89DsUn:VAOamGWDejiJYG2gUn
                                                                                                                            MD5:47BEE48A62DF88EAD7D80A554E68A07E
                                                                                                                            SHA1:9746158FA42CEB67C450F5E258CBC9A209C9E1A3
                                                                                                                            SHA-256:68233E0D4C54106EA3C09B7E99499D8B1F690E9086D5E08EDF02AE00F2D10F1F
                                                                                                                            SHA-512:44575122930ED776DA5C9CA11236A25D8B713E86EC67FF94A0E14E6694A776BEEA93DAC21AC8EB19075B2663807BE0B4322DF20647258175BB557954C677474E
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........g'...t...t...t...u...t...u...t...u...t...u...t...u...t...u...t...u...t...t..tO..u...tO..u...tO..t...t...t...tO..u...tRich...t........PE..L....;.b...........!.....(...........1.......@..........................................................................X......(...............................t...\...............................x...@............@..0............................text....'.......(.................. ..`.rdata...r...@...t...,..............@..@.data...............................@....rsrc...............................@..@.reloc..t...........................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\System\f263.w5s

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):104448
                                                                                                                            Entropy (8bit):6.156737574834742
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:Ww8mIzOpidm5V9xiuupuco6ScCyPB224aATk:IOpiIruuupvrdATk
                                                                                                                            MD5:A4E2DE21E523260203F093893E01955C
                                                                                                                            SHA1:2C9D2991F62F8FD2BA6B44F9C15BF2B7EE4D7643
                                                                                                                            SHA-256:94C45BB3A299717151764E30709B2973BD5A9C199DDE9AEF0E105293CB491112
                                                                                                                            SHA-512:78661C6DE0AE9D2B1B542B5357E3454C3C8AF779C473D365E4A84E4C32313E3678225D8BFF172F66EB9F7283443B394FD1B8ABA62924A271AABBD4B16E158882
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........c.x0.x0.x0..{1..x0..}1C.x0..|1.x0..}1.x0..|1.x0..{1.x0..y1.x0.y0..x0..}1.x0..x1.x0..0.x0..0.x0..z1.x0Rich.x0........PE..L....<.b...........!.................I...............................................................................]..X....^..(...................................lM...............................M..@............................................text...J........................... ..`.rdata...c.......d..................@..@.data....@...p...,...T..............@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\System\f263.wbm

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):129
                                                                                                                            Entropy (8bit):5.672589248203079
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:pISbPZHSuerwLDW5VAnfzUFzzkW:VbPTer+DW5yf4Fzzz
                                                                                                                            MD5:169538CD6E350771326D0139672D2F84
                                                                                                                            SHA1:BBB98CD5152F1C4A2E3217996D0069D96A78222F
                                                                                                                            SHA-256:53D2381F41A76ECC30AA389805976A103BD484D270EA0C62FC002712BA7F037A
                                                                                                                            SHA-512:B2DAF241A499BDE2DA43F41F7F687CDC02B6CEF9B21CB62E1F448A33758A0F1442D2FBD3C27412991E72FD55476BDAE0C8A34776E1CB78A9CC6CCCD610C3D7E1
                                                                                                                            Malicious:false
                                                                                                                            Preview:...oI.9NB.%.#Bbymfjbo..F263 Decoder....H...;.SD..k.O.?jvlf...H.263 FLV Decoder.....rq.M{fG.e.+...tvkm...FLV1 MKV Decoder..

                                                                                                                            C:\Program Files (x86)\Winamp\System\gif.w5s

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):95744
                                                                                                                            Entropy (8bit):6.318901094288339
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:LVni0sCqxBwgu3yjeqs7iz+kKDeZdBxKCKk8VP0gPdhZSfsW1cd5uY3DBnqQ:LgvH9u3oeq5+vDeZDxKCKDXhR533DBnq
                                                                                                                            MD5:BFF68CCE32AE7631B000DCB6CFECC8B9
                                                                                                                            SHA1:EE86E7E42769C9369BC87BE84430C82CA3E4767E
                                                                                                                            SHA-256:F8D3D9CF67B8F348C8B9B7BAF7986CCAB773294E8B0F949A19E2DD30EA4193EA
                                                                                                                            SHA-512:E346F759E5AB90198EC49A0AA41E497E54EBA20D7DFF1C930A88FCC98C8D8B5EC4D122E70C2A6A43C69D2A092DE17518BB7FC8002C49AD1614C2EAE4F3DC0F92
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........t..Z...Z...Z...N~..Q...N~......N~..H...<z..Y....`..z....`..U....`..K....`..\...N~..Y...Z........`..Y....`..[....`..[...Z.j.[....`..[...RichZ...................PE..L...N<.b...........!................mA..............................................................................`\..T....\..(....................................O...............................O..@............................................text............................... ..`.rdata...b.......d..................@..@.data........p.......T..............@....rsrc................`..............@..@.reloc...............f..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\System\h264.w5s

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):105472
                                                                                                                            Entropy (8bit):6.318010007063017
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:Kt63QfMapTiT4Q1GS3yQNwZpHIwJjOVA:Kts7WdQkMyQ0d
                                                                                                                            MD5:3B94FD146EF8957A12ECB63F433A6A5B
                                                                                                                            SHA1:616044DDC3660107E8E0DE9C47BCF03EA43F723B
                                                                                                                            SHA-256:907F741096C245CFFEA188C6FE01998EC3C58DA242DC7F44FCAA2B27DC35AE7F
                                                                                                                            SHA-512:C3E791EB089E72B146C461BEF47ECADF05136C3239E4DB952FE262866261809C95D7044DA98DC641D822EB28BBA7738EB0E035CA8110F6F123620FE9BF6D7A7C
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......|d..8...8...8...,n..2...jp..)...jp..*....p..;...jp......,n..+...,n..:...,n......,n..9...8...Y....p..9....p..0....p..9....p!.9...8.I.9....p..9...Rich8...........................PE..L...2<.b...........!.................U....................................................@.........................`v..X....v..<...................................l`..................................@...............0....t.......................text...K........................... ..`.rdata...m.......n..................@..@.data................r..............@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\System\jnetlib.w5s

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):2523136
                                                                                                                            Entropy (8bit):6.858129502856499
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:49152:x0+xONVCLIwGRc8yxLJDhQ+HPZ/9Kz08g0c6Hz6X:x0+xiyxLJDhT/9N8
                                                                                                                            MD5:513DF496A594CD7380BD9F4401F06AD9
                                                                                                                            SHA1:CE41E3EEEF52BCD01E1C02276F7B92938898EE3A
                                                                                                                            SHA-256:FE2F7BDCF9AA47B390DA5474CB7F39C48DAC36804C4C1B9B79DD346AC174FEF8
                                                                                                                            SHA-512:889DA4F2B55D824C02DBFB2F3947961AC21CF1B38C5FF9295AE21505DA5518EAA836E3435CC8FEA5EA1B8799725CB39EC1D1EDEE66E8543B6E36F38B99EFE666
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......T1...Px..Px..Px..(...Px.B%y..Px.B%|..Px.B%{..Px..%|..Rx..Px..Px.B%}..Px..;y..Px..Py..Px..%q..Px..%x..Px..%...Px..P...Px..%z..Px.Rich.Px.........PE..L....".b...........!.....|...........%........................................&.....................................`.$.X.....$.T....P%......................`%..]....$.8...........................X.$.@...................,.$.@....................text...7{.......|.................. ..`.rdata...U.......V..................@..@.data....^....$..F....$.............@....rsrc........P%.......%.............@..@.reloc...]...`%..^..."%.............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\System\jnetlib.wbm

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):234
                                                                                                                            Entropy (8bit):5.983609756873596
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:qiZaCDLxJ6gPYu4YlL0G/CfO/OJLiUYmet/CKmVyoMH0CMer0JcfDClt7HHB1lN7:qiHt05OW8NlqVyozC8iqDxlH
                                                                                                                            MD5:ADC8DC4941C3B5D116B18129E7B01053
                                                                                                                            SHA1:0B8A2B54150EFD989104849F3D4CDE5D6ACF725A
                                                                                                                            SHA-256:B680C1481BB32A23559CDF1CC18F154AB2B6830FCF6007F95A3253D9D228E887
                                                                                                                            SHA-512:0EA7E304AF1AE21812F22E3E441777AE85BA95FCB509ACBF76926DFAC3B4A065E2BD79F4529501168D76440B4EB99B4CF14DDACBD81DBFA5CC137E9EF6684099
                                                                                                                            Malicious:false
                                                                                                                            Preview:...\G...eF...}.1..fjbo..JNetLib HTTPGet.........V.F......1.fjbo..JNetLib Connection...."]...ikH..e.[...fjbo..JNetLib SSL Connection....r^C..ZWM..?.B...qinu..JNetLib Asynchronous DNS........*.XO.C.$....fjbo..JNetLib WebServ..

                                                                                                                            C:\Program Files (x86)\Winamp\System\jpeg.w5s

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):261632
                                                                                                                            Entropy (8bit):6.586633840771019
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6144:fWkO90URaHLrSa2VptdAZ4I/XaKhhOuDBHVhgKvj6Ob:fnURarrSVptg4I/XaKvOufrb
                                                                                                                            MD5:11DBAF5C67213537F7697D19949B6772
                                                                                                                            SHA1:36396D157E14AB84B254E1E95B47516B863C94F4
                                                                                                                            SHA-256:318BBE4B190CA5725EB6DA907A2020D9920A0500EBA872C9886A41FAA711A43C
                                                                                                                            SHA-512:A7190E5028F9B99F8F188CD953279917AE20ECE603CD4CF82E2C49BD295C09C4A55CA77A0FC3C9A170DA3D0EF2BACB158C45A520FFD6B60E07697821CC6CBA8B
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........O\...\...\...H..P...H.....H..N......|......M......O......p...H..Y...\..........Z......].....H.]...\. .]......]...Rich\...................PE..L....<.b...........!.....0..................@...............................0..........................................X.......<.......................................................................@............@.. ............................text............0.................. ..`.rdata..r....@.......4..............@..@.data...h...........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\System\mp3.w5s

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):395776
                                                                                                                            Entropy (8bit):6.876588645051863
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6144:2qdM78mH0bZ6vF53ZrgGXTilUlBL+YF6aaTw5jQNOsIEAi1If55eF3RGNdGAOpUE:2qW9H0bZ6vH5F6a1QNoi1A5cLPsm
                                                                                                                            MD5:75C7894F78BF3B0788F81ECD3AE913F6
                                                                                                                            SHA1:FDEBE09F499D0C57FE8FF2702A03609480ABA820
                                                                                                                            SHA-256:0B823FB8D6613C137937B19D6625DFCCCF036BEA41494BC74A4198E8F114F2F6
                                                                                                                            SHA-512:6E950D0B6933BF0F60B6ABBBABD4C4BAB22B115028470636E63D6ECDAB9C99EC5AA6EA17A6213AE505E58D888D2BD2B418E724F63AE8ED61E30EE6F0996229F5
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........]K_.<%..<%..<%..W&..<%..W ..<%..W!..<%..S...<%..I ..<%..I!..<%..I&..<%.|I$..<%..<%..<%.|I!..<%..W$..<%..<$..<%.|I ..<%.|I%..<%.|I...<%..<...<%.|I'..<%.Rich.<%.................PE..L....<.b...........!.........|......e!.......................................P............@.................................p...<............................ ..T"..................................8...@...............$............................text.............................. ..`.rdata..&/.......0..................@..@.data...............................@....rodata.............................@..@.rsrc...............................@..@.reloc..T"... ...$..................@..B................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\System\mp4v.w5s

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):91648
                                                                                                                            Entropy (8bit):6.270430557911531
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:DId12+7uHXmZOmjsUAQbtigahImk/0R5Oz9U8ZfzsW9cdbtrOJ/MIu8ZC7:t+7u3IOosUAUigahIsRO5Kb1u7u8I7
                                                                                                                            MD5:D778BE84C998DC77E70504CB589D3AED
                                                                                                                            SHA1:70C4F11347B560FEBD854C879F29E1480D77B8AD
                                                                                                                            SHA-256:BC47CA07A8F94817308C50CF0167D17ECC5C070A6BABAF153F05726164C4F059
                                                                                                                            SHA-512:1DF05E9144ED09D5901AA86D298CD2C096C65E7280B4D68185539B79F0A2D9B32431B75491133F945DF86018289F8882E88FA3D5BFA28EF80217B33C401DE11D
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........\..\..\..H..V..H.......S.....N........H..O..H...]..H..[..\........Y.....]....8.]..\.P.].....]..Rich\..........PE..L....<.b...........!................H,....................................................@..........................P..X....Q..P...............................`....?...............................>..@...............<....O..@....................text...8........................... ..`.rdata..jh.......j..................@..@.data........`.......B..............@....rsrc................N..............@..@.reloc..`............T..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\System\mp4v.wbm

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):159
                                                                                                                            Entropy (8bit):5.597404097908771
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:r8qVGK8yqrjO7FIjaNF9XhTOIl8bjO7FfbAZbbduTHo2jO7FHFF:oqVGPKHFqRPKfb2HMTHoiKHz
                                                                                                                            MD5:F423246B458848F83F88CE09FD30E001
                                                                                                                            SHA1:5D696DA6BBE9032EAD4E5560FCE9A2D76E791CA7
                                                                                                                            SHA-256:40815BFA83F8FFF6143BF7F907C22B05830CB6F6FEAB1D9C15EB6AA206D8ADFA
                                                                                                                            SHA-512:B83BC1BFCB380C6138BD46CB6021620612C59A4F2082C0EC62C45D24974C65B4A4B53E6FF314683E2EEDF26EB78BF68235D0DD554700D2E05632D70C1B61448B
                                                                                                                            Malicious:false
                                                                                                                            Preview:...M..jYO.b....Pdv4m..MPEG-4 Part 2 MP4 Decoder.....:.Q.-K.G..c.Qvkm...MPEG-4 Part 2 MKV Decoder....T.E>...J..`...>.iva...MPEG-4 Part 2 AVI Decoder..

                                                                                                                            C:\Program Files (x86)\Winamp\System\omBrowser.w5s

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):439808
                                                                                                                            Entropy (8bit):6.708632391917713
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6144:nelvguSnYSYkpdyr/LVKqqtopQHOSvzVIOj8KSuQCaOl7nFHMmjB2oLm0+uELQoa:n59nYXT/cZuFOjnQCaOdnnJ9FXE6
                                                                                                                            MD5:F9B7D0E95859CDD32BE4274DC288CEB5
                                                                                                                            SHA1:20110139C791BCE36235EB043D0859117F0C4679
                                                                                                                            SHA-256:E1E3B3825CE3C6237E3AFB333E4F5BFE5C90B892C7FD61511C1CE7376A16FDF2
                                                                                                                            SHA-512:101B8DBD0A7689D32002864747CA29B1121994BCDD5182D64BA8864C57AD281E1335144FBD0A3F59B843A0CC4AFE448A1491A9E3CE9FD52DCD8377EBC0BF503A
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......N.q.............................X...+...X.......X...........*.......................r......[..............................Rich............................PE..L....<.b...........!.....l...R......[A...............................................................................n..\...Lo..................................<H......................................@............................................text....j.......l.................. ..`.rdata...............p..............@..@.data....0.......&..................@....rsrc...............................@..@.reloc..<H.......J...l..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\System\pcm.w5s

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):86528
                                                                                                                            Entropy (8bit):6.240594624903666
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:+xn8g2WPVkxat7grsbixh3zb9cZRSOOZ5yMsW7KDcdRS0n0NmVk:88g2lEt7gIixh3zb92KjZrRS00NmVk
                                                                                                                            MD5:937E0FF60220D8E7300416477484AEA6
                                                                                                                            SHA1:BC79D19371E44AF6BD67A8982BF74D0CEEC86E16
                                                                                                                            SHA-256:833BC4D99B056C7D025C1E08C4BBE82BD7E44E690AB0C98169E5BF725701E51E
                                                                                                                            SHA-512:4FD4C99C9D99A2B69CD1E3F61A24FEE8428B131EBF48FFEFF31B5DCB8D29DC82CFE093CCB04C5CFF6C6344033E6842D9F202E75E875B5BB8762F6C3763BD6A13
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........................................................G.....G.....G.f.........G.....Rich..................PE..L...G<.b...........!.................................................................................................,..T....,..(....`.......................p..........................................@............................................text...g........................... ..`.rdata...b.......d..................@..@.data...P....@.......(..............@....rsrc........`.......:..............@..@.reloc.......p.......@..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\System\pcm.wbm

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):87
                                                                                                                            Entropy (8bit):5.515690226158417
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:BBoBe1FanXAOuxs9sz:YBeEX1ks6
                                                                                                                            MD5:8ED5EA0F57C3CF6A536492DF6E988F85
                                                                                                                            SHA1:88FFE0E073A837771E567DF3660444F6FAAAA711
                                                                                                                            SHA-256:E2DA13C6D6F65C00CC2320D47C097B0DCF07FFC8B827FC7B6ECDECCDBC407B05
                                                                                                                            SHA-512:9BFCB1FA3D735B7D07C4E08C3CE2E8D9EC54B2D2D8DDD7E4BE43AACFBA3B68D2A04A8A469061861F2DD14A269BED09B91A04C1C3CF143B0D64250EA615E4DDD2
                                                                                                                            Malicious:false
                                                                                                                            Preview:..*].!opI.....IyWda4m..ulaw MP4 Decoder....N..s5".B.O...]..iva...PCM AVI Decoder..

                                                                                                                            C:\Program Files (x86)\Winamp\System\playlist.w5s

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):248832
                                                                                                                            Entropy (8bit):6.5267966916990545
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6144:hc7BMkvwSSqVEF+Ph1RnC6+BPJoZvtjD/VvBZh+gL:IMkYSSqVEF+Ph1Rn3+BPJ+cg
                                                                                                                            MD5:E7E82C0EEC586C4BDE4C25B54F8655A9
                                                                                                                            SHA1:6A6498A2157EAD58E65FA29CC2895A679398DFB0
                                                                                                                            SHA-256:5A27882200E40A6410AB573BE30CA4F7C737B62D3A56E05E280BA362E19545A6
                                                                                                                            SHA-512:EEEF1A68AD5E2CB02FA3E23C7803D2B43677448192E3481E4F22B7F67E19087B97F0A697838248F601C190BB6D36D5C58BFADB00D34B141049D3A96BC1E9B2C9
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........TOFV5!.V5!.V5!.B^".Y5!.B^$..5!..@%.G5!..@".@5!..@$..5!.B^%.A5!.B^'.W5!.B^ .]5!.V5 ..5!..@$.e5!..@!.W5!..@..W5!.V5..W5!..@#.W5!.RichV5!.........PE..L....<.b...........!.........*............................................... ......................................@...\.......d....... ....................... '...[.............................. ...@.......................`....................text............................... ..`.rdata.............................@..@.data....>...........~..............@....rsrc... ...........................@..@.reloc.. '.......(..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\System\png.w5s

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):279040
                                                                                                                            Entropy (8bit):6.761268681656061
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6144:A6EuT7epRLkVbpuIkQmbu4SmiKBgESGqlziF1oK2AOLA+1:A27yW0Qcu4SmpgEvj2r1
                                                                                                                            MD5:0275278DFCD523E6F4AD976AF4A03BFF
                                                                                                                            SHA1:F18D01D04F8A71277BAEBBD8CB3D96E26DA7C7C4
                                                                                                                            SHA-256:8E82D06A2F0283401E47744C22A6B7679A5850E7B04C1BF951C454E3DF7C480D
                                                                                                                            SHA-512:663E8C64E3C1507A5B614B473D89F5B1942A988516BDAD20B6B8F85FDE030F75B47CCFE8C253667E8C90C11F929F82D8DCE521F871BB6F60A60056862BF6C915
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......S]/..<A..<A..<A..WB..<A..WD.<A..WE..<A.EID.7<A.EIE..<A.EIB..<A..IE..<A..W@..<A..<@.D<A..ID..<A..IA..<A..I...<A..<...<A..IC..<A.Rich.<A.........................PE..L....;.b...........!.........T.......................................................................................#..T...4$..(....P.......................`..0...p...................................@............................................text............................... ..`.rdata..\...........................@..@.data........0......................@....rsrc........P....... ..............@..@.reloc..0....`.......&..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\System\tagz.w5s

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):129536
                                                                                                                            Entropy (8bit):6.457915365829515
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:pYba50irPSbGGPK5LX+e9/dQzFSHpaAJ2S4cSNI6mj5:iSSGkGThBGz4HpAS
                                                                                                                            MD5:75CCA32CE627378DC0335296355FC904
                                                                                                                            SHA1:93A37F23F9444EBD2D0F253E32AFF9B024B96EA3
                                                                                                                            SHA-256:9DF3A8212EBB1D7F5E55830F443812D707BF3A60A609728363CD0F9D65A15A77
                                                                                                                            SHA-512:639EFA7FEA14442C6E047460164F83CAAE317262D7F46C10D496C8952C98BB3A41144A4733BCEAB7312DD71FA49E7B2887EAD6424722EE0490183297F04589E1
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......i...-.vA-.vA-.vA9.u@'.vA9.s@..vA9.r@?.vA..s@..vA..r@=.vA..u@?.vA9.w@*.vA-.wAH.vA..s@'.vA..v@,.vA..A,.vA-..A,.vA..t@,.vARich-.vA........................PE..L....<.b...........!.....H...........<.......`...............................@..........................................X...(...P.......8.................... ......................................8...@............`..h............................text....F.......H.................. ..`.rdata..$x...`...z...L..............@..@.data...P...........................@....rsrc...8...........................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\System\theora.w5s

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):117248
                                                                                                                            Entropy (8bit):6.4116596105894255
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:NsfqjbSlETe3mKGJMAWZ2fCrRX8EVxpxB9:NrheWkF2fQj
                                                                                                                            MD5:62D54F15FA665BC6AA6B2D65AD566309
                                                                                                                            SHA1:05CABE5050E247E852A6BA165BDD7B7401E084D0
                                                                                                                            SHA-256:AE0200558C62EAC38C952EA13C11F98304D8CBE8EB5BFBD0839662F2F8C7DEC7
                                                                                                                            SHA-512:B1DB2756068F86899FD59C175A7F13BC33A8F39A0DC30925900416C271D46339E91D474D20741DD93312342EB86549004341E3145807DE9CFA23293EDE00CF6C
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:...~.y.~.y.~.y.j.z.t.y.j.|...y.j.}.l.y.,.|.^.y.,.}.q.y.,.z.m.y...}.u.y.j.x.}.y.~.x...y...|.z.y...y...y.......y.~....y...{...y.Rich~.y.........PE..L...'<.b...........!.....<...................P.........................................................................X...(...(...............................0......................................@............P...............................text....:.......<.................. ..`.rdata...d...P...f...@..............@..@.data...............................@....rsrc...............................@..@.reloc..0...........................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\System\theora.wbm

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):46
                                                                                                                            Entropy (8bit):4.9255233690064255
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:3WtBrBW:SO
                                                                                                                            MD5:5FA9659E0B37F1639E1F791D59EC04E2
                                                                                                                            SHA1:E98B57F7DC5CADC72EC5369BCD600D5D29A525F5
                                                                                                                            SHA-256:DE079BC5201CAE32037E62CD7D754989C0508219FB2B9879FAFDC8331280BB95
                                                                                                                            SHA-512:B10DE3B0A9832B438C1B90B0232E8261B4E0CF4C6539A3B7A7EE8A7EBD0134D70538AC802B26178735087F7DFD5A2AC6E1BD57B13000EA6D863C0F4205AD51C6
                                                                                                                            Malicious:false
                                                                                                                            Preview:..r....N.d.m.M/.vkm...Theora MKV Decoder..

                                                                                                                            C:\Program Files (x86)\Winamp\System\vlb.w5s

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):230912
                                                                                                                            Entropy (8bit):6.277446032870967
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:yPHCdx14fm9mNKNqIc9RwMeB3LTqxev55FTVgK739YR5Ag0Fu49nW+p57:8H82+gVRP0LT6u5FGKT96AOY5
                                                                                                                            MD5:BCC70946507C61F618CAD103DE724122
                                                                                                                            SHA1:825A045E528EC5632967B3664BF3CE6D8DF19461
                                                                                                                            SHA-256:69CD4F9E71543D796C5B951AF68F1C0E935625B71BB67B35F06A7E4FCE3BF540
                                                                                                                            SHA-512:6CBF16E691DC2E3E69A8519F31908CEAD602976B8766E74E50A6DCD4B48617826DE9254D2DEC8821D85C98915986C323456B7D14D9CEA72E7A0F1E62126BBA53
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y........................8................................................r.......r.......r.,.......D.....r.......Rich............................PE..L....<.b...........!.........................................................p......................................@A..T....A..(....@.......................P..|....$...............................$..@............................................text...q........................... ..`.rdata..............................@..@.data...0....P...2...4..............@....rsrc........@.......f..............@..@.reloc..|....P.......l..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\System\vlb.wbm

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):94
                                                                                                                            Entropy (8bit):5.4843403523784025
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:xMl4UF8BzTvHxSQhSH0FipF:xklOTvolH8i3
                                                                                                                            MD5:EDB0994440F58EAD4DAF60DCFA21D552
                                                                                                                            SHA1:EED21A2D934320E0B4058565407F9A2BA511C94B
                                                                                                                            SHA-256:08D9DCF190136CA7FDDEBC5FD0E873287C11A5DAB29B3A0FA316B0398ECA4CB4
                                                                                                                            SHA-512:FD82BA6E223B5670B67E89F4A1F02C6E4D25A6F5A952FE3E52FEAF4CCA970A2C46E2C0B8A6BD23E25DDF25A1BDEED0445FAA64AA918C837F9125DFCE55EE00EF
                                                                                                                            Malicious:false
                                                                                                                            Preview:..|..i.H........fjbo..Dolby VLB Decoder....|..i...D.@.Pd"..fvsn..Dolby VLB NSV Decoder..

                                                                                                                            C:\Program Files (x86)\Winamp\System\vp6.w5s

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):263680
                                                                                                                            Entropy (8bit):6.549326669469803
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6144:hxEHyuBJb/BJb8BJbfBJbadrnudJ8nYAn7b35QuN1li5eVbvmAu4pbT:TEHtBJb/BJb8BJbfBJbwnA8nYAn7b35b
                                                                                                                            MD5:BE14E7D4B379E1BB567E5B432E84DD9F
                                                                                                                            SHA1:8A842D09F59B518B457FDB26240DFCC5E839F8D0
                                                                                                                            SHA-256:1BDACD3D7EB37CADF60AB68B78A11FCB3ED03349DFB8A5BEAAE2F0ADE4F06D14
                                                                                                                            SHA-512:54BC6F523F4E87AA6C13289A64EB138D7F5FA25AC47274E3286D9781E73421FE622870EBB0428D50EAC5307C40FD63E4111B4F46AA8714C350C726FB4A63D27F
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~x.:...:...:....r..+....r......r..)...hl......hl..+...hl..)....l..;....r..3...:..._....l.......l..;....l{.;....l..;...Rich:...........PE..L...b<.b...........!................a........................................@..........................................T......P............................ ......h...8...............................@...............L............................text............................... ..`.rdata..0...........................@..@.data....[.......F..................@....rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\System\vp6.wbm

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:COM executable for DOS
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):129
                                                                                                                            Entropy (8bit):5.65474120261783
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:kEfN1OUTxz7rUgYV3QMFDQjdFVp+lITrl3kzsz:kkN1hhQgYJfFDQxrF3kzsz
                                                                                                                            MD5:E9202175B8DA91329492DA67E9F4A026
                                                                                                                            SHA1:8DF341778915B566536D42AE9F6F945AE6A083E1
                                                                                                                            SHA-256:03905AF22913A1C1E6939CEFC0E9F961ECD615040FDD5FFA8F785606F80C127C
                                                                                                                            SHA-512:DAC1A0B16B73D294CAEB51DCBB213F8AD68AB8B1A199B15395D0B83FEEAEDF35F84D96A7B7593D41FB72E8E75F18544F6AADFBACE351B56ABD8A9362EB57D64A
                                                                                                                            Malicious:false
                                                                                                                            Preview:....!.C.0D..#....cfvsn..VP6 NSV Decoder.....x...&.D.n...w.vlf...VP6 FLV Decoder....F..Qpa.I....X..miva...VP6 AVI Decoder..

                                                                                                                            C:\Program Files (x86)\Winamp\System\vp8.w5s

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):680448
                                                                                                                            Entropy (8bit):6.653194293907706
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12288:36666666666666666666666666666666x666666666666666fwwwwwwwwwwwwwwi:3666666666666666666666666666666U
                                                                                                                            MD5:EFAB548220907868C1D3B07087CA4F71
                                                                                                                            SHA1:1BE12E640B8D686DBA940DDE31151825784078EC
                                                                                                                            SHA-256:66B4AAB5EC4456B60B186AF57D2149828DE521234CF25C75BC962A44658245FF
                                                                                                                            SHA-512:FE7069E0B3B25A0707F000A8C6892F029E84C1DBD83838084EC21EB384363D93AC68172C387B79C060695EE973153CB2ABF703B8B848000E2BA31EBCCF68BA77
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........;./@Z.|@Z.|@Z.|T1.}XZ.|T1.}.Z.|T1.}VZ.|./.}`Z.|./.}QZ.|./.}VZ.|./.}3Z.|@Z.|bZ.|T1.}CZ.|@Z.|.Z.|./.}CZ.|./.}AZ.|./_|AZ.|@Z7|AZ.|./.}AZ.|Rich@Z.|........PE..L...F<.b...........!.....v...........X....................................................@..........................(..T....)..(....P.......................`..\4......................................@...............(............................text....k.......l.................. ..`.rodata.@............p.............. ..`.rdata...............z..............@..@.data........0......................@....rsrc........P.......&..............@..@.reloc..\4...`...6...,..............@..B........................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\System\vp8.wbm

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):86
                                                                                                                            Entropy (8bit):5.46805112730016
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:mtXHYgLlsMbEnu4erpVipF:mZHNGi46i3
                                                                                                                            MD5:2808CD0EE0F976D141363896155D7C0D
                                                                                                                            SHA1:B5062D92A03FB059FF25F0C3DDED68BD92BAB3FC
                                                                                                                            SHA-256:3010504216017C73AC7CF751C87F6AC2BD17C2589B3CC74FA5C090A9C71F217A
                                                                                                                            SHA-512:87069289AB88448C81CFAF0310B149412AD3CDBA23A98E91CEF35424E22415EB2EBEAE9C65F68138025EC8D53DE8C960FACB0F7DEC5D433948B80353930F491C
                                                                                                                            Malicious:false
                                                                                                                            Preview:...l.#...F....s.'.vkm...VP8 MKV Decoder....{..J=C.K.x=9.Ofvsn..VP8 NSV Decoder..

                                                                                                                            C:\Program Files (x86)\Winamp\System\xml.w5s

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):176640
                                                                                                                            Entropy (8bit):6.473982513267838
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:Uf3+PdfDPZq74iD5I68++DxnAljDlAojPrOHVPxv60Bl4KUTC4:UQfDBqCpAjRA4OH1xZf4
                                                                                                                            MD5:FADB0AD408AC45666651D5ED86FAB7AF
                                                                                                                            SHA1:693E87E0DAAA0F955C30A15BA9F456321C348850
                                                                                                                            SHA-256:7BCF8AA9A5FD5D14740CC25DE083D8D87EFFE1C205843EAFF4F3EBF6BB4E5675
                                                                                                                            SHA-512:D91DCE7F450BE200380DF46FF3915FE9162D4C7D982355D8DDB8A21A8039C2B91EDBB11AAB3C106562BAD9F7B58B3B9D645447ABC47E704534B58DABDBDE28C7
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............c...c...c..`...c..f.C.c..g...c...f...c...g...c...`...c...g...c..b...c...b...c...f...c...c...c.......c.......c...a...c.Rich..c.................PE..L....;.b...........!.................6..................................................................................T.......<...............................h...\{..............................x{..@............................................text............................... ..`.rdata..............................@..@.data...............................@....rsrc...............................@..@.reloc..h...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\System\xspf.w5s

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):118784
                                                                                                                            Entropy (8bit):6.402560710203454
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:mOaF4zHPK/kal7U1SQPc9OlgpD2PQmKJ:VXzMkV1zPcPii
                                                                                                                            MD5:D9BC6F350CCC88A2D66461D25B9BFE64
                                                                                                                            SHA1:A8E9913959D47737A62939B1F86F9A3430C4729B
                                                                                                                            SHA-256:F0AE7B795A0D8AD39661FFDBF98030E24A3E20AE7BA62F8CD29746108C7DCE37
                                                                                                                            SHA-512:8451C6B55A0EF817A197BBFB157F7BC7ADF1612FCCCFCF1C0B66EC8E09165B5412039EA254C65A87EA2B3A24825E4894ECA41B13E871AFBDC837C0ADFE7357EB
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......9mwH}...}...}...ig..v...ig......ig..o....c..|.../y..].../y..r.../y..l...ig..x...}...)....y..x....y..|....y..|...}...|....y..|...Rich}...........................PE..L...?<.b...........!.....,...........3.......@......................................................................P...X.......<...................................................................8...@............@...............................text....+.......,.................. ..`.rdata...x...@...z...0..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\paths.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):30
                                                                                                                            Entropy (8bit):3.9614063297218425
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:Kb/6HUfwIsn:4C4wIs
                                                                                                                            MD5:8AD85A252352AA655F18D1B9300667B1
                                                                                                                            SHA1:5D2939F3B6C29739303F2CAA4560D1F5376309C6
                                                                                                                            SHA-256:FB7293E289AA918D2CBC3C362CEA48DD061B0E12616924460466F26DF28FF05C
                                                                                                                            SHA-512:AA3C14551846A2A89B7C4ECBB9AC63E3C83501DE5E088634C77E92FFD068A0AA547AD5C0D06890B553469013FF0DE0DFE2058DE86677966ACE9C4D0B8C7B5525
                                                                                                                            Malicious:false
                                                                                                                            Preview:[Winamp]..inidir={26}\Winamp..

                                                                                                                            C:\Program Files (x86)\Winamp\reporter.exe

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):236368
                                                                                                                            Entropy (8bit):6.251589752797448
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:+xB9Fdpym7DoZpTWgGF2saJzV+t/A6lg2ZuwDDqswMJpG71UMKszcGQLT2j548Dk:KdATWv9Y5+t/AZxw/qiJp0UMXxD3QZ
                                                                                                                            MD5:4A764A0A1D93C84885497172DF80AC54
                                                                                                                            SHA1:CACADAB8763FC25E2498C219446C8BF63E991796
                                                                                                                            SHA-256:ECCADB75E15224A412CAFAF0CED77A8215076012CA4AF4E3ADDEDC73805B2023
                                                                                                                            SHA-512:7083151E4EFAE176098D9DEEC32189367C65847709474781CB9A301D38392E162BCA1CFB9CAFF4155CBC578B0FE5CC444E622C961D82758159C34C94D3AB8C5A
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........WA..9...9...9...:...9...<.9.9...=...9..<...9..=...9..:...9...8...9...8.:.9.b.<...9.b.....9......9.b.;...9.Rich..9.........PE..L...}..b.........................................@.................................Z........................................h..........x............n..P-..........<W..............................XW..@...............T............................text............................... ..`.rdata..B...........................@..@.data....]...........d..............@....rsrc...x............t..............@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\whatsnew.txt

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:Non-ISO extended-ASCII text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):113787
                                                                                                                            Entropy (8bit):5.030989122753035
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:78A8pOcSsz5Y6xfOfim/t8AxogCNYB9iYapsL28n4Ri0BbS5NTkeANHnwg2E83zm:BWT5xf+yAwcWviIbSHT6wg2oZv
                                                                                                                            MD5:26157AEFEC1393C675F086EFBB9B8173
                                                                                                                            SHA1:CE8D7EE3B8F8E469F2C56098CEE0CCE2EB98B2EE
                                                                                                                            SHA-256:01CD2FFA7D439F3B92C0D6D0CD451DBE45AD48DA3B44245A8500276EE7B51D79
                                                                                                                            SHA-512:3B0E97AC42762BC7BCBEC58D08B263A54F28D2DBDF63AFABD38D2A11418A4C27B44F059B4595920B1EC87F93F327A5C480B18CB527725E19A6D1B210AEF7AFA3
                                                                                                                            Malicious:false
                                                                                                                            Preview:Winamp 5.9..* Improved: Windows 11 compatibility..* Improved: Playback of https:// streams..* Improved: Updated and tidier generate html playlist code..* Improved: [in_mkv] vp8 support..* Improved: [in_mod] Playback of .itz, .mdz, .s3z & .xmz compressed modules..* Improved: [ml_wire] New working Podcast Directory..* Improved: [out_ds] Display device information correctly in Unicode format..* Fixed: [in_midi/in_mkv/nu/pfc] memory leaks..* Fixed: [in_mp3] id3 empty genre displayed as Blues or Psychobilly..* Fixed: [jnetlib/ml_online/ml_wire] JSAPI2 JavaScript API..* Misc: lame_enc & libsndfile now static links instead of dynamic dll..* Misc: libmpg123, libflac & zlib now static links instead of dynamic dll..* Misc: libalac.dll added to Shared folder as part of alac update..* Misc: Major compiler refactoring work..* Misc: Many more general tweaks, improvements, fixes and optimizations..* Misc: Minimum required OS is now Windows 7 SP1..* Misc: New online Help section and articles..* Misc:

                                                                                                                            C:\Program Files (x86)\Winamp\winamp.exe

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):2539856
                                                                                                                            Entropy (8bit):6.471251911163278
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:49152:GqVgQnZ8MFTO759nwPLbH0SQ4xxxM444xxx/ocX:fLZ8M4759nwTb0SZxxxM444xxx/ocX
                                                                                                                            MD5:8566AB395508653C61CEA0090ABBAF8B
                                                                                                                            SHA1:BDF753B65FB66996C14EC649AC462CE28850E778
                                                                                                                            SHA-256:F2F7A2BC163809EFE3407D8F78922BE24D9B71161BC41CED8D4EF120A42471CA
                                                                                                                            SHA-512:3712B56EB0757C2DD7238C6BF93B6C8AF6162E89588FE2C50795D49BD98A7B4C54A0DAAE0CBC314E7C71FD574D1BA620381949E3799E71569AF03253F8A8B322
                                                                                                                            Malicious:true
                                                                                                                            Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......n.Y.*d7.*d7.*d7.>.4..d7.>.2..d7.L..-d7.x.3.?d7.x.4.1d7.x.2..d7.>.3..d7.>.1.+d7.>.6.9d7.*d6.Yf7...3..d7...2..d7...7.+d7....+d7.*d..(d7...5.+d7.Rich*d7.........................PE..L...lo.b.....................n......\.............@.......................... *.....?.'.......@....................@8.......8.......`................&.P-..............................................@............................................text...~........................... ..`.rdata..P...........................@..@.data........p.......R..............@....rsrc........`......................@..@................................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Winamp\winampa.exe

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):179024
                                                                                                                            Entropy (8bit):6.126669459446806
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:gih0pzYxOMAbLc+pFeq14dqAKImgeIzNv7/hIRy57eVue/mghDPWtd:gi2pzY5B64xHmg63kd
                                                                                                                            MD5:9A3AAC60F8590AFBC53CA73669C21B4A
                                                                                                                            SHA1:6E2C788BB3093B1DD9C457F4FF008D50F13D0E40
                                                                                                                            SHA-256:E7E2EC6CDCA990FC574282E6289A99C0AF29275E1446DA8B59DDE6334FE8BA07
                                                                                                                            SHA-512:B44F47BF75B231E080118FC95572CE3A4284930B1DC6030C5144BCA5A87496B8EEAA6E4D0A1E702CC348AEEBD18C6FC886D64411288BBA4A573A4BD3AC8140C0
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........W.l..l..l...o..l...i.A.l...h..l...i..l...h..l...o..l...m..l..m.E.l...h..l...i..l.....l.....l...n..l.Rich.l.................PE..L...?<.b............................<+....... ....@.............................................................................x.......................P-..........L...............................h...@............ ...............................text...8........................... ..`.rdata...s... ...t..................@..@.data....!..........................@....rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Users\user\AppData\Local\Temp\nsc8CF0.tmp\LangDLL.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):5632
                                                                                                                            Entropy (8bit):3.81812520226775
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:48:S46+/nTKYKxbWsptIpBtWZ0iV8jAWiAJCvxft2O2B8mFofjLl:zFuPbOBtWZBV8jAWiAJCdv2Cm0L
                                                                                                                            MD5:68B287F4067BA013E34A1339AFDB1EA8
                                                                                                                            SHA1:45AD585B3CC8E5A6AF7B68F5D8269C97992130B3
                                                                                                                            SHA-256:18E8B40BA22C7A1687BD16E8D585380BC2773FFF5002D7D67E9485FCC0C51026
                                                                                                                            SHA-512:06C38BBB07FB55256F3CDC24E77B3C8F3214F25BFD140B521A39D167113BF307A7E8D24E445D510BC5E4E41D33C9173BB14E3F2A38BC29A0E3D08C1F0DCA4BDB
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................>..........:..........Rich..........................PE..L....Oa...........!........."......?........ ...............................p............@.........................`"..I...\ ..P....P..`....................`....................................................... ..\............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...`....P......................@..@.reloc..`....`......................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Users\user\AppData\Local\Temp\nsc8CF0.tmp\System.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):12288
                                                                                                                            Entropy (8bit):5.814115788739565
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
                                                                                                                            MD5:CFF85C549D536F651D4FB8387F1976F2
                                                                                                                            SHA1:D41CE3A5FF609DF9CF5C7E207D3B59BF8A48530E
                                                                                                                            SHA-256:8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
                                                                                                                            SHA-512:531D6328DAF3B86D85556016D299798FA06FEFC81604185108A342D000E203094C8C12226A12BD6E1F89B0DB501FB66F827B610D460B933BD4AB936AC2FD8A88
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L.....Oa...........!....."...........*.......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Users\user\AppData\Local\Temp\nsc8CF0.tmp\execDos.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):5632
                                                                                                                            Entropy (8bit):4.978697374654455
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:96:J++xDiP4p7t7dNOt3stxtRFFXxGD6qxlnKE6ttdH3r3:Rx9pJ7jQs5toD6Cln/6tt1
                                                                                                                            MD5:0DEB397CA1E716BB7B15E1754E52B2AC
                                                                                                                            SHA1:FBB9BCF872C5DBB4CA4C80FB21D41519BC273EF5
                                                                                                                            SHA-256:720BE35CD1B4A333264713DC146B4AD024F3A7AD0644C2D8C6FCEDD3C30E8A1F
                                                                                                                            SHA-512:507DB0BEE0897660750007E7CE674406ACF9E8BF942CF26DED5654C07682757B07C9EB767BEAD0966478ABC554DC9A6461C4288DC35D12CACFADAD4C128F1BB7
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................................&...............Rich..................PE..L.....5M...........!......................... ...............................P............@..........................$..c....!..<............................@....................................................... ...............................text...h........................... ..`.rdata....... ......................@..@.data........0......................@....reloc..N....@......................@..B........................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Users\user\AppData\Local\Temp\nsc8CF0.tmp\install.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):26
                                                                                                                            Entropy (8bit):4.056020968057882
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:PuQyoyn:Pql
                                                                                                                            MD5:385081D5FEEE87A4ED1A6E5DCEE85F36
                                                                                                                            SHA1:8517162855B477E5498E95FF2E82584EF06D5C6D
                                                                                                                            SHA-256:BDC6FB93206C1E7A590F2D4E97D0DAB7D3BADAF8B4E1A7B8487E9CF59F05EDDC
                                                                                                                            SHA-512:52BCB1CDAE8ABBE4B14FF85B57E03426D61E5CB25B1535A827AF526EC66C00AE0A327B187CD10279CF18C379C912D3E478EF9966BB497A8B626824FE32D1093F
                                                                                                                            Malicious:false
                                                                                                                            Preview:[StartMenu]..Name=Winamp..

                                                                                                                            C:\Users\user\AppData\Local\Temp\nsc8CF0.tmp\modern-header.bmp

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PC bitmap, Windows 3.x format, 150 x 57 x 24
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):25820
                                                                                                                            Entropy (8bit):6.2110665043409785
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:192:eCaZM20xGzX29rAO0hCrM9G2QKf3FQ3i8Xo0q++ZsITZJGp:eY2eGYgYv2pf3FQb8+yTw
                                                                                                                            MD5:827358320DD8861C44EAC1E220047C29
                                                                                                                            SHA1:F31677B280A72C6B2EB87FA206F0586194F2029B
                                                                                                                            SHA-256:88E8A05BE9CFB8DAEC31872C8322B7313B66CEAA45C361F8EFEDA53809F46910
                                                                                                                            SHA-512:AC27F720A9BF69DDB5821730558AD1B838DCAD6CF9EAE9990A8051339321AE912E4DC7751238CE3CCD9A1F615AB60B622E3C3248FD808FEE63F39B7A38986FC7
                                                                                                                            Malicious:false
                                                                                                                            Preview:BM.d......6...(.......9............d....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Users\user\AppData\Local\Temp\nsc8CF0.tmp\modern-wizard.bmp

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PC bitmap, Windows 3.x format, 164 x 314 x 24
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):154544
                                                                                                                            Entropy (8bit):4.9456550766606
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:Q8PkKxrHvI+HzF+xBIrVWDWca1dE0/UTH7P2WmPW+:Q8lv8MADDJ+Wm
                                                                                                                            MD5:2D63E33FA1CF672338A22C88FA45E6A0
                                                                                                                            SHA1:86C510009D6C71D05EB2707FE6A10039DF525192
                                                                                                                            SHA-256:7AE875CFCB6E3B1F4A06460FBDA99D8014DC4674EE256B0B79EC656777C7E292
                                                                                                                            SHA-512:D42A7401C1D0D77D517D2F8086286BD6CF487CF5400CD8B8D720BCAF15149727751677F444FD9A8E340072DEABAD51347956894C1C034DD81DF793B3B8087252
                                                                                                                            Malicious:false
                                                                                                                            Preview:BM.[......6...(.......:...........z[....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Users\user\AppData\Local\Temp\nsc8CF0.tmp\nsDialogs.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):9728
                                                                                                                            Entropy (8bit):5.158136237602734
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:96:o0svUu3Uy+sytcS8176b+XR8pCHFcMcxSgB5PKtAtgt+Nt+rnt3DVEB3YcNqkzfS:o0svWyNO81b8pCHFcM0PuAgkOyuIFc
                                                                                                                            MD5:6C3F8C94D0727894D706940A8A980543
                                                                                                                            SHA1:0D1BCAD901BE377F38D579AAFC0C41C0EF8DCEFD
                                                                                                                            SHA-256:56B96ADD1978B1ABBA286F7F8982B0EFBE007D4A48B3DED6A4D408E01D753FE2
                                                                                                                            SHA-512:2094F0E4BB7C806A5FF27F83A1D572A5512D979EEFDA3345BAFF27D2C89E828F68466D08C3CA250DA11B01FC0407A21743037C25E94FBE688566DD7DEAEBD355
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|..c8O`08O`08O`08Oa0.O`0.@=05O`0llP0=O`0.If09O`0.od09O`0Rich8O`0........PE..L.....Oa...........!.........0......g........0............................................@..........................6..k....0.......p...............................................................................0...............................text............................... ..`.rdata..{....0......................@..@.data...h!...@......................@....rsrc........p....... ..............@..@.reloc..~............"..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Users\user\AppData\Local\Temp\nsc8CF0.tmp\nsis_winamp.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):4608
                                                                                                                            Entropy (8bit):5.061219205752215
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:48:SEdAWvTa5HlE1m198EqtjbglT68HY06mzWB+wUKCmMpzm7n4/ZS9:LA2a5Fcm198EqtjMlv47mzWBVgaj4/w
                                                                                                                            MD5:1E1DED1CF1C69852F2074693459FB3B5
                                                                                                                            SHA1:81B165CAE4D38A98760131989FDD8AED2C918679
                                                                                                                            SHA-256:5946278545ABBD0B0F5188752FE095E200C85ABE0783632A00726D090C0753EC
                                                                                                                            SHA-512:A6F9A43D4432658C3504629E9209AD350AF69EFF542D139E0CCFE0DBF8662F15034EDD3CF8B56D606A740B66C8221CAFAD999088A4E64A4C9C9FB47793A19F96
                                                                                                                            Malicious:false
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......n.*.*.D.*.D.*.D.9...(.D.....(.D..]./.D.*.E.:.D.....(.D.....+.D.....+.D.Rich*.D.........PE..L......G...........!................1........ ...............................P......................................."....... ..d............................@......P ............................................... ..D............................text............................... ..`.rdata....... ......................@..@.data........0......................@....reloc.......@......................@..B........................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Users\user\AppData\Roaming\Winamp\demo.mp3

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:Audio file with ID3 version 2.3.0, contains:MPEG ADTS, layer III, v2, 56 kbps, 22.05 kHz, JntStereo
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):38912
                                                                                                                            Entropy (8bit):7.807143839305739
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:768:YD5sIgiDHiXlUnSnigmjAtQ9ceeT5A+5UBROgzPPjt:YD5z3Tst1ee5APXh
                                                                                                                            MD5:5B9FC63F9D440BC6078CBDD21AB2A9D9
                                                                                                                            SHA1:3BD16DE4625C7D36619CBB84F039BDEDAA7951A4
                                                                                                                            SHA-256:235EF3F11F9D0D7E79C64C380F939B6B1C6C1EF7C34FCEAA31075114C7280C49
                                                                                                                            SHA-512:ED06E164A139F443D7651A0E484D4FBBFD3D77D916239A00F7288B9D64BAF96A97BEA96E6776504F93B253D2E89FC59EF3D8791996A76FF1D7410E913D5BA276
                                                                                                                            Malicious:false
                                                                                                                            Preview:ID3......sWXXX........TALB.......Beats of BurdonUFID...]..http://www.cddb.com/id3/taginfo1.html.3CD3N85R22219721U118A3630C141F247B33DF0BBCAF6CDFF779P7.TCON.......(17)RockTRCK.......1TPE1.......DJ Mike LlamaTIT2.......Llama Whippin' Intro...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Users\user\AppData\Roaming\Winamp\winamp.m3u8

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File Type:M3U playlist, ASCII text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):35
                                                                                                                            Entropy (8bit):4.264578373902383
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:PDL23y2I/vn:PyzInn
                                                                                                                            MD5:DFCEEBF7EE6BF654D4F02DC955DE9567
                                                                                                                            SHA1:324CD998D0111C774BF6C819F6605109FDC96174
                                                                                                                            SHA-256:BB2CDA5B3718995BC44956C91ED7A98E4F71E9DF5625832FB032DA7A189A2E94
                                                                                                                            SHA-512:BBB76A65FF1A3A867C9CC8401A8C9513B2118C2593C1BF353FA3BBFA7FA5705DA6F24EB290CB6386AF4FE6EA87A1814F906F0661CFCED646627E01A0FD9FCBDA
                                                                                                                            Malicious:false
                                                                                                                            Preview:#EXTM3U..#EXTINF:5,demo..demo.mp3..

                                                                                                                            Static File Info

                                                                                                                            General

                                                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                            Entropy (8bit):7.9946395483834465
                                                                                                                            TrID:
                                                                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                            File name:winamp59_9999_rc1_full_en-us.exe
                                                                                                                            File size:11394048
                                                                                                                            MD5:5a08cf7a8e694f9ae682d3f0cebff93e
                                                                                                                            SHA1:3f6989bc41adc1e1f630d2a8ecbd45fe99a14ace
                                                                                                                            SHA256:2dfd17ed43f638b60d97dac189a479ff8740234a3d170673730a196ca3a2385c
                                                                                                                            SHA512:faa5fa890fbfa106d5b4a5b29aed03e3f38a82c12bbe17fded742e746fc00794fcf4c59f3d7c972932754b81d2451d34b54b259ef0c78f2d6c3b6f73ba9278c4
                                                                                                                            SSDEEP:196608:FROaCHxVpLFg0yxHDXYeRzVIbCRaIBmccF0HL2SlARB1boxoU218HlqPAl2SwAgn:FR0fpRg/xjxRubCXn0q2yAb1MqV18H0D
                                                                                                                            TLSH:4DB63356BB15D543C66228761C10CE3513068CA90805CAA3F6F8FB0FF976E227D9EBB5
                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L.....Oa.................h...*.....

                                                                                                                            File Icon

                                                                                                                            Icon Hash:d8e09e98b090dac0

                                                                                                                            Static PE Info

                                                                                                                            General

                                                                                                                            Entrypoint:0x403640
                                                                                                                            Entrypoint Section:.text
                                                                                                                            Digitally signed:true
                                                                                                                            Imagebase:0x400000
                                                                                                                            Subsystem:windows gui
                                                                                                                            Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                            Time Stamp:0x614F9B1F [Sat Sep 25 21:56:47 2021 UTC]
                                                                                                                            TLS Callbacks:
                                                                                                                            CLR (.Net) Version:
                                                                                                                            OS Version Major:4
                                                                                                                            OS Version Minor:0
                                                                                                                            File Version Major:4
                                                                                                                            File Version Minor:0
                                                                                                                            Subsystem Version Major:4
                                                                                                                            Subsystem Version Minor:0
                                                                                                                            Import Hash:61259b55b8912888e90f516ca08dc514

                                                                                                                            Authenticode Signature

                                                                                                                            Signature Valid:true
                                                                                                                            Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                                                                            Signature Validation Error:The operation completed successfully
                                                                                                                            Error Number:0
                                                                                                                            Not Before, Not After
                                                                                                                            • 6/14/2022 5:00:00 PM 6/12/2024 4:59:59 PM
                                                                                                                            Subject Chain
                                                                                                                            • CN=Winamp SA, O=Winamp SA, L=Bruxelles, C=BE
                                                                                                                            Version:3
                                                                                                                            Thumbprint MD5:1CE95163846ED990FA76C9B3337F5E91
                                                                                                                            Thumbprint SHA-1:DD90A1B0A3B7A71B42177DACD0A4EE6636EBF4DA
                                                                                                                            Thumbprint SHA-256:DB796AF1CE42A1F71907FC7F6C06313F29FDA38A2059DADFB09BF21943338286
                                                                                                                            Serial:08D4BF5A529C725997E0F6C526495D2F

                                                                                                                            Entrypoint Preview

                                                                                                                            Instruction
                                                                                                                            push ebp
                                                                                                                            mov ebp, esp
                                                                                                                            sub esp, 000003F4h
                                                                                                                            push ebx
                                                                                                                            push esi
                                                                                                                            push edi
                                                                                                                            push 00000020h
                                                                                                                            pop edi
                                                                                                                            xor ebx, ebx
                                                                                                                            push 00008001h
                                                                                                                            mov dword ptr [ebp-14h], ebx
                                                                                                                            mov dword ptr [ebp-04h], 0040A230h
                                                                                                                            mov dword ptr [ebp-10h], ebx
                                                                                                                            call dword ptr [004080C8h]
                                                                                                                            mov esi, dword ptr [004080CCh]
                                                                                                                            lea eax, dword ptr [ebp-00000140h]
                                                                                                                            push eax
                                                                                                                            mov dword ptr [ebp-0000012Ch], ebx
                                                                                                                            mov dword ptr [ebp-2Ch], ebx
                                                                                                                            mov dword ptr [ebp-28h], ebx
                                                                                                                            mov dword ptr [ebp-00000140h], 0000011Ch
                                                                                                                            call esi
                                                                                                                            test eax, eax
                                                                                                                            jne 00007FC928CDF29Ah
                                                                                                                            lea eax, dword ptr [ebp-00000140h]
                                                                                                                            mov dword ptr [ebp-00000140h], 00000114h
                                                                                                                            push eax
                                                                                                                            call esi
                                                                                                                            mov ax, word ptr [ebp-0000012Ch]
                                                                                                                            mov ecx, dword ptr [ebp-00000112h]
                                                                                                                            sub ax, 00000053h
                                                                                                                            add ecx, FFFFFFD0h
                                                                                                                            neg ax
                                                                                                                            sbb eax, eax
                                                                                                                            mov byte ptr [ebp-26h], 00000004h
                                                                                                                            not eax
                                                                                                                            and eax, ecx
                                                                                                                            mov word ptr [ebp-2Ch], ax
                                                                                                                            cmp dword ptr [ebp-0000013Ch], 0Ah
                                                                                                                            jnc 00007FC928CDF26Ah
                                                                                                                            and word ptr [ebp-00000132h], 0000h
                                                                                                                            mov eax, dword ptr [ebp-00000134h]
                                                                                                                            movzx ecx, byte ptr [ebp-00000138h]
                                                                                                                            mov dword ptr [0042A318h], eax
                                                                                                                            xor eax, eax
                                                                                                                            mov ah, byte ptr [ebp-0000013Ch]
                                                                                                                            movzx eax, ax
                                                                                                                            or eax, ecx
                                                                                                                            xor ecx, ecx
                                                                                                                            mov ch, byte ptr [ebp-2Ch]
                                                                                                                            movzx ecx, cx
                                                                                                                            shl eax, 10h
                                                                                                                            or eax, ecx

                                                                                                                            Rich Headers

                                                                                                                            Programming Language:
                                                                                                                            • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                            Data Directories

                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x85040xa0.rdata
                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x640000x2f600.rsrc
                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0xadaeb00x2d50
                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                            Sections

                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                            .text0x10000x66760x6800False0.6568134014423077data6.4174599871908855IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                            .rdata0x80000x139a0x1400False0.4498046875data5.141066817170598IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                            .data0xa0000x203780x600False0.509765625data4.110582127654237IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                            .ndata0x2b0000x390000x0False0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                            .rsrc0x640000x2f6000x2f600False0.4166082618733509data5.761913891172515IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                            Resources

                                                                                                                            NameRVASizeTypeLanguageCountry
                                                                                                                            RT_BITMAP0x646100x666dataEnglishUnited States
                                                                                                                            RT_ICON0x64c780x10828dBase IV DBT, blocks size 0, block length 2048, next free block index 40, next free block 0, next used block 0EnglishUnited States
                                                                                                                            RT_ICON0x754a00x85fbPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States
                                                                                                                            RT_ICON0x7daa00x4c28dBase IV DBT, blocks size 0, block length 16384, next free block index 40, next free block 673720360, next used block 572662306EnglishUnited States
                                                                                                                            RT_ICON0x826c80x4228dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 33023, next used block 4279173120EnglishUnited States
                                                                                                                            RT_ICON0x868f00x2868dBase IV DBT, blocks size 0, block length 8192, next free block index 40, next free block 0, next used block 0EnglishUnited States
                                                                                                                            RT_ICON0x891580x25a8dataEnglishUnited States
                                                                                                                            RT_ICON0x8b7000x1628dBase IV DBT of \200.DBF, blocks size 0, block length 4096, next free block index 40, next free block 1212696657, next used block 1061111624EnglishUnited States
                                                                                                                            RT_ICON0x8cd280x10a8dataEnglishUnited States
                                                                                                                            RT_ICON0x8ddd00xea8dataEnglishUnited States
                                                                                                                            RT_ICON0x8ec780xa68dBase IV DBT of \200.DBF, blocks size 0, block length 2048, next free block index 40, next free block 0, next used block 0EnglishUnited States
                                                                                                                            RT_ICON0x8f6e00x988dataEnglishUnited States
                                                                                                                            RT_ICON0x900680x8a8dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0EnglishUnited States
                                                                                                                            RT_ICON0x909100x6c8dataEnglishUnited States
                                                                                                                            RT_ICON0x90fd80x668dataEnglishUnited States
                                                                                                                            RT_ICON0x916400x568GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                                            RT_ICON0x91ba80x468GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                                            RT_ICON0x920100x2e8dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 2004318071, next used block 4288649625EnglishUnited States
                                                                                                                            RT_ICON0x922f80x1e8dataEnglishUnited States
                                                                                                                            RT_ICON0x924e00x128GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                                            RT_DIALOG0x926080xb4dataEnglishUnited States
                                                                                                                            RT_DIALOG0x926c00x120dataEnglishUnited States
                                                                                                                            RT_DIALOG0x927e00x158dataEnglishUnited States
                                                                                                                            RT_DIALOG0x929380x200dataEnglishUnited States
                                                                                                                            RT_DIALOG0x92b380xf8dataEnglishUnited States
                                                                                                                            RT_DIALOG0x92c300xeedataEnglishUnited States
                                                                                                                            RT_GROUP_ICON0x92d200x110dataEnglishUnited States
                                                                                                                            RT_VERSION0x92e300x3a0dataEnglishUnited States
                                                                                                                            RT_MANIFEST0x931d00x42eXML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

                                                                                                                            Imports

                                                                                                                            DLLImport
                                                                                                                            ADVAPI32.dllRegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW
                                                                                                                            SHELL32.dllSHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW
                                                                                                                            ole32.dllOleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree
                                                                                                                            COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                                                                                                                            USER32.dllGetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu
                                                                                                                            GDI32.dllSetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
                                                                                                                            KERNEL32.dllGetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, CreateFileW, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW

                                                                                                                            Possible Origin

                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                            EnglishUnited States

                                                                                                                            Network Behavior

                                                                                                                            Network Port Distribution

                                                                                                                            UDP Packets

                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                            Aug 1, 2022 10:47:28.442940950 CEST5068553192.168.2.58.8.8.8
                                                                                                                            Aug 1, 2022 10:47:28.470015049 CEST53506858.8.8.8192.168.2.5
                                                                                                                            Aug 1, 2022 10:47:28.627482891 CEST6548753192.168.2.58.8.8.8
                                                                                                                            Aug 1, 2022 10:47:28.670788050 CEST53654878.8.8.8192.168.2.5

                                                                                                                            DNS Queries

                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                            Aug 1, 2022 10:47:28.442940950 CEST192.168.2.58.8.8.80x7b4Standard query (0)www.google.comA (IP address)IN (0x0001)
                                                                                                                            Aug 1, 2022 10:47:28.627482891 CEST192.168.2.58.8.8.80xd621Standard query (0)download.nullsoft.comA (IP address)IN (0x0001)

                                                                                                                            DNS Answers

                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                            Aug 1, 2022 10:47:28.470015049 CEST8.8.8.8192.168.2.50x7b4No error (0)www.google.com142.250.203.100A (IP address)IN (0x0001)
                                                                                                                            Aug 1, 2022 10:47:28.670788050 CEST8.8.8.8192.168.2.50xd621No error (0)download.nullsoft.com146.59.161.88A (IP address)IN (0x0001)

                                                                                                                            Statistics

                                                                                                                            CPU Usage

                                                                                                                            Click to jump to process

                                                                                                                            Memory Usage

                                                                                                                            Click to jump to process

                                                                                                                            High Level Behavior Distribution

                                                                                                                            Click to dive into process behavior distribution

                                                                                                                            Behavior

                                                                                                                            Click to jump to process

                                                                                                                            System Behavior

                                                                                                                            General

                                                                                                                            Target ID:0
                                                                                                                            Start time:10:45:19
                                                                                                                            Start date:01/08/2022
                                                                                                                            Path:C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:"C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe"
                                                                                                                            Imagebase:0x400000
                                                                                                                            File size:11394048 bytes
                                                                                                                            MD5 hash:5A08CF7A8E694F9AE682D3F0CEBFF93E
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:low

                                                                                                                            General

                                                                                                                            Target ID:8
                                                                                                                            Start time:10:45:45
                                                                                                                            Start date:01/08/2022
                                                                                                                            Path:C:\Program Files (x86)\Winamp\Elevator.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:"C:\Program Files (x86)\Winamp\elevator.exe" /RegServer
                                                                                                                            Imagebase:0x400000
                                                                                                                            File size:191824 bytes
                                                                                                                            MD5 hash:4DCA168AC0EE99081097BBBFB61CE6BE
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Antivirus matches:
                                                                                                                            • Detection: 0%, ReversingLabs
                                                                                                                            Reputation:low

                                                                                                                            General

                                                                                                                            Target ID:10
                                                                                                                            Start time:10:45:55
                                                                                                                            Start date:01/08/2022
                                                                                                                            Path:C:\Windows\SysWOW64\netsh.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:netsh advfirewall firewall set rule name="Winamp" dir=in program="C:\Program Files (x86)\Winamp\winamp.exe" profile=private,public protocol=TCP new action=allow enable=yes
                                                                                                                            Imagebase:0x15e0000
                                                                                                                            File size:82944 bytes
                                                                                                                            MD5 hash:A0AA3322BB46BBFC36AB9DC1DBBBB807
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:high

                                                                                                                            General

                                                                                                                            Target ID:12
                                                                                                                            Start time:10:45:57
                                                                                                                            Start date:01/08/2022
                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                            Imagebase:0x7ff77f440000
                                                                                                                            File size:625664 bytes
                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:high

                                                                                                                            General

                                                                                                                            Target ID:13
                                                                                                                            Start time:10:45:58
                                                                                                                            Start date:01/08/2022
                                                                                                                            Path:C:\Windows\SysWOW64\netsh.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:netsh advfirewall firewall add rule name="Winamp" dir=in action=allow program="C:\Program Files (x86)\Winamp\winamp.exe" enable=yes profile=private,public protocol=TCP
                                                                                                                            Imagebase:0x15e0000
                                                                                                                            File size:82944 bytes
                                                                                                                            MD5 hash:A0AA3322BB46BBFC36AB9DC1DBBBB807
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:high

                                                                                                                            General

                                                                                                                            Target ID:14
                                                                                                                            Start time:10:45:59
                                                                                                                            Start date:01/08/2022
                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                            Imagebase:0x7ff77f440000
                                                                                                                            File size:625664 bytes
                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:high

                                                                                                                            General

                                                                                                                            Target ID:15
                                                                                                                            Start time:10:46:00
                                                                                                                            Start date:01/08/2022
                                                                                                                            Path:C:\Windows\SysWOW64\netsh.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:netsh advfirewall firewall set rule name="Winamp" dir=in program="C:\Program Files (x86)\Winamp\winamp.exe" profile=private,public protocol=UDP new action=allow enable=yes
                                                                                                                            Imagebase:0x15e0000
                                                                                                                            File size:82944 bytes
                                                                                                                            MD5 hash:A0AA3322BB46BBFC36AB9DC1DBBBB807
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:high

                                                                                                                            General

                                                                                                                            Target ID:16
                                                                                                                            Start time:10:46:00
                                                                                                                            Start date:01/08/2022
                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                            Imagebase:0x7ff77f440000
                                                                                                                            File size:625664 bytes
                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:high

                                                                                                                            General

                                                                                                                            Target ID:18
                                                                                                                            Start time:10:46:02
                                                                                                                            Start date:01/08/2022
                                                                                                                            Path:C:\Windows\SysWOW64\netsh.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:netsh advfirewall firewall add rule name="Winamp" dir=in action=allow program="C:\Program Files (x86)\Winamp\winamp.exe" enable=yes profile=private,public protocol=UDP
                                                                                                                            Imagebase:0x15e0000
                                                                                                                            File size:82944 bytes
                                                                                                                            MD5 hash:A0AA3322BB46BBFC36AB9DC1DBBBB807
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:high

                                                                                                                            General

                                                                                                                            Target ID:19
                                                                                                                            Start time:10:46:03
                                                                                                                            Start date:01/08/2022
                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                            Imagebase:0x7ff77f440000
                                                                                                                            File size:625664 bytes
                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:high

                                                                                                                            Disassembly

                                                                                                                            Reset < >

                                                                                                                              Execution Graph

                                                                                                                              Execution Coverage:27.2%
                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                              Signature Coverage:13.4%
                                                                                                                              Total number of Nodes:1993
                                                                                                                              Total number of Limit Nodes:79
                                                                                                                              execution_graph 4998 403640 SetErrorMode GetVersionExW 4999 403692 GetVersionExW 4998->4999 5000 4036ca 4998->5000 4999->5000 5001 403723 5000->5001 5002 406a35 5 API calls 5000->5002 5089 4069c5 GetSystemDirectoryW 5001->5089 5002->5001 5004 403739 lstrlenA 5004->5001 5005 403749 5004->5005 5092 406a35 GetModuleHandleA 5005->5092 5008 406a35 5 API calls 5009 403757 5008->5009 5010 406a35 5 API calls 5009->5010 5011 403763 #17 OleInitialize SHGetFileInfoW 5010->5011 5098 406668 lstrcpynW 5011->5098 5014 4037b0 GetCommandLineW 5099 406668 lstrcpynW 5014->5099 5016 4037c2 5100 405f64 5016->5100 5019 4038f7 5020 40390b GetTempPathW 5019->5020 5104 40360f 5020->5104 5022 403923 5024 403927 GetWindowsDirectoryW lstrcatW 5022->5024 5025 40397d DeleteFileW 5022->5025 5023 405f64 CharNextW 5027 4037f9 5023->5027 5028 40360f 12 API calls 5024->5028 5114 4030d0 GetTickCount GetModuleFileNameW 5025->5114 5027->5019 5027->5023 5032 4038f9 5027->5032 5030 403943 5028->5030 5029 403990 5033 403a54 5029->5033 5035 403a45 5029->5035 5039 405f64 CharNextW 5029->5039 5030->5025 5031 403947 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 5030->5031 5034 40360f 12 API calls 5031->5034 5200 406668 lstrcpynW 5032->5200 5254 403c25 5033->5254 5038 403975 5034->5038 5144 403d17 5035->5144 5038->5025 5038->5033 5056 4039b2 5039->5056 5042 403b91 5045 403b99 GetCurrentProcess OpenProcessToken 5042->5045 5046 403c0f ExitProcess 5042->5046 5043 403b7c 5263 405cc8 5043->5263 5050 403bb0 LookupPrivilegeValueW AdjustTokenPrivileges 5045->5050 5051 403bdf 5045->5051 5047 403a1b 5201 40603f 5047->5201 5048 403a5c 5217 405c33 5048->5217 5050->5051 5054 406a35 5 API calls 5051->5054 5058 403be6 5054->5058 5056->5047 5056->5048 5060 403bfb ExitWindowsEx 5058->5060 5065 403c08 5058->5065 5060->5046 5060->5065 5061 403a72 lstrcatW 5062 403a7d lstrcatW lstrcmpiW 5061->5062 5062->5033 5063 403a9d 5062->5063 5066 403aa2 5063->5066 5067 403aa9 5063->5067 5267 40140b 5065->5267 5220 405b99 CreateDirectoryW 5066->5220 5225 405c16 CreateDirectoryW 5067->5225 5068 403a3a 5216 406668 lstrcpynW 5068->5216 5074 403aae SetCurrentDirectoryW 5075 403ac0 5074->5075 5076 403acb 5074->5076 5228 406668 lstrcpynW 5075->5228 5229 406668 lstrcpynW 5076->5229 5081 403b19 CopyFileW 5086 403ad8 5081->5086 5082 403b63 5084 406428 36 API calls 5082->5084 5084->5033 5085 4066a5 17 API calls 5085->5086 5086->5082 5086->5085 5088 403b4d CloseHandle 5086->5088 5230 4066a5 5086->5230 5247 406428 MoveFileExW 5086->5247 5251 405c4b CreateProcessW 5086->5251 5088->5086 5090 4069e7 wsprintfW LoadLibraryExW 5089->5090 5090->5004 5093 406a51 5092->5093 5094 406a5b GetProcAddress 5092->5094 5096 4069c5 3 API calls 5093->5096 5095 403750 5094->5095 5095->5008 5097 406a57 5096->5097 5097->5094 5097->5095 5098->5014 5099->5016 5101 405f6a 5100->5101 5102 4037e8 CharNextW 5101->5102 5103 405f71 CharNextW 5101->5103 5102->5027 5103->5101 5270 4068ef 5104->5270 5106 403625 5106->5022 5107 40361b 5107->5106 5279 405f37 lstrlenW CharPrevW 5107->5279 5110 405c16 2 API calls 5111 403633 5110->5111 5282 406187 5111->5282 5286 406158 GetFileAttributesW CreateFileW 5114->5286 5116 403113 5143 403120 5116->5143 5287 406668 lstrcpynW 5116->5287 5118 403136 5288 405f83 lstrlenW 5118->5288 5122 403147 GetFileSize 5123 403241 5122->5123 5124 40315e 5122->5124 5293 40302e 5123->5293 5124->5123 5130 4032de 5124->5130 5138 40302e 32 API calls 5124->5138 5124->5143 5323 4035e2 5124->5323 5128 403286 GlobalAlloc 5131 40329d 5128->5131 5132 40302e 32 API calls 5130->5132 5134 406187 2 API calls 5131->5134 5132->5143 5133 403267 5135 4035e2 ReadFile 5133->5135 5136 4032ae CreateFileW 5134->5136 5137 403272 5135->5137 5139 4032e8 5136->5139 5136->5143 5137->5128 5137->5143 5138->5124 5307 4035f8 SetFilePointer 5139->5307 5141 4032f6 5308 403371 5141->5308 5143->5029 5143->5143 5145 406a35 5 API calls 5144->5145 5146 403d2b 5145->5146 5147 403d31 5146->5147 5148 403d43 5146->5148 5390 4065af wsprintfW 5147->5390 5149 406536 3 API calls 5148->5149 5150 403d73 5149->5150 5152 403d92 lstrcatW 5150->5152 5154 406536 3 API calls 5150->5154 5153 403d41 5152->5153 5370 403fed 5153->5370 5154->5152 5157 40603f 18 API calls 5158 403dc4 5157->5158 5159 403e58 5158->5159 5378 406536 5158->5378 5160 40603f 18 API calls 5159->5160 5162 403e5e 5160->5162 5164 403e6e LoadImageW 5162->5164 5165 4066a5 17 API calls 5162->5165 5166 403f14 5164->5166 5167 403e95 RegisterClassW 5164->5167 5165->5164 5171 40140b 2 API calls 5166->5171 5169 403f1e 5167->5169 5170 403ecb SystemParametersInfoW CreateWindowExW 5167->5170 5168 403e17 lstrlenW 5173 403e25 lstrcmpiW 5168->5173 5174 403e4b 5168->5174 5169->5033 5170->5166 5175 403f1a 5171->5175 5172 405f64 CharNextW 5177 403e14 5172->5177 5173->5174 5178 403e35 GetFileAttributesW 5173->5178 5176 405f37 3 API calls 5174->5176 5175->5169 5179 403fed 18 API calls 5175->5179 5180 403e51 5176->5180 5177->5168 5181 403e41 5178->5181 5183 403f2b 5179->5183 5391 406668 lstrcpynW 5180->5391 5181->5174 5182 405f83 2 API calls 5181->5182 5182->5174 5185 403f37 ShowWindow 5183->5185 5186 403fba 5183->5186 5188 4069c5 3 API calls 5185->5188 5383 40579d OleInitialize 5186->5383 5190 403f4f 5188->5190 5189 403fc0 5191 403fc4 5189->5191 5192 403fdc 5189->5192 5193 403f5d GetClassInfoW 5190->5193 5195 4069c5 3 API calls 5190->5195 5191->5169 5198 40140b 2 API calls 5191->5198 5194 40140b 2 API calls 5192->5194 5196 403f71 GetClassInfoW RegisterClassW 5193->5196 5197 403f87 DialogBoxParamW 5193->5197 5194->5169 5195->5193 5196->5197 5199 40140b 2 API calls 5197->5199 5198->5169 5199->5169 5200->5020 5407 406668 lstrcpynW 5201->5407 5203 406050 5408 405fe2 CharNextW CharNextW 5203->5408 5206 403a27 5206->5033 5215 406668 lstrcpynW 5206->5215 5207 4068ef 5 API calls 5213 406066 5207->5213 5208 406097 lstrlenW 5209 4060a2 5208->5209 5208->5213 5210 405f37 3 API calls 5209->5210 5212 4060a7 GetFileAttributesW 5210->5212 5212->5206 5213->5206 5213->5208 5214 405f83 2 API calls 5213->5214 5414 40699e FindFirstFileW 5213->5414 5214->5208 5215->5068 5216->5035 5218 406a35 5 API calls 5217->5218 5219 403a61 lstrcatW 5218->5219 5219->5061 5219->5062 5221 403aa7 5220->5221 5222 405bea GetLastError 5220->5222 5221->5074 5222->5221 5223 405bf9 SetFileSecurityW 5222->5223 5223->5221 5224 405c0f GetLastError 5223->5224 5224->5221 5226 405c26 5225->5226 5227 405c2a GetLastError 5225->5227 5226->5074 5227->5226 5228->5076 5229->5086 5232 4066b2 5230->5232 5231 4068d5 5233 403b0d DeleteFileW 5231->5233 5419 406668 lstrcpynW 5231->5419 5232->5231 5235 4068a3 lstrlenW 5232->5235 5238 406536 3 API calls 5232->5238 5239 4066a5 10 API calls 5232->5239 5240 4067ba GetSystemDirectoryW 5232->5240 5241 4067cd GetWindowsDirectoryW 5232->5241 5242 4067fc SHGetSpecialFolderLocation 5232->5242 5243 4066a5 10 API calls 5232->5243 5244 406844 lstrcatW 5232->5244 5245 4068ef 5 API calls 5232->5245 5417 4065af wsprintfW 5232->5417 5418 406668 lstrcpynW 5232->5418 5233->5081 5233->5086 5235->5232 5238->5232 5239->5235 5240->5232 5241->5232 5242->5232 5246 406814 SHGetPathFromIDListW CoTaskMemFree 5242->5246 5243->5232 5244->5232 5245->5232 5246->5232 5248 406449 5247->5248 5249 40643c 5247->5249 5248->5086 5420 4062ae 5249->5420 5252 405c8a 5251->5252 5253 405c7e CloseHandle 5251->5253 5252->5086 5253->5252 5255 403c40 5254->5255 5256 403c36 CloseHandle 5254->5256 5257 403c54 5255->5257 5258 403c4a CloseHandle 5255->5258 5256->5255 5454 403c82 5257->5454 5258->5257 5264 405cdd 5263->5264 5265 403b89 ExitProcess 5264->5265 5266 405cf1 MessageBoxIndirectW 5264->5266 5266->5265 5268 401389 2 API calls 5267->5268 5269 401420 5268->5269 5269->5046 5277 4068fc 5270->5277 5271 406972 5272 406977 CharPrevW 5271->5272 5275 406998 5271->5275 5272->5271 5273 406965 CharNextW 5273->5271 5273->5277 5274 405f64 CharNextW 5274->5277 5275->5107 5276 406951 CharNextW 5276->5277 5277->5271 5277->5273 5277->5274 5277->5276 5278 406960 CharNextW 5277->5278 5278->5273 5280 405f53 lstrcatW 5279->5280 5281 40362d 5279->5281 5280->5281 5281->5110 5283 406194 GetTickCount GetTempFileNameW 5282->5283 5284 40363e 5283->5284 5285 4061ca 5283->5285 5284->5022 5285->5283 5285->5284 5286->5116 5287->5118 5289 405f91 5288->5289 5290 40313c 5289->5290 5291 405f97 CharPrevW 5289->5291 5292 406668 lstrcpynW 5290->5292 5291->5289 5291->5290 5292->5122 5294 403057 5293->5294 5295 40303f 5293->5295 5297 403067 GetTickCount 5294->5297 5298 40305f 5294->5298 5296 403048 DestroyWindow 5295->5296 5301 40304f 5295->5301 5296->5301 5299 403075 5297->5299 5297->5301 5341 406a71 5298->5341 5302 4030aa CreateDialogParamW ShowWindow 5299->5302 5303 40307d 5299->5303 5301->5128 5301->5143 5326 4035f8 SetFilePointer 5301->5326 5302->5301 5303->5301 5327 403012 5303->5327 5305 40308b wsprintfW 5330 4056ca 5305->5330 5307->5141 5309 403380 SetFilePointer 5308->5309 5310 40339c 5308->5310 5309->5310 5345 403479 GetTickCount 5310->5345 5315 403479 42 API calls 5316 4033d3 5315->5316 5317 40343f ReadFile 5316->5317 5319 403439 5316->5319 5321 4033e2 5316->5321 5317->5319 5319->5143 5320 4061db ReadFile 5320->5321 5321->5319 5321->5320 5360 40620a WriteFile 5321->5360 5324 4061db ReadFile 5323->5324 5325 4035f5 5324->5325 5325->5124 5326->5133 5328 403021 5327->5328 5329 403023 MulDiv 5327->5329 5328->5329 5329->5305 5331 4056e5 5330->5331 5340 405787 5330->5340 5332 405701 lstrlenW 5331->5332 5333 4066a5 17 API calls 5331->5333 5334 40572a 5332->5334 5335 40570f lstrlenW 5332->5335 5333->5332 5337 405730 SetWindowTextW 5334->5337 5338 40573d 5334->5338 5336 405721 lstrcatW 5335->5336 5335->5340 5336->5334 5337->5338 5339 405743 SendMessageW SendMessageW SendMessageW 5338->5339 5338->5340 5339->5340 5340->5301 5342 406a8e PeekMessageW 5341->5342 5343 406a84 DispatchMessageW 5342->5343 5344 406a9e 5342->5344 5343->5342 5344->5301 5346 4035d1 5345->5346 5347 4034a7 5345->5347 5348 40302e 32 API calls 5346->5348 5362 4035f8 SetFilePointer 5347->5362 5355 4033a3 5348->5355 5350 4034b2 SetFilePointer 5354 4034d7 5350->5354 5351 4035e2 ReadFile 5351->5354 5353 40302e 32 API calls 5353->5354 5354->5351 5354->5353 5354->5355 5356 40620a WriteFile 5354->5356 5357 4035b2 SetFilePointer 5354->5357 5363 406bb0 5354->5363 5355->5319 5358 4061db ReadFile 5355->5358 5356->5354 5357->5346 5359 4033bc 5358->5359 5359->5315 5359->5319 5361 406228 5360->5361 5361->5321 5362->5350 5364 406bd5 5363->5364 5365 406bdd 5363->5365 5364->5354 5365->5364 5366 406c64 GlobalFree 5365->5366 5367 406c6d GlobalAlloc 5365->5367 5368 406ce4 GlobalAlloc 5365->5368 5369 406cdb GlobalFree 5365->5369 5366->5367 5367->5364 5367->5365 5368->5364 5368->5365 5369->5368 5371 404001 5370->5371 5392 4065af wsprintfW 5371->5392 5373 404072 5393 4040a6 5373->5393 5375 403da2 5375->5157 5376 404077 5376->5375 5377 4066a5 17 API calls 5376->5377 5377->5376 5396 4064d5 5378->5396 5381 403df6 5381->5159 5381->5168 5381->5172 5382 40656a RegQueryValueExW RegCloseKey 5382->5381 5400 404610 5383->5400 5385 404610 SendMessageW 5387 4057f9 OleUninitialize 5385->5387 5386 4057c0 5389 4057e7 5386->5389 5403 401389 5386->5403 5387->5189 5389->5385 5390->5153 5391->5159 5392->5373 5394 4066a5 17 API calls 5393->5394 5395 4040b4 SetWindowTextW 5394->5395 5395->5376 5397 4064e4 5396->5397 5398 4064e8 5397->5398 5399 4064ed RegOpenKeyExW 5397->5399 5398->5381 5398->5382 5399->5398 5401 404628 5400->5401 5402 404619 SendMessageW 5400->5402 5401->5386 5402->5401 5405 401390 5403->5405 5404 4013fe 5404->5386 5405->5404 5406 4013cb MulDiv SendMessageW 5405->5406 5406->5405 5407->5203 5409 405fff 5408->5409 5412 406011 5408->5412 5411 40600c CharNextW 5409->5411 5409->5412 5410 406035 5410->5206 5410->5207 5411->5410 5412->5410 5413 405f64 CharNextW 5412->5413 5413->5412 5415 4069b4 FindClose 5414->5415 5416 4069bf 5414->5416 5415->5416 5416->5213 5417->5232 5418->5232 5419->5233 5421 406304 GetShortPathNameW 5420->5421 5422 4062de 5420->5422 5424 406423 5421->5424 5425 406319 5421->5425 5447 406158 GetFileAttributesW CreateFileW 5422->5447 5424->5248 5425->5424 5427 406321 wsprintfA 5425->5427 5426 4062e8 CloseHandle GetShortPathNameW 5426->5424 5428 4062fc 5426->5428 5429 4066a5 17 API calls 5427->5429 5428->5421 5428->5424 5430 406349 5429->5430 5448 406158 GetFileAttributesW CreateFileW 5430->5448 5432 406356 5432->5424 5433 406365 GetFileSize GlobalAlloc 5432->5433 5434 406387 5433->5434 5435 40641c CloseHandle 5433->5435 5436 4061db ReadFile 5434->5436 5435->5424 5437 40638f 5436->5437 5437->5435 5449 4060bd lstrlenA 5437->5449 5440 4063a6 lstrcpyA 5443 4063c8 5440->5443 5441 4063ba 5442 4060bd 4 API calls 5441->5442 5442->5443 5444 4063ff SetFilePointer 5443->5444 5445 40620a WriteFile 5444->5445 5446 406415 GlobalFree 5445->5446 5446->5435 5447->5426 5448->5432 5450 4060fe lstrlenA 5449->5450 5451 4060d7 lstrcmpiA 5450->5451 5453 406106 5450->5453 5452 4060f5 CharNextA 5451->5452 5451->5453 5452->5450 5453->5440 5453->5441 5455 403c90 5454->5455 5456 403c59 5455->5456 5457 403c95 FreeLibrary GlobalFree 5455->5457 5458 405d74 5456->5458 5457->5456 5457->5457 5459 40603f 18 API calls 5458->5459 5460 405d94 5459->5460 5461 405db3 5460->5461 5462 405d9c DeleteFileW 5460->5462 5464 405ed3 5461->5464 5497 406668 lstrcpynW 5461->5497 5463 403b71 OleUninitialize 5462->5463 5463->5042 5463->5043 5464->5463 5471 40699e 2 API calls 5464->5471 5466 405dd9 5467 405dec 5466->5467 5468 405ddf lstrcatW 5466->5468 5470 405f83 2 API calls 5467->5470 5469 405df2 5468->5469 5473 405e02 lstrcatW 5469->5473 5475 405e0d lstrlenW FindFirstFileW 5469->5475 5470->5469 5472 405ef8 5471->5472 5472->5463 5474 405efc 5472->5474 5473->5475 5476 405f37 3 API calls 5474->5476 5475->5464 5482 405e2f 5475->5482 5477 405f02 5476->5477 5479 405d2c 5 API calls 5477->5479 5478 405eb6 FindNextFileW 5478->5482 5483 405ecc FindClose 5478->5483 5481 405f0e 5479->5481 5484 405f12 5481->5484 5485 405f28 5481->5485 5482->5478 5495 405e77 5482->5495 5498 406668 lstrcpynW 5482->5498 5483->5464 5484->5463 5488 4056ca 24 API calls 5484->5488 5487 4056ca 24 API calls 5485->5487 5487->5463 5490 405f1f 5488->5490 5489 405d74 60 API calls 5489->5495 5492 406428 36 API calls 5490->5492 5491 4056ca 24 API calls 5491->5478 5494 405f26 5492->5494 5493 4056ca 24 API calls 5493->5495 5494->5463 5495->5478 5495->5489 5495->5491 5495->5493 5496 406428 36 API calls 5495->5496 5499 405d2c 5495->5499 5496->5495 5497->5466 5498->5482 5507 406133 GetFileAttributesW 5499->5507 5502 405d59 5502->5495 5503 405d47 RemoveDirectoryW 5505 405d55 5503->5505 5504 405d4f DeleteFileW 5504->5505 5505->5502 5506 405d65 SetFileAttributesW 5505->5506 5506->5502 5508 405d38 5507->5508 5509 406145 SetFileAttributesW 5507->5509 5508->5502 5508->5503 5508->5504 5509->5508 5510 401941 5511 401943 5510->5511 5516 402da6 5511->5516 5514 405d74 67 API calls 5515 401951 5514->5515 5517 402db2 5516->5517 5518 4066a5 17 API calls 5517->5518 5519 402dd3 5518->5519 5520 401948 5519->5520 5521 4068ef 5 API calls 5519->5521 5520->5514 5521->5520 5737 401c43 5738 402d84 17 API calls 5737->5738 5739 401c4a 5738->5739 5740 402d84 17 API calls 5739->5740 5741 401c57 5740->5741 5742 401c6c 5741->5742 5743 402da6 17 API calls 5741->5743 5744 401c7c 5742->5744 5745 402da6 17 API calls 5742->5745 5743->5742 5746 401cd3 5744->5746 5747 401c87 5744->5747 5745->5744 5748 402da6 17 API calls 5746->5748 5749 402d84 17 API calls 5747->5749 5751 401cd8 5748->5751 5750 401c8c 5749->5750 5752 402d84 17 API calls 5750->5752 5753 402da6 17 API calls 5751->5753 5754 401c98 5752->5754 5755 401ce1 FindWindowExW 5753->5755 5756 401cc3 SendMessageW 5754->5756 5757 401ca5 SendMessageTimeoutW 5754->5757 5758 401d03 5755->5758 5756->5758 5757->5758 6513 401e4e GetDC 6514 402d84 17 API calls 6513->6514 6515 401e60 GetDeviceCaps MulDiv ReleaseDC 6514->6515 6516 402d84 17 API calls 6515->6516 6517 401e91 6516->6517 6518 4066a5 17 API calls 6517->6518 6519 401ece CreateFontIndirectW 6518->6519 6520 402638 6519->6520 6521 6f561058 6523 6f561074 6521->6523 6522 6f5610dd 6523->6522 6525 6f561092 6523->6525 6534 6f5615b6 6523->6534 6526 6f5615b6 GlobalFree 6525->6526 6527 6f5610a2 6526->6527 6528 6f5610b2 6527->6528 6529 6f5610a9 GlobalSize 6527->6529 6530 6f5610b6 GlobalAlloc 6528->6530 6531 6f5610c7 6528->6531 6529->6528 6532 6f5615dd 3 API calls 6530->6532 6533 6f5610d2 GlobalFree 6531->6533 6532->6531 6533->6522 6535 6f5615bc 6534->6535 6536 6f5615c2 6535->6536 6537 6f5615ce GlobalFree 6535->6537 6536->6525 6537->6525 6538 402950 6539 402da6 17 API calls 6538->6539 6541 40295c 6539->6541 6540 402972 6543 406133 2 API calls 6540->6543 6541->6540 6542 402da6 17 API calls 6541->6542 6542->6540 6544 402978 6543->6544 6566 406158 GetFileAttributesW CreateFileW 6544->6566 6546 402985 6547 402a3b 6546->6547 6548 4029a0 GlobalAlloc 6546->6548 6549 402a23 6546->6549 6550 402a42 DeleteFileW 6547->6550 6551 402a55 6547->6551 6548->6549 6552 4029b9 6548->6552 6553 403371 44 API calls 6549->6553 6550->6551 6567 4035f8 SetFilePointer 6552->6567 6555 402a30 CloseHandle 6553->6555 6555->6547 6556 4029bf 6557 4035e2 ReadFile 6556->6557 6558 4029c8 GlobalAlloc 6557->6558 6559 4029d8 6558->6559 6560 402a0c 6558->6560 6562 403371 44 API calls 6559->6562 6561 40620a WriteFile 6560->6561 6563 402a18 GlobalFree 6561->6563 6565 4029e5 6562->6565 6563->6549 6564 402a03 GlobalFree 6564->6560 6565->6564 6566->6546 6567->6556 6575 6f3a1c29 6576 6f3a2053 2 API calls 6575->6576 6577 6f3a1c2f 6576->6577 6578 6f3a2053 2 API calls 6577->6578 6579 6f3a1c36 6578->6579 6580 6f3a1c51 6579->6580 6581 6f3a1c3e SetTimer 6579->6581 6581->6580 6582 6f562d43 6583 6f562d5b 6582->6583 6584 6f56162f 2 API calls 6583->6584 6585 6f562d76 6584->6585 6586 401956 6587 402da6 17 API calls 6586->6587 6588 40195d lstrlenW 6587->6588 6589 402638 6588->6589 6590 402b59 6591 402b60 6590->6591 6592 402bab 6590->6592 6595 402d84 17 API calls 6591->6595 6597 402ba9 6591->6597 6593 406a35 5 API calls 6592->6593 6594 402bb2 6593->6594 6598 402da6 17 API calls 6594->6598 6596 402b6e 6595->6596 6599 402d84 17 API calls 6596->6599 6600 402bbb 6598->6600 6603 402b7a 6599->6603 6600->6597 6601 402bbf IIDFromString 6600->6601 6601->6597 6602 402bce 6601->6602 6602->6597 6608 406668 lstrcpynW 6602->6608 6607 4065af wsprintfW 6603->6607 6606 402beb CoTaskMemFree 6606->6597 6607->6597 6608->6606 6609 402a5b 6610 402d84 17 API calls 6609->6610 6611 402a61 6610->6611 6612 402aa4 6611->6612 6613 402a88 6611->6613 6618 40292e 6611->6618 6614 402abe 6612->6614 6615 402aae 6612->6615 6616 402a8d 6613->6616 6617 402a9e 6613->6617 6620 4066a5 17 API calls 6614->6620 6619 402d84 17 API calls 6615->6619 6623 406668 lstrcpynW 6616->6623 6624 4065af wsprintfW 6617->6624 6619->6618 6620->6618 6623->6618 6624->6618 6625 6f3a1021 6626 6f3a1e4e 2 API calls 6625->6626 6627 6f3a1054 6626->6627 6628 6f3a10b4 6627->6628 6629 6f3a1e4e 2 API calls 6627->6629 6630 6f3a1e9c 2 API calls 6628->6630 6631 6f3a1069 6629->6631 6632 6f3a10be 6630->6632 6631->6628 6633 6f3a106d SHBrowseForFolderW 6631->6633 6633->6628 6634 6f3a10c0 SHGetPathFromIDListW 6633->6634 6635 6f3a10d2 6634->6635 6636 6f3a1e9c 2 API calls 6635->6636 6637 6f3a10e5 CoTaskMemFree 6636->6637 6637->6632 6055 40175c 6056 402da6 17 API calls 6055->6056 6057 401763 6056->6057 6058 406187 2 API calls 6057->6058 6059 40176a 6058->6059 6060 406187 2 API calls 6059->6060 6060->6059 6638 401d5d 6639 402d84 17 API calls 6638->6639 6640 401d6e SetWindowLongW 6639->6640 6641 402c2a 6640->6641 6642 406d5f 6643 406be3 6642->6643 6644 40754e 6643->6644 6645 406c64 GlobalFree 6643->6645 6646 406c6d GlobalAlloc 6643->6646 6647 406ce4 GlobalAlloc 6643->6647 6648 406cdb GlobalFree 6643->6648 6645->6646 6646->6643 6646->6644 6647->6643 6647->6644 6648->6647 6649 6f561774 6650 6f5617a3 6649->6650 6651 6f561bff 22 API calls 6650->6651 6652 6f5617aa 6651->6652 6653 6f5617b1 6652->6653 6654 6f5617bd 6652->6654 6655 6f561312 2 API calls 6653->6655 6656 6f5617c7 6654->6656 6657 6f5617e4 6654->6657 6660 6f5617bb 6655->6660 6661 6f5615dd 3 API calls 6656->6661 6658 6f56180e 6657->6658 6659 6f5617ea 6657->6659 6664 6f5615dd 3 API calls 6658->6664 6663 6f561654 3 API calls 6659->6663 6662 6f5617cc 6661->6662 6665 6f561654 3 API calls 6662->6665 6666 6f5617ef 6663->6666 6664->6660 6667 6f5617d2 6665->6667 6668 6f561312 2 API calls 6666->6668 6669 6f561312 2 API calls 6667->6669 6670 6f5617f5 GlobalFree 6668->6670 6671 6f5617d8 GlobalFree 6669->6671 6670->6660 6672 6f561809 GlobalFree 6670->6672 6671->6660 6672->6660 6673 401563 6674 402ba4 6673->6674 6677 4065af wsprintfW 6674->6677 6676 402ba9 6677->6676 6685 401968 6686 402d84 17 API calls 6685->6686 6687 40196f 6686->6687 6688 402d84 17 API calls 6687->6688 6689 40197c 6688->6689 6690 402da6 17 API calls 6689->6690 6691 401993 lstrlenW 6690->6691 6692 4019a4 6691->6692 6696 4019e5 6692->6696 6697 406668 lstrcpynW 6692->6697 6694 4019d5 6695 4019da lstrlenW 6694->6695 6694->6696 6695->6696 6697->6694 6106 6f562a7f 6107 6f562acf 6106->6107 6108 6f562a8f VirtualProtect 6106->6108 6108->6107 6698 40166a 6699 402da6 17 API calls 6698->6699 6700 401670 6699->6700 6701 40699e 2 API calls 6700->6701 6702 401676 6701->6702 6703 404a6e 6704 404aa4 6703->6704 6705 404a7e 6703->6705 6707 40462b 8 API calls 6704->6707 6706 4045c4 18 API calls 6705->6706 6708 404a8b SetDlgItemTextW 6706->6708 6709 404ab0 6707->6709 6708->6704 6710 6f55127b 6736 6f55154e 6710->6736 6713 6f55153b 6714 6f55154e 2 API calls 6715 6f5512c6 6714->6715 6715->6713 6716 6f55154e 2 API calls 6715->6716 6717 6f5512d9 6716->6717 6717->6713 6718 6f551384 GlobalAlloc 6717->6718 6718->6713 6735 6f5513a8 6718->6735 6719 6f5514c6 DialogBoxParamW 6724 6f5514f5 6719->6724 6720 6f55154e lstrcpyW GlobalFree 6720->6735 6721 6f55154e 2 API calls 6723 6f5514b2 6721->6723 6722 6f5514dd 6741 6f55158e 6722->6741 6723->6719 6723->6722 6725 6f551532 GlobalFree 6724->6725 6731 6f551513 GlobalFree 6724->6731 6732 6f551523 GlobalFree 6724->6732 6725->6713 6726 6f5513d3 lstrlenW GlobalAlloc 6727 6f55149b 6726->6727 6729 6f55140a lstrcpyW 6726->6729 6727->6721 6727->6723 6730 6f55154e 2 API calls 6729->6730 6730->6735 6731->6724 6732->6724 6733 6f55141c lstrlenW GlobalAlloc 6733->6727 6734 6f551451 lstrcpyW 6733->6734 6734->6735 6735->6720 6735->6726 6735->6727 6735->6733 6737 6f551558 6736->6737 6738 6f5512b4 6736->6738 6737->6738 6739 6f551565 lstrcpyW 6737->6739 6740 6f551578 GlobalFree 6737->6740 6738->6713 6738->6714 6739->6740 6740->6738 6742 6f551597 GlobalAlloc lstrcpynW 6741->6742 6743 6f5515d1 6741->6743 6742->6743 6743->6724 6121 40176f 6122 402da6 17 API calls 6121->6122 6123 401776 6122->6123 6124 401796 6123->6124 6125 40179e 6123->6125 6160 406668 lstrcpynW 6124->6160 6161 406668 lstrcpynW 6125->6161 6128 40179c 6131 4068ef 5 API calls 6128->6131 6129 4017a9 6130 405f37 3 API calls 6129->6130 6132 4017af lstrcatW 6130->6132 6134 4017bb 6131->6134 6132->6128 6133 40699e 2 API calls 6133->6134 6134->6133 6135 406133 2 API calls 6134->6135 6137 4017cd CompareFileTime 6134->6137 6138 40188d 6134->6138 6142 406668 lstrcpynW 6134->6142 6146 4066a5 17 API calls 6134->6146 6154 405cc8 MessageBoxIndirectW 6134->6154 6158 401864 6134->6158 6159 406158 GetFileAttributesW CreateFileW 6134->6159 6135->6134 6137->6134 6139 4056ca 24 API calls 6138->6139 6140 401897 6139->6140 6143 403371 44 API calls 6140->6143 6141 4056ca 24 API calls 6148 401879 6141->6148 6142->6134 6144 4018aa 6143->6144 6145 4018be SetFileTime 6144->6145 6147 4018d0 FindCloseChangeNotification 6144->6147 6145->6147 6146->6134 6147->6148 6149 4018e1 6147->6149 6150 4018e6 6149->6150 6151 4018f9 6149->6151 6152 4066a5 17 API calls 6150->6152 6153 4066a5 17 API calls 6151->6153 6155 4018ee lstrcatW 6152->6155 6156 401901 6153->6156 6154->6134 6155->6156 6156->6148 6157 405cc8 MessageBoxIndirectW 6156->6157 6157->6148 6158->6141 6158->6148 6159->6134 6160->6128 6161->6129 6744 6f561979 6746 6f56199c 6744->6746 6745 6f5619e3 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 6748 6f561312 2 API calls 6745->6748 6746->6745 6747 6f5619d1 GlobalFree 6746->6747 6747->6745 6749 6f561b6e GlobalFree GlobalFree 6748->6749 6750 401a72 6751 402d84 17 API calls 6750->6751 6752 401a7b 6751->6752 6753 402d84 17 API calls 6752->6753 6754 401a20 6753->6754 6755 401573 6756 401583 ShowWindow 6755->6756 6757 40158c 6755->6757 6756->6757 6758 40159a ShowWindow 6757->6758 6759 402c2a 6757->6759 6758->6759 6760 401b77 6761 402da6 17 API calls 6760->6761 6762 401b7e 6761->6762 6763 402d84 17 API calls 6762->6763 6764 401b87 wsprintfW 6763->6764 6765 402c2a 6764->6765 6766 6f3a1000 6767 6f3a101c 6766->6767 6768 6f3a1007 SendMessageW 6766->6768 6768->6767 6769 40167b 6770 402da6 17 API calls 6769->6770 6771 401682 6770->6771 6772 402da6 17 API calls 6771->6772 6773 40168b 6772->6773 6774 402da6 17 API calls 6773->6774 6775 401694 MoveFileW 6774->6775 6776 4016a0 6775->6776 6777 4016a7 6775->6777 6778 401423 24 API calls 6776->6778 6779 40699e 2 API calls 6777->6779 6781 4022f6 6777->6781 6778->6781 6780 4016b6 6779->6780 6780->6781 6782 406428 36 API calls 6780->6782 6782->6776 6405 6f3a1407 6406 6f3a1434 CallWindowProcW 6405->6406 6410 6f3a1415 6405->6410 6407 6f3a1430 6406->6407 6408 6f3a1454 6406->6408 6408->6407 6409 6f3a1458 DestroyWindow GetProcessHeap HeapFree 6408->6409 6409->6407 6410->6406 6410->6407 6783 401000 6784 401037 BeginPaint GetClientRect 6783->6784 6785 40100c DefWindowProcW 6783->6785 6787 4010f3 6784->6787 6788 401179 6785->6788 6789 401073 CreateBrushIndirect FillRect DeleteObject 6787->6789 6790 4010fc 6787->6790 6789->6787 6791 401102 CreateFontIndirectW 6790->6791 6792 401167 EndPaint 6790->6792 6791->6792 6793 401112 6 API calls 6791->6793 6792->6788 6793->6792 5522 6fed15ac 5529 6fed18c6 5522->5529 5524 6fed15c3 5525 6fed15ed wsprintfW 5524->5525 5526 6fed15d2 WaitForSingleObject GetExitCodeThread CloseHandle 5524->5526 5533 6fed1901 5525->5533 5526->5525 5530 6fed18cf 5529->5530 5532 6fed18fb 5529->5532 5531 6fed18d4 lstrcpyW GlobalFree 5530->5531 5530->5532 5531->5532 5532->5524 5534 6fed190a GlobalAlloc lstrcpynW 5533->5534 5535 6fed160b 5533->5535 5534->5535 5536 6f561817 5537 6f56184a 5536->5537 5578 6f561bff 5537->5578 5539 6f561851 5540 6f561976 5539->5540 5541 6f561862 5539->5541 5542 6f561869 5539->5542 5628 6f56243e 5541->5628 5612 6f562480 5542->5612 5547 6f5618a3 5548 6f5618af 5547->5548 5549 6f5618cd 5547->5549 5641 6f562655 5548->5641 5552 6f5618d3 5549->5552 5553 6f56191e 5549->5553 5550 6f56187f 5550->5547 5560 6f561890 5550->5560 5622 6f562b98 5550->5622 5551 6f561898 5551->5547 5638 6f562e23 5551->5638 5659 6f561666 5552->5659 5558 6f562655 9 API calls 5553->5558 5564 6f56190f 5558->5564 5559 6f5618b5 5651 6f561654 5559->5651 5632 6f562810 5560->5632 5570 6f561965 5564->5570 5665 6f562618 5564->5665 5567 6f561896 5567->5547 5568 6f562655 9 API calls 5568->5564 5570->5540 5572 6f56196f GlobalFree 5570->5572 5572->5540 5575 6f561951 5575->5570 5669 6f5615dd wsprintfW 5575->5669 5576 6f56194a FreeLibrary 5576->5575 5672 6f5612bb GlobalAlloc 5578->5672 5580 6f561c26 5673 6f5612bb GlobalAlloc 5580->5673 5582 6f561e6b GlobalFree GlobalFree GlobalFree 5583 6f561e88 5582->5583 5594 6f561ed2 5582->5594 5584 6f56227e 5583->5584 5592 6f561e9d 5583->5592 5583->5594 5586 6f5622a0 GetModuleHandleW 5584->5586 5584->5594 5585 6f561d26 GlobalAlloc 5604 6f561c31 5585->5604 5589 6f5622c6 5586->5589 5590 6f5622b1 LoadLibraryW 5586->5590 5587 6f561d71 lstrcpyW 5591 6f561d7b lstrcpyW 5587->5591 5588 6f561d8f GlobalFree 5588->5604 5680 6f5616bd WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 5589->5680 5590->5589 5590->5594 5591->5604 5592->5594 5676 6f5612cc 5592->5676 5594->5539 5595 6f562318 5595->5594 5599 6f562325 lstrlenW 5595->5599 5596 6f562126 5679 6f5612bb GlobalAlloc 5596->5679 5681 6f5616bd WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 5599->5681 5600 6f562067 GlobalFree 5600->5604 5601 6f5621ae 5601->5594 5609 6f562216 lstrcpyW 5601->5609 5602 6f5622d8 5602->5595 5610 6f562302 GetProcAddress 5602->5610 5604->5582 5604->5585 5604->5587 5604->5588 5604->5591 5604->5594 5604->5596 5604->5600 5604->5601 5605 6f5612cc 2 API calls 5604->5605 5606 6f561dcd 5604->5606 5605->5604 5606->5604 5674 6f56162f GlobalSize GlobalAlloc 5606->5674 5607 6f56233f 5607->5594 5609->5594 5610->5595 5611 6f56212f 5611->5539 5614 6f562498 5612->5614 5613 6f5612cc GlobalAlloc lstrcpynW 5613->5614 5614->5613 5616 6f5625c1 GlobalFree 5614->5616 5618 6f562540 GlobalAlloc WideCharToMultiByte 5614->5618 5619 6f56256b GlobalAlloc 5614->5619 5620 6f562582 5614->5620 5683 6f56135a 5614->5683 5616->5614 5617 6f56186f 5616->5617 5617->5547 5617->5550 5617->5551 5618->5616 5619->5620 5620->5616 5687 6f5627a4 5620->5687 5624 6f562baa 5622->5624 5623 6f562c4f CreateWindowExW 5625 6f562c6d 5623->5625 5624->5623 5690 6f562b42 5625->5690 5627 6f56188e KiUserCallbackDispatcher 5627->5560 5629 6f562453 5628->5629 5630 6f56245e GlobalAlloc 5629->5630 5631 6f561868 5629->5631 5630->5629 5631->5542 5636 6f562840 5632->5636 5633 6f5628ee 5635 6f5628f4 GlobalSize 5633->5635 5637 6f5628fe 5633->5637 5634 6f5628db GlobalAlloc 5634->5637 5635->5637 5636->5633 5636->5634 5637->5567 5640 6f562e2e 5638->5640 5639 6f562e6e GlobalFree 5640->5639 5694 6f5612bb GlobalAlloc 5641->5694 5643 6f56265f 5644 6f56270b lstrcpynW 5643->5644 5645 6f5626d8 MultiByteToWideChar 5643->5645 5646 6f56271e wsprintfW 5643->5646 5647 6f562742 GlobalFree 5643->5647 5648 6f562777 GlobalFree 5643->5648 5649 6f561312 2 API calls 5643->5649 5695 6f561381 5643->5695 5644->5643 5645->5643 5646->5643 5647->5643 5648->5559 5649->5643 5699 6f5612bb GlobalAlloc 5651->5699 5653 6f561659 5654 6f561666 2 API calls 5653->5654 5655 6f561663 5654->5655 5656 6f561312 5655->5656 5657 6f561355 GlobalFree 5656->5657 5658 6f56131b GlobalAlloc lstrcpynW 5656->5658 5657->5564 5658->5657 5660 6f561672 wsprintfW 5659->5660 5661 6f56169f lstrcpyW 5659->5661 5664 6f5616b8 5660->5664 5661->5664 5664->5568 5666 6f562626 5665->5666 5668 6f561931 5665->5668 5667 6f562642 GlobalFree 5666->5667 5666->5668 5667->5666 5668->5575 5668->5576 5670 6f561312 2 API calls 5669->5670 5671 6f5615fe 5670->5671 5671->5570 5672->5580 5673->5604 5675 6f56164d 5674->5675 5675->5606 5682 6f5612bb GlobalAlloc 5676->5682 5678 6f5612db lstrcpynW 5678->5594 5679->5611 5680->5602 5681->5607 5682->5678 5684 6f561361 5683->5684 5685 6f5612cc 2 API calls 5684->5685 5686 6f56137f 5685->5686 5686->5614 5688 6f5627b2 VirtualAlloc 5687->5688 5689 6f562808 5687->5689 5688->5689 5689->5620 5691 6f562b4d 5690->5691 5692 6f562b52 GetLastError 5691->5692 5693 6f562b5d 5691->5693 5692->5693 5693->5627 5694->5643 5696 6f5613ac 5695->5696 5697 6f56138a 5695->5697 5696->5643 5697->5696 5698 6f561390 lstrcpyW 5697->5698 5698->5696 5699->5653 6794 401503 6795 40150b 6794->6795 6797 40151e 6794->6797 6796 402d84 17 API calls 6795->6796 6796->6797 5842 402c05 SendMessageW 5843 402c2a 5842->5843 5844 402c1f InvalidateRect 5842->5844 5844->5843 5922 405809 5923 4059b3 5922->5923 5924 40582a GetDlgItem GetDlgItem GetDlgItem 5922->5924 5926 4059e4 5923->5926 5927 4059bc GetDlgItem CreateThread FindCloseChangeNotification 5923->5927 5967 4045f9 SendMessageW 5924->5967 5928 405a0f 5926->5928 5929 405a34 5926->5929 5930 4059fb ShowWindow ShowWindow 5926->5930 5927->5926 5970 40579d 5 API calls 5927->5970 5933 405a23 5928->5933 5934 405a49 ShowWindow 5928->5934 5937 405a6f 5928->5937 5935 40462b 8 API calls 5929->5935 5969 4045f9 SendMessageW 5930->5969 5931 40589a 5936 4058a1 GetClientRect GetSystemMetrics SendMessageW SendMessageW 5931->5936 5939 40459d SendMessageW 5933->5939 5941 405a69 5934->5941 5942 405a5b 5934->5942 5940 405a42 5935->5940 5943 4058f3 SendMessageW SendMessageW 5936->5943 5944 40590f 5936->5944 5937->5929 5938 405a7d SendMessageW 5937->5938 5938->5940 5945 405a96 CreatePopupMenu 5938->5945 5939->5929 5949 40459d SendMessageW 5941->5949 5948 4056ca 24 API calls 5942->5948 5943->5944 5946 405922 5944->5946 5947 405914 SendMessageW 5944->5947 5950 4066a5 17 API calls 5945->5950 5951 4045c4 18 API calls 5946->5951 5947->5946 5948->5941 5949->5937 5952 405aa6 AppendMenuW 5950->5952 5953 405932 5951->5953 5954 405ac3 GetWindowRect 5952->5954 5955 405ad6 TrackPopupMenu 5952->5955 5956 40593b ShowWindow 5953->5956 5957 40596f GetDlgItem SendMessageW 5953->5957 5954->5955 5955->5940 5958 405af1 5955->5958 5959 405951 ShowWindow 5956->5959 5962 40595e 5956->5962 5957->5940 5960 405996 SendMessageW SendMessageW 5957->5960 5961 405b0d SendMessageW 5958->5961 5959->5962 5960->5940 5961->5961 5963 405b2a OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 5961->5963 5968 4045f9 SendMessageW 5962->5968 5965 405b4f SendMessageW 5963->5965 5965->5965 5966 405b78 GlobalUnlock SetClipboardData CloseClipboard 5965->5966 5966->5940 5967->5931 5968->5957 5969->5928 6798 404e0b 6799 404e37 6798->6799 6800 404e1b 6798->6800 6802 404e6a 6799->6802 6803 404e3d SHGetPathFromIDListW 6799->6803 6809 405cac GetDlgItemTextW 6800->6809 6805 404e54 SendMessageW 6803->6805 6806 404e4d 6803->6806 6804 404e28 SendMessageW 6804->6799 6805->6802 6807 40140b 2 API calls 6806->6807 6807->6805 6809->6804 6810 40290b 6811 402da6 17 API calls 6810->6811 6812 402912 FindFirstFileW 6811->6812 6813 40293a 6812->6813 6817 402925 6812->6817 6814 402943 6813->6814 6818 4065af wsprintfW 6813->6818 6819 406668 lstrcpynW 6814->6819 6818->6814 6819->6817 6820 6f3a1d76 6821 6f3a2053 2 API calls 6820->6821 6822 6f3a1d7b 6821->6822 6823 40190c 6824 401943 6823->6824 6825 402da6 17 API calls 6824->6825 6826 401948 6825->6826 6827 405d74 67 API calls 6826->6827 6828 401951 6827->6828 6829 40190f 6830 402da6 17 API calls 6829->6830 6831 401916 6830->6831 6832 405cc8 MessageBoxIndirectW 6831->6832 6833 40191f 6832->6833 6834 401f12 6835 402da6 17 API calls 6834->6835 6836 401f18 6835->6836 6837 402da6 17 API calls 6836->6837 6838 401f21 6837->6838 6839 402da6 17 API calls 6838->6839 6840 401f2a 6839->6840 6841 402da6 17 API calls 6840->6841 6842 401f33 6841->6842 6843 401423 24 API calls 6842->6843 6844 401f3a 6843->6844 6851 405c8e ShellExecuteExW 6844->6851 6846 401f82 6847 406ae0 5 API calls 6846->6847 6848 40292e 6846->6848 6849 401f9f CloseHandle 6847->6849 6849->6848 6851->6846 6852 6f551000 6853 6f55125f 6852->6853 6854 6f551018 6852->6854 6855 6f551022 6853->6855 6856 6f551268 DeleteObject 6853->6856 6857 6f55101f 6854->6857 6863 6f551094 6854->6863 6856->6855 6857->6855 6859 6f551031 6857->6859 6860 6f551053 SendDlgItemMessageW SendDlgItemMessageW 6857->6860 6858 6f551110 6 API calls 6865 6f551253 ShowWindow 6858->6865 6866 6f55117b 6858->6866 6859->6855 6868 6f55158e 2 API calls 6859->6868 6864 6f55107e 6860->6864 6862 6f5510b9 SendDlgItemMessageW SendDlgItemMessageW 6862->6863 6863->6858 6863->6862 6867 6f5510e7 lstrcmpW 6863->6867 6872 6f55158e 2 API calls 6864->6872 6865->6855 6869 6f55154e 2 API calls 6866->6869 6867->6863 6870 6f551042 EndDialog 6868->6870 6871 6f551186 6869->6871 6870->6855 6871->6865 6874 6f55154e 2 API calls 6871->6874 6872->6870 6875 6f55119e 6874->6875 6875->6865 6876 6f5511a6 lstrcmpW 6875->6876 6876->6865 6877 6f5511cc 10 API calls 6876->6877 6877->6865 6878 6f561000 6881 6f56101b 6878->6881 6882 6f5615b6 GlobalFree 6881->6882 6883 6f561020 6882->6883 6884 6f561027 GlobalAlloc 6883->6884 6885 6f561024 6883->6885 6884->6885 6886 6f5615dd 3 API calls 6885->6886 6887 6f561019 6886->6887 6888 401d17 6889 402d84 17 API calls 6888->6889 6890 401d1d IsWindow 6889->6890 6891 401a20 6890->6891 6892 6f56170d 6893 6f5615b6 GlobalFree 6892->6893 6896 6f561725 6893->6896 6894 6f56176b GlobalFree 6895 6f561740 6895->6894 6896->6894 6896->6895 6897 6f561757 VirtualFree 6896->6897 6897->6894 6898 40261c 6899 402da6 17 API calls 6898->6899 6900 402623 6899->6900 6903 406158 GetFileAttributesW CreateFileW 6900->6903 6902 40262f 6903->6902 6911 6f3a1c53 6912 6f3a2053 2 API calls 6911->6912 6913 6f3a1c58 KillTimer 6912->6913 6109 40252a 6110 402de6 17 API calls 6109->6110 6111 402534 6110->6111 6112 402da6 17 API calls 6111->6112 6113 40253d 6112->6113 6114 402548 RegQueryValueExW 6113->6114 6117 40292e 6113->6117 6115 40256e RegCloseKey 6114->6115 6116 402568 6114->6116 6115->6117 6116->6115 6120 4065af wsprintfW 6116->6120 6120->6115 6914 40202a 6915 402da6 17 API calls 6914->6915 6916 402031 6915->6916 6917 406a35 5 API calls 6916->6917 6918 402040 6917->6918 6919 40205c GlobalAlloc 6918->6919 6921 4020cc 6918->6921 6920 402070 6919->6920 6919->6921 6922 406a35 5 API calls 6920->6922 6923 402077 6922->6923 6924 406a35 5 API calls 6923->6924 6925 402081 6924->6925 6925->6921 6929 4065af wsprintfW 6925->6929 6927 4020ba 6930 4065af wsprintfW 6927->6930 6929->6927 6930->6921 6931 6f56103d 6932 6f56101b 5 API calls 6931->6932 6933 6f561056 6932->6933 6934 401a30 6935 402da6 17 API calls 6934->6935 6936 401a39 ExpandEnvironmentStringsW 6935->6936 6937 401a4d 6936->6937 6939 401a60 6936->6939 6938 401a52 lstrcmpW 6937->6938 6937->6939 6938->6939 6162 405031 GetDlgItem GetDlgItem 6163 405083 7 API calls 6162->6163 6170 4052a8 6162->6170 6164 40512a DeleteObject 6163->6164 6165 40511d SendMessageW 6163->6165 6166 405133 6164->6166 6165->6164 6168 40516a 6166->6168 6172 4066a5 17 API calls 6166->6172 6167 40538a 6169 405436 6167->6169 6175 40529b 6167->6175 6181 4053e3 SendMessageW 6167->6181 6173 4045c4 18 API calls 6168->6173 6176 405440 SendMessageW 6169->6176 6177 405448 6169->6177 6170->6167 6171 40536b 6170->6171 6178 405306 6170->6178 6171->6167 6182 40537c SendMessageW 6171->6182 6179 40514c SendMessageW SendMessageW 6172->6179 6174 40517e 6173->6174 6180 4045c4 18 API calls 6174->6180 6183 40462b 8 API calls 6175->6183 6176->6177 6188 405461 6177->6188 6189 40545a ImageList_Destroy 6177->6189 6193 405471 6177->6193 6218 404f7f SendMessageW 6178->6218 6179->6166 6197 40518f 6180->6197 6181->6175 6186 4053f8 SendMessageW 6181->6186 6182->6167 6187 405637 6183->6187 6185 4055eb 6185->6175 6194 4055fd ShowWindow GetDlgItem ShowWindow 6185->6194 6192 40540b 6186->6192 6190 40546a GlobalFree 6188->6190 6188->6193 6189->6188 6190->6193 6191 40526a GetWindowLongW SetWindowLongW 6195 405283 6191->6195 6202 40541c SendMessageW 6192->6202 6193->6185 6209 4054ac 6193->6209 6223 404fff 6193->6223 6194->6175 6198 4052a0 6195->6198 6199 405288 ShowWindow 6195->6199 6196 405317 6196->6171 6197->6191 6201 4051e2 SendMessageW 6197->6201 6203 405265 6197->6203 6206 405220 SendMessageW 6197->6206 6207 405234 SendMessageW 6197->6207 6217 4045f9 SendMessageW 6198->6217 6216 4045f9 SendMessageW 6199->6216 6201->6197 6202->6169 6203->6191 6203->6195 6204 4054f0 6210 4055b6 6204->6210 6215 405564 SendMessageW SendMessageW 6204->6215 6206->6197 6207->6197 6209->6204 6212 4054da SendMessageW 6209->6212 6211 4055c1 InvalidateRect 6210->6211 6213 4055cd 6210->6213 6211->6213 6212->6204 6213->6185 6232 404f3a 6213->6232 6215->6204 6216->6175 6217->6170 6219 404fa2 GetMessagePos ScreenToClient SendMessageW 6218->6219 6220 404fde SendMessageW 6218->6220 6221 404fd6 6219->6221 6222 404fdb 6219->6222 6220->6221 6221->6196 6222->6220 6235 406668 lstrcpynW 6223->6235 6225 405012 6236 4065af wsprintfW 6225->6236 6227 40501c 6228 40140b 2 API calls 6227->6228 6229 405025 6228->6229 6237 406668 lstrcpynW 6229->6237 6231 40502c 6231->6209 6238 404e71 6232->6238 6234 404f4f 6234->6185 6235->6225 6236->6227 6237->6231 6240 404e8a 6238->6240 6239 4066a5 17 API calls 6241 404eee 6239->6241 6240->6239 6242 4066a5 17 API calls 6241->6242 6243 404ef9 6242->6243 6244 4066a5 17 API calls 6243->6244 6245 404f0f lstrlenW wsprintfW SetDlgItemTextW 6244->6245 6245->6234 6940 402434 6941 402467 6940->6941 6942 40243c 6940->6942 6943 402da6 17 API calls 6941->6943 6944 402de6 17 API calls 6942->6944 6946 40246e 6943->6946 6945 402443 6944->6945 6948 402da6 17 API calls 6945->6948 6949 40247b 6945->6949 6951 402e64 6946->6951 6950 402454 RegDeleteValueW RegCloseKey 6948->6950 6950->6949 6952 402e78 6951->6952 6953 402e71 6951->6953 6952->6953 6955 402ea9 6952->6955 6953->6949 6956 4064d5 RegOpenKeyExW 6955->6956 6957 402ed7 6956->6957 6958 402ee7 RegEnumValueW 6957->6958 6965 402f81 6957->6965 6967 402f0a 6957->6967 6959 402f71 RegCloseKey 6958->6959 6958->6967 6959->6965 6960 402f46 RegEnumKeyW 6961 402f4f RegCloseKey 6960->6961 6960->6967 6962 406a35 5 API calls 6961->6962 6963 402f5f 6962->6963 6963->6965 6966 402f63 RegDeleteKeyW 6963->6966 6964 402ea9 6 API calls 6964->6967 6965->6953 6966->6965 6967->6959 6967->6960 6967->6961 6967->6964 6968 404734 lstrlenW 6969 404753 6968->6969 6970 404755 WideCharToMultiByte 6968->6970 6969->6970 6971 401735 6972 402da6 17 API calls 6971->6972 6973 40173c SearchPathW 6972->6973 6974 401757 6973->6974 6975 401d38 6976 402d84 17 API calls 6975->6976 6977 401d3f 6976->6977 6978 402d84 17 API calls 6977->6978 6979 401d4b GetDlgItem 6978->6979 6980 402638 6979->6980 6411 40563e 6412 405662 6411->6412 6413 40564e 6411->6413 6416 40566a IsWindowVisible 6412->6416 6422 40568a 6412->6422 6414 405654 6413->6414 6415 4056ab 6413->6415 6418 404610 SendMessageW 6414->6418 6417 4056b0 CallWindowProcW 6415->6417 6416->6415 6419 405677 6416->6419 6420 40565e 6417->6420 6418->6420 6421 404f7f 5 API calls 6419->6421 6423 405681 6421->6423 6422->6417 6424 404fff 4 API calls 6422->6424 6423->6422 6424->6415 6981 40263e 6982 402652 6981->6982 6983 40266d 6981->6983 6984 402d84 17 API calls 6982->6984 6985 402672 6983->6985 6986 40269d 6983->6986 6995 402659 6984->6995 6988 402da6 17 API calls 6985->6988 6987 402da6 17 API calls 6986->6987 6990 4026a4 lstrlenW 6987->6990 6989 402679 6988->6989 6998 40668a WideCharToMultiByte 6989->6998 6990->6995 6992 40268d lstrlenA 6992->6995 6993 4026e7 6994 4026d1 6994->6993 6996 40620a WriteFile 6994->6996 6995->6993 6995->6994 6999 406239 SetFilePointer 6995->6999 6996->6993 6998->6992 7000 406255 6999->7000 7003 40626d 6999->7003 7001 4061db ReadFile 7000->7001 7002 406261 7001->7002 7002->7003 7004 406276 SetFilePointer 7002->7004 7005 40629e SetFilePointer 7002->7005 7003->6994 7004->7005 7006 406281 7004->7006 7005->7003 7007 40620a WriteFile 7006->7007 7007->7003 5700 4015c1 5701 402da6 17 API calls 5700->5701 5702 4015c8 5701->5702 5703 405fe2 4 API calls 5702->5703 5716 4015d1 5703->5716 5704 401631 5706 401636 5704->5706 5707 401663 5704->5707 5705 405f64 CharNextW 5705->5716 5719 401423 5706->5719 5709 401423 24 API calls 5707->5709 5715 40165b 5709->5715 5712 405c16 2 API calls 5712->5716 5713 405c33 5 API calls 5713->5716 5714 40164a SetCurrentDirectoryW 5714->5715 5716->5704 5716->5705 5716->5712 5716->5713 5717 401617 GetFileAttributesW 5716->5717 5718 405b99 4 API calls 5716->5718 5717->5716 5718->5716 5720 4056ca 24 API calls 5719->5720 5721 401431 5720->5721 5722 406668 lstrcpynW 5721->5722 5722->5714 5817 6f3a17be 5818 6f3a17f1 5817->5818 5828 6f3a2053 5818->5828 5820 6f3a1811 GetDlgItem GetWindowRect 5821 6f3a1834 CreateDialogParamW 5820->5821 5822 6f3a185e SetWindowPos SetWindowLongW GetProcessHeap HeapAlloc 5821->5822 5823 6f3a1852 5821->5823 5834 6f3a20b3 wsprintfW 5822->5834 5831 6f3a1e9c 5823->5831 5827 6f3a18c1 5837 6f3a1e4e 5828->5837 5830 6f3a206d 5830->5820 5832 6f3a185c 5831->5832 5833 6f3a1ea5 GlobalAlloc lstrcpynW 5831->5833 5832->5827 5833->5832 5835 6f3a1e9c 2 API calls 5834->5835 5836 6f3a20d7 5835->5836 5836->5827 5838 6f3a1e95 5837->5838 5840 6f3a1e58 5837->5840 5838->5830 5839 6f3a1e86 GlobalFree 5839->5838 5840->5838 5840->5839 5841 6f3a1e72 lstrcpynW 5840->5841 5841->5839 7008 4028c4 7009 4028ca 7008->7009 7010 4028d2 FindClose 7009->7010 7011 402c2a 7009->7011 7010->7011 7012 6f3a1cbe 7015 6f3a1c66 7012->7015 7016 6f3a2053 2 API calls 7015->7016 7017 6f3a1c6d 7016->7017 7018 6f3a2053 2 API calls 7017->7018 7019 6f3a1c74 IsWindow 7018->7019 7020 6f3a1c81 7019->7020 7021 6f3a1c87 7019->7021 7023 6f3a13d2 GetPropW 7020->7023 7024 6f3a13e5 7023->7024 7024->7021 5845 4040c5 5846 4040dd 5845->5846 5847 40423e 5845->5847 5846->5847 5848 4040e9 5846->5848 5849 40428f 5847->5849 5850 40424f GetDlgItem GetDlgItem 5847->5850 5851 4040f4 SetWindowPos 5848->5851 5852 404107 5848->5852 5854 4042e9 5849->5854 5864 401389 2 API calls 5849->5864 5853 4045c4 18 API calls 5850->5853 5851->5852 5856 404110 ShowWindow 5852->5856 5857 404152 5852->5857 5858 404279 KiUserCallbackDispatcher 5853->5858 5855 404610 SendMessageW 5854->5855 5870 404239 5854->5870 5886 4042fb 5855->5886 5859 404130 GetWindowLongW 5856->5859 5860 4041fc 5856->5860 5861 404171 5857->5861 5862 40415a DestroyWindow 5857->5862 5863 40140b 2 API calls 5858->5863 5859->5860 5866 404149 ShowWindow 5859->5866 5865 40462b 8 API calls 5860->5865 5867 404176 SetWindowLongW 5861->5867 5868 404187 5861->5868 5915 40454d 5862->5915 5863->5849 5869 4042c1 5864->5869 5865->5870 5866->5857 5867->5870 5868->5860 5873 404193 GetDlgItem 5868->5873 5869->5854 5874 4042c5 SendMessageW 5869->5874 5871 40140b 2 API calls 5871->5886 5872 40454f DestroyWindow EndDialog 5872->5915 5876 4041c1 5873->5876 5877 4041a4 SendMessageW IsWindowEnabled 5873->5877 5874->5870 5875 40457e ShowWindow 5875->5870 5879 4041ce 5876->5879 5880 404215 SendMessageW 5876->5880 5881 4041e1 5876->5881 5889 4041c6 5876->5889 5877->5870 5877->5876 5878 4066a5 17 API calls 5878->5886 5879->5880 5879->5889 5880->5860 5884 4041e9 5881->5884 5885 4041fe 5881->5885 5883 4045c4 18 API calls 5883->5886 5887 40140b 2 API calls 5884->5887 5888 40140b 2 API calls 5885->5888 5886->5870 5886->5871 5886->5872 5886->5878 5886->5883 5890 4045c4 18 API calls 5886->5890 5906 40448f DestroyWindow 5886->5906 5887->5889 5888->5889 5889->5860 5919 40459d 5889->5919 5891 404376 GetDlgItem 5890->5891 5892 404393 ShowWindow KiUserCallbackDispatcher 5891->5892 5893 40438b 5891->5893 5916 4045e6 KiUserCallbackDispatcher 5892->5916 5893->5892 5895 4043bd KiUserCallbackDispatcher 5900 4043d1 5895->5900 5896 4043d6 GetSystemMenu EnableMenuItem SendMessageW 5897 404406 SendMessageW 5896->5897 5896->5900 5897->5900 5899 4040a6 18 API calls 5899->5900 5900->5896 5900->5899 5917 4045f9 SendMessageW 5900->5917 5918 406668 lstrcpynW 5900->5918 5902 404435 lstrlenW 5903 4066a5 17 API calls 5902->5903 5904 40444b SetWindowTextW 5903->5904 5905 401389 2 API calls 5904->5905 5905->5886 5907 4044a9 CreateDialogParamW 5906->5907 5906->5915 5908 4044dc 5907->5908 5907->5915 5909 4045c4 18 API calls 5908->5909 5910 4044e7 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 5909->5910 5911 401389 2 API calls 5910->5911 5912 40452d 5911->5912 5912->5870 5913 404535 ShowWindow 5912->5913 5914 404610 SendMessageW 5913->5914 5914->5915 5915->5870 5915->5875 5916->5895 5917->5900 5918->5902 5920 4045a4 5919->5920 5921 4045aa SendMessageW 5919->5921 5920->5921 5921->5860 5996 4014cb 5997 4056ca 24 API calls 5996->5997 5998 4014d2 5997->5998 7025 4016cc 7026 402da6 17 API calls 7025->7026 7027 4016d2 GetFullPathNameW 7026->7027 7028 40170e 7027->7028 7029 4016ec 7027->7029 7030 401723 GetShortPathNameW 7028->7030 7031 402c2a 7028->7031 7029->7028 7032 40699e 2 API calls 7029->7032 7030->7031 7033 4016fe 7032->7033 7033->7028 7035 406668 lstrcpynW 7033->7035 7035->7028 7039 6f3a1bb4 7040 6f3a2053 2 API calls 7039->7040 7041 6f3a1bba IsWindow 7040->7041 7042 6f3a1bc7 7041->7042 7043 6f3a13d2 GetPropW 7042->7043 7044 6f3a1bd3 7043->7044 7045 6f3a1be5 7044->7045 7046 6f3a1e4e 2 API calls 7044->7046 7046->7045 7047 6f3a1cae 7048 6f3a1c66 4 API calls 7047->7048 7049 6f3a1cb5 7048->7049 7050 403cd5 7051 403ce0 7050->7051 7052 403ce7 GlobalAlloc 7051->7052 7053 403ce4 7051->7053 7052->7053 5999 4014d7 6000 402d84 17 API calls 5999->6000 6001 4014dd Sleep 6000->6001 6003 402c2a 6001->6003 6004 4020d8 6005 40219c 6004->6005 6006 4020ea 6004->6006 6008 401423 24 API calls 6005->6008 6007 402da6 17 API calls 6006->6007 6009 4020f1 6007->6009 6014 4022f6 6008->6014 6010 402da6 17 API calls 6009->6010 6011 4020fa 6010->6011 6012 402110 LoadLibraryExW 6011->6012 6013 402102 GetModuleHandleW 6011->6013 6012->6005 6015 402121 6012->6015 6013->6012 6013->6015 6026 406aa4 6015->6026 6018 402132 6020 402151 KiUserCallbackDispatcher 6018->6020 6021 40213a 6018->6021 6019 40216b 6022 4056ca 24 API calls 6019->6022 6023 402142 6020->6023 6024 401423 24 API calls 6021->6024 6022->6023 6023->6014 6025 40218e FreeLibrary 6023->6025 6024->6023 6025->6014 6031 40668a WideCharToMultiByte 6026->6031 6028 406ac1 6029 406ac8 GetProcAddress 6028->6029 6030 40212c 6028->6030 6029->6030 6030->6018 6030->6019 6031->6028 6061 401ede 6062 402d84 17 API calls 6061->6062 6063 401ee4 6062->6063 6064 402d84 17 API calls 6063->6064 6065 401ef0 6064->6065 6066 401f07 KiUserCallbackDispatcher 6065->6066 6067 401efc ShowWindow 6065->6067 6068 402c2a 6066->6068 6067->6068 7054 4028de 7055 4028e6 7054->7055 7056 4028ea FindNextFileW 7055->7056 7058 4028fc 7055->7058 7057 402943 7056->7057 7056->7058 7060 406668 lstrcpynW 7057->7060 7060->7058 7061 6f3a1b98 CreateControl 7062 402aeb 7063 402d84 17 API calls 7062->7063 7064 402af1 7063->7064 7065 4066a5 17 API calls 7064->7065 7066 40292e 7064->7066 7065->7066 7067 4026ec 7068 402d84 17 API calls 7067->7068 7075 4026fb 7068->7075 7069 402838 7070 402745 ReadFile 7070->7069 7070->7075 7071 4061db ReadFile 7071->7075 7072 402785 MultiByteToWideChar 7072->7075 7073 40283a 7080 4065af wsprintfW 7073->7080 7074 406239 5 API calls 7074->7075 7075->7069 7075->7070 7075->7071 7075->7072 7075->7073 7075->7074 7077 4027ab SetFilePointer MultiByteToWideChar 7075->7077 7079 40284b 7075->7079 7077->7075 7078 40286c SetFilePointer 7078->7069 7079->7069 7079->7078 7080->7069 6319 4023f4 6320 402da6 17 API calls 6319->6320 6321 402403 6320->6321 6322 402da6 17 API calls 6321->6322 6323 40240c 6322->6323 6324 402da6 17 API calls 6323->6324 6325 402416 GetPrivateProfileStringW 6324->6325 7081 4014f5 SetForegroundWindow 7082 402c2a 7081->7082 7083 6f3a148c 7084 6f3a13d2 GetPropW 7083->7084 7085 6f3a1497 7084->7085 7086 6f3a14d2 7085->7086 7087 6f3a14ba CallWindowProcW 7085->7087 7088 6f3a14a1 LoadCursorW SetCursor 7085->7088 7087->7086 7088->7086 7089 401ff6 7090 402da6 17 API calls 7089->7090 7091 401ffd 7090->7091 7092 40699e 2 API calls 7091->7092 7093 402003 7092->7093 7095 402014 7093->7095 7096 4065af wsprintfW 7093->7096 7096->7095 7097 6f5610e1 7098 6f561111 7097->7098 7099 6f5612b0 GlobalFree 7098->7099 7100 6f561240 GlobalFree 7098->7100 7101 6f5611d7 GlobalAlloc 7098->7101 7102 6f5612ab 7098->7102 7103 6f56135a 2 API calls 7098->7103 7104 6f561312 2 API calls 7098->7104 7105 6f56129a GlobalFree 7098->7105 7106 6f56116b GlobalAlloc 7098->7106 7107 6f561381 lstrcpyW 7098->7107 7100->7098 7101->7098 7102->7099 7103->7098 7104->7098 7105->7098 7106->7098 7107->7098 7108 4046fa lstrcpynW lstrlenW 6425 6fed1653 GlobalAlloc GlobalAlloc GlobalAlloc GlobalAlloc 6426 6fed18c6 2 API calls 6425->6426 6431 6fed16c4 6426->6431 6427 6fed1802 6428 6fed18c6 2 API calls 6427->6428 6437 6fed180a 6428->6437 6429 6fed16de lstrcmpiW 6429->6431 6432 6fed16f2 lstrcmpiW 6429->6432 6430 6fed1822 6434 6fed1840 6430->6434 6442 6fed1830 GetClassNameW 6430->6442 6431->6427 6431->6429 6436 6fed18c6 2 API calls 6431->6436 6447 6fed176f FindWindowExW 6431->6447 6449 6fed17b4 lstrcmpiW 6431->6449 6432->6431 6433 6fed170b lstrcmpiW 6432->6433 6433->6431 6438 6fed1724 lstrcmpiW 6433->6438 6435 6fed1851 CreateThread wsprintfW 6434->6435 6439 6fed1901 2 API calls 6435->6439 6451 6fed101d GlobalAlloc 6435->6451 6436->6431 6437->6430 6440 6fed18c6 2 API calls 6437->6440 6438->6431 6441 6fed173d lstrcmpiW 6438->6441 6444 6fed1880 6439->6444 6440->6430 6441->6431 6443 6fed1756 lstrcmpiW 6441->6443 6442->6434 6443->6431 6445 6fed1888 wait 6444->6445 6446 6fed18a1 6444->6446 6447->6431 6448 6fed1783 GetDlgItem wsprintfW 6447->6448 6448->6431 6449->6431 6450 6fed17d4 lstrcmpiW 6449->6450 6450->6431 6452 6fed107d GlobalAlloc 6451->6452 6453 6fed1091 6451->6453 6452->6453 6454 6fed10b4 CreatePipe 6453->6454 6455 6fed1096 GetModuleHandleW GetProcAddress 6453->6455 6456 6fed118d 6454->6456 6457 6fed10d1 CreatePipe 6454->6457 6455->6454 6458 6fed10b1 6455->6458 6459 6fed1566 GlobalFree GlobalFree GlobalFree GlobalFree GlobalFree 6456->6459 6457->6456 6460 6fed10e8 GetCurrentProcess GetCurrentProcess DuplicateHandle 6457->6460 6458->6454 6461 6fed158c 6459->6461 6462 6fed1587 GlobalFree 6459->6462 6460->6456 6463 6fed110e GetCurrentProcess GetCurrentProcess DuplicateHandle 6460->6463 6462->6461 6463->6456 6464 6fed112d GetCurrentProcess GetCurrentProcess DuplicateHandle 6463->6464 6464->6456 6465 6fed114c CreateProcessW 6464->6465 6465->6456 6466 6fed1199 CloseHandle 6465->6466 6466->6456 6467 6fed11ac CloseHandle 6466->6467 6467->6456 6468 6fed11b9 CloseHandle 6467->6468 6468->6456 6469 6fed11c6 CloseHandle 6468->6469 6469->6456 6470 6fed11d3 CloseHandle 6469->6470 6470->6456 6471 6fed11e0 CloseHandle 6470->6471 6471->6456 6472 6fed11ed lstrlenW 6471->6472 6473 6fed11fc lstrlenW WriteFile 6472->6473 6474 6fed122a 6472->6474 6475 6fed1217 lstrlenW 6473->6475 6476 6fed1256 6473->6476 6478 6fed1237 CreateFileW 6474->6478 6500 6fed126e 6474->6500 6475->6476 6477 6fed1221 FlushFileBuffers 6475->6477 6476->6459 6477->6474 6478->6476 6478->6500 6479 6fed127e PeekNamedPipe 6480 6fed1327 6479->6480 6482 6fed1297 GetExitCodeProcess 6479->6482 6481 6fed133d 6480->6481 6483 6fed1901 2 API calls 6480->6483 6484 6fed134e GetExitCodeProcess 6481->6484 6485 6fed1349 CloseHandle 6481->6485 6482->6480 6482->6500 6483->6481 6486 6fed1535 6484->6486 6487 6fed1363 6484->6487 6485->6484 6489 6fed153c CloseHandle CloseHandle CloseHandle 6486->6489 6487->6489 6490 6fed1370 TerminateProcess 6487->6490 6488 6fed1518 Sleep 6488->6500 6489->6459 6490->6489 6491 6fed12be ReadFile 6491->6500 6492 6fed1500 FlushFileBuffers 6492->6500 6493 6fed12f8 WriteFile 6494 6fed1314 6493->6494 6495 6fed1320 6493->6495 6494->6495 6494->6500 6495->6480 6496 6fed1901 GlobalAlloc lstrcpynW 6496->6500 6497 6fed13e9 lstrcmpiW 6498 6fed13fb SendMessageW SendMessageW 6497->6498 6499 6fed1431 lstrcmpiW 6497->6499 6501 6fed14c1 SendMessageW 6498->6501 6502 6fed148f lstrcatW SendMessageW SendMessageW 6499->6502 6503 6fed1443 lstrcmpiW 6499->6503 6500->6479 6500->6480 6500->6488 6500->6491 6500->6492 6500->6493 6500->6496 6500->6497 6501->6500 6502->6501 6503->6502 6504 6fed1455 lstrcmpiW 6503->6504 6504->6500 6505 6fed1467 SendMessageW SendMessageW 6504->6505 6505->6500 7116 6f5623e9 7117 6f562453 7116->7117 7118 6f56245e GlobalAlloc 7117->7118 7119 6f56247d 7117->7119 7118->7117 7120 4022ff 7121 402da6 17 API calls 7120->7121 7122 402305 7121->7122 7123 402da6 17 API calls 7122->7123 7124 40230e 7123->7124 7125 402da6 17 API calls 7124->7125 7126 402317 7125->7126 7127 40699e 2 API calls 7126->7127 7128 402320 7127->7128 7129 402331 lstrlenW lstrlenW 7128->7129 7133 402324 7128->7133 7131 4056ca 24 API calls 7129->7131 7130 4056ca 24 API calls 7134 40232c 7130->7134 7132 40236f SHFileOperationW 7131->7132 7132->7133 7132->7134 7133->7130 7133->7134 7135 4019ff 7136 402da6 17 API calls 7135->7136 7137 401a06 7136->7137 7138 402da6 17 API calls 7137->7138 7139 401a0f 7138->7139 7140 401a16 lstrcmpiW 7139->7140 7141 401a28 lstrcmpW 7139->7141 7142 401a1c 7140->7142 7141->7142 5723 401d81 5724 401d94 GetDlgItem 5723->5724 5725 401d87 5723->5725 5726 401d8e 5724->5726 5734 402d84 5725->5734 5728 401dd5 GetClientRect LoadImageW SendMessageW 5726->5728 5729 402da6 17 API calls 5726->5729 5731 401e33 5728->5731 5733 401e3f 5728->5733 5729->5728 5732 401e38 DeleteObject 5731->5732 5731->5733 5732->5733 5735 4066a5 17 API calls 5734->5735 5736 402d99 5735->5736 5736->5726 5759 404783 5760 40479b 5759->5760 5764 4048b5 5759->5764 5790 4045c4 5760->5790 5761 40491f 5762 4049e9 5761->5762 5763 404929 GetDlgItem 5761->5763 5802 40462b 5762->5802 5766 404943 5763->5766 5767 4049aa 5763->5767 5764->5761 5764->5762 5768 4048f0 GetDlgItem SendMessageW 5764->5768 5766->5767 5774 404969 SendMessageW LoadCursorW SetCursor 5766->5774 5767->5762 5775 4049bc 5767->5775 5795 4045e6 KiUserCallbackDispatcher 5768->5795 5769 404802 5772 4045c4 18 API calls 5769->5772 5777 40480f CheckDlgButton 5772->5777 5773 4049e4 5799 404a32 5774->5799 5779 4049d2 5775->5779 5780 4049c2 SendMessageW 5775->5780 5776 40491a 5796 404a0e 5776->5796 5793 4045e6 KiUserCallbackDispatcher 5777->5793 5779->5773 5781 4049d8 SendMessageW 5779->5781 5780->5779 5781->5773 5785 40482d GetDlgItem 5794 4045f9 SendMessageW 5785->5794 5787 404843 SendMessageW 5788 404860 GetSysColor 5787->5788 5789 404869 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 5787->5789 5788->5789 5789->5773 5791 4066a5 17 API calls 5790->5791 5792 4045cf SetDlgItemTextW 5791->5792 5792->5769 5793->5785 5794->5787 5795->5776 5797 404a21 SendMessageW 5796->5797 5798 404a1c 5796->5798 5797->5761 5798->5797 5816 405c8e ShellExecuteExW 5799->5816 5801 404998 LoadCursorW SetCursor 5801->5767 5803 4046ee 5802->5803 5804 404643 GetWindowLongW 5802->5804 5803->5773 5804->5803 5805 404658 5804->5805 5805->5803 5806 404685 GetSysColor 5805->5806 5807 404688 5805->5807 5806->5807 5808 404698 SetBkMode 5807->5808 5809 40468e SetTextColor 5807->5809 5810 4046b0 GetSysColor 5808->5810 5811 4046b6 5808->5811 5809->5808 5810->5811 5812 4046c7 5811->5812 5813 4046bd SetBkColor 5811->5813 5812->5803 5814 4046e1 CreateBrushIndirect 5812->5814 5815 4046da DeleteObject 5812->5815 5813->5812 5814->5803 5815->5814 5816->5801 7143 402383 7144 40239d 7143->7144 7145 40238a 7143->7145 7146 4066a5 17 API calls 7145->7146 7147 402397 7146->7147 7147->7144 7148 405cc8 MessageBoxIndirectW 7147->7148 7148->7144 5971 40248a 5972 402da6 17 API calls 5971->5972 5973 40249c 5972->5973 5974 402da6 17 API calls 5973->5974 5975 4024a6 5974->5975 5988 402e36 5975->5988 5978 402c2a 5979 4024de 5982 402d84 17 API calls 5979->5982 5984 4024ea 5979->5984 5980 402da6 17 API calls 5981 4024d4 lstrlenW 5980->5981 5981->5979 5982->5984 5983 402509 RegSetValueExW 5986 40251f RegCloseKey 5983->5986 5984->5983 5985 403371 44 API calls 5984->5985 5985->5983 5986->5978 5989 402e51 5988->5989 5992 406503 5989->5992 5993 406512 5992->5993 5994 4024b6 5993->5994 5995 40651d RegCreateKeyExW 5993->5995 5994->5978 5994->5979 5994->5980 5995->5994 7149 401491 7150 4056ca 24 API calls 7149->7150 7151 401498 7150->7151 7152 402891 7153 402898 7152->7153 7155 402ba9 7152->7155 7154 402d84 17 API calls 7153->7154 7156 40289f 7154->7156 7157 4028ae SetFilePointer 7156->7157 7157->7155 7158 4028be 7157->7158 7160 4065af wsprintfW 7158->7160 7160->7155 7161 402f93 7162 402fa5 SetTimer 7161->7162 7163 402fbe 7161->7163 7162->7163 7164 40300c 7163->7164 7165 403012 MulDiv 7163->7165 7166 402fcc wsprintfW SetWindowTextW SetDlgItemTextW 7165->7166 7166->7164 7175 6f3a10ef 7176 6f3a1e4e 2 API calls 7175->7176 7177 6f3a1151 7176->7177 7178 6f3a1e4e 2 API calls 7177->7178 7179 6f3a1158 7178->7179 7180 6f3a1e4e 2 API calls 7179->7180 7181 6f3a115f lstrcmpiW GetFileAttributesW 7180->7181 7182 6f3a11a8 7181->7182 7183 6f3a1185 7181->7183 7184 6f3a11b2 lstrcpyW 7182->7184 7190 6f3a11be 7182->7190 7183->7182 7185 6f3a1189 lstrcpyW 7183->7185 7184->7190 7185->7182 7186 6f3a11e5 GetCurrentDirectoryW 7188 6f3a120d GetOpenFileNameW 7186->7188 7189 6f3a1205 GetSaveFileNameW 7186->7189 7187 6f3a11d8 CharNextW 7187->7190 7191 6f3a120f 7188->7191 7189->7191 7190->7186 7190->7187 7192 6f3a123a 7191->7192 7193 6f3a1213 CommDlgExtendedError 7191->7193 7195 6f3a1e9c 2 API calls 7192->7195 7193->7192 7194 6f3a1220 7193->7194 7196 6f3a1238 GetOpenFileNameW 7194->7196 7197 6f3a1230 GetSaveFileNameW 7194->7197 7198 6f3a124f SetCurrentDirectoryW 7195->7198 7196->7192 7197->7192 6032 401b9b 6033 401bec 6032->6033 6035 401ba8 6032->6035 6034 401c16 GlobalAlloc 6033->6034 6036 401bf1 6033->6036 6037 4066a5 17 API calls 6034->6037 6040 401bbf 6035->6040 6042 401c31 6035->6042 6045 40239d 6036->6045 6053 406668 lstrcpynW 6036->6053 6037->6042 6038 4066a5 17 API calls 6039 402397 6038->6039 6039->6045 6046 405cc8 MessageBoxIndirectW 6039->6046 6051 406668 lstrcpynW 6040->6051 6042->6038 6042->6045 6044 401c03 GlobalFree 6044->6045 6046->6045 6047 401bce 6052 406668 lstrcpynW 6047->6052 6049 401bdd 6054 406668 lstrcpynW 6049->6054 6051->6047 6052->6049 6053->6044 6054->6045 7206 6f3a1be7 7207 6f3a2053 2 API calls 7206->7207 7208 6f3a1bed IsWindow 7207->7208 7209 6f3a1bfa 7208->7209 7210 6f3a1c00 7208->7210 7211 6f3a13d2 GetPropW 7209->7211 7212 6f3a1e9c 2 API calls 7210->7212 7211->7210 7213 6f3a1c14 7212->7213 6069 40259e 6080 402de6 6069->6080 6072 402d84 17 API calls 6073 4025b1 6072->6073 6074 4025d9 RegEnumValueW 6073->6074 6075 4025cd RegEnumKeyW 6073->6075 6078 40292e 6073->6078 6076 4025f5 RegCloseKey 6074->6076 6077 4025ee 6074->6077 6075->6076 6076->6078 6077->6076 6081 402da6 17 API calls 6080->6081 6082 402dfd 6081->6082 6083 4064d5 RegOpenKeyExW 6082->6083 6084 4025a8 6083->6084 6084->6072 7214 40149e 7215 4014ac PostQuitMessage 7214->7215 7216 40239d 7214->7216 7215->7216 7217 4015a3 7218 402da6 17 API calls 7217->7218 7219 4015aa SetFileAttributesW 7218->7219 7220 4015bc 7219->7220 7221 6fed160e 7222 6fed18c6 2 API calls 7221->7222 7223 6fed161d 7222->7223 7224 6fed162a WaitForSingleObject 7223->7224 7225 6fed163f 7223->7225 7224->7225 7226 6fed1901 2 API calls 7225->7226 7227 6fed1651 7226->7227 6085 401fa4 6086 402da6 17 API calls 6085->6086 6087 401faa 6086->6087 6088 4056ca 24 API calls 6087->6088 6089 401fb4 6088->6089 6090 405c4b 2 API calls 6089->6090 6091 401fba 6090->6091 6094 40292e 6091->6094 6099 401fdd CloseHandle 6091->6099 6100 406ae0 WaitForSingleObject 6091->6100 6095 401fcf 6096 401fd4 6095->6096 6097 401fdf 6095->6097 6105 4065af wsprintfW 6096->6105 6097->6099 6099->6094 6101 406afa 6100->6101 6102 406b0c GetExitCodeProcess 6101->6102 6103 406a71 2 API calls 6101->6103 6102->6095 6104 406b01 WaitForSingleObject 6103->6104 6104->6101 6105->6099 7228 4021aa 7229 402da6 17 API calls 7228->7229 7230 4021b1 7229->7230 7231 402da6 17 API calls 7230->7231 7232 4021bb 7231->7232 7233 402da6 17 API calls 7232->7233 7234 4021c5 7233->7234 7235 402da6 17 API calls 7234->7235 7236 4021cf 7235->7236 7237 402da6 17 API calls 7236->7237 7238 4021d9 7237->7238 7239 402218 CoCreateInstance 7238->7239 7240 402da6 17 API calls 7238->7240 7243 402237 7239->7243 7240->7239 7241 401423 24 API calls 7242 4022f6 7241->7242 7243->7241 7243->7242 7251 6f3a14d6 7252 6f3a14ee 7251->7252 7253 6f3a1775 7251->7253 7254 6f3a1666 7252->7254 7255 6f3a14f7 7252->7255 7256 6f3a1781 RemovePropW 7253->7256 7283 6f3a15b3 7253->7283 7257 6f3a13d2 GetPropW 7254->7257 7258 6f3a15e0 7255->7258 7259 6f3a1500 7255->7259 7256->7256 7256->7283 7261 6f3a1687 7257->7261 7260 6f3a13d2 GetPropW 7258->7260 7262 6f3a153c GetDlgItem 7259->7262 7263 6f3a1507 7259->7263 7265 6f3a15ea 7260->7265 7266 6f3a168f GetWindowTextW DrawTextW 7261->7266 7261->7283 7264 6f3a13d2 GetPropW 7262->7264 7267 6f3a1524 SendMessageW 7263->7267 7263->7283 7276 6f3a1552 7264->7276 7269 6f3a20b3 3 API calls 7265->7269 7265->7283 7268 6f3a16e3 7266->7268 7267->7283 7270 6f3a1717 GetWindowLongW 7268->7270 7271 6f3a174b 7268->7271 7272 6f3a1618 7269->7272 7274 6f3a1726 7270->7274 7275 6f3a1735 DrawTextW 7270->7275 7279 6f3a1763 DrawFocusRect 7271->7279 7271->7283 7273 6f3a20b3 3 API calls 7272->7273 7277 6f3a1620 7273->7277 7286 6f3a17ac GetSysColor 7274->7286 7275->7271 7281 6f3a20b3 3 API calls 7276->7281 7276->7283 7280 6f3a20b3 3 API calls 7277->7280 7279->7283 7284 6f3a1627 7280->7284 7281->7283 7284->7283 7285 6f3a1653 SetWindowLongW 7284->7285 7285->7283 7287 6f3a172b SetTextColor 7286->7287 7287->7275 6246 4023b2 6247 4023c0 6246->6247 6248 4023ba 6246->6248 6250 402da6 17 API calls 6247->6250 6253 4023ce 6247->6253 6249 402da6 17 API calls 6248->6249 6249->6247 6250->6253 6251 402da6 17 API calls 6254 4023dc 6251->6254 6252 402da6 17 API calls 6255 4023e5 WritePrivateProfileStringW 6252->6255 6253->6251 6253->6254 6254->6252 6256 6f3a18c9 GetProcessHeap RtlAllocateHeap 6257 6f3a190f 6256->6257 6258 6f3a1900 6256->6258 6260 6f3a1e4e 2 API calls 6257->6260 6259 6f3a1e9c 2 API calls 6258->6259 6261 6f3a190a 6259->6261 6262 6f3a1917 6260->6262 6263 6f3a1b93 6261->6263 6264 6f3a194c 6262->6264 6292 6f3a2083 6262->6292 6265 6f3a1e9c 2 API calls 6264->6265 6268 6f3a1956 GetProcessHeap 6265->6268 6267 6f3a1920 6269 6f3a2083 2 API calls 6267->6269 6270 6f3a1b8c HeapFree 6268->6270 6271 6f3a1928 6269->6271 6270->6263 6295 6f3a125b GetClientRect 6271->6295 6273 6f3a1940 6274 6f3a1e4e 2 API calls 6273->6274 6275 6f3a1948 6274->6275 6275->6264 6276 6f3a1960 GetProcessHeap RtlReAllocateHeap lstrcmpiW 6275->6276 6277 6f3a19bb lstrcmpiW 6276->6277 6280 6f3a19a0 6276->6280 6278 6f3a19e2 lstrcmpiW 6277->6278 6277->6280 6279 6f3a1a09 lstrcmpiW 6278->6279 6278->6280 6279->6280 6281 6f3a1a30 lstrcmpiW 6279->6281 6282 6f3a1adb lstrcmpiW 6280->6282 6281->6280 6283 6f3a1a54 lstrcmpiW 6281->6283 6284 6f3a1aec CreateWindowExW SetPropW SendMessageW SendMessageW 6282->6284 6285 6f3a1ae7 6282->6285 6283->6280 6288 6f3a1a78 lstrcmpiW 6283->6288 6286 6f3a1b7b 6284->6286 6287 6f3a1b60 SetWindowLongW 6284->6287 6285->6284 6289 6f3a20b3 3 API calls 6286->6289 6287->6286 6288->6280 6290 6f3a1a9c lstrcmpiW 6288->6290 6291 6f3a1b81 GetProcessHeap 6289->6291 6290->6280 6291->6270 6293 6f3a1e4e 2 API calls 6292->6293 6294 6f3a209d 6293->6294 6294->6267 6296 6f3a1e4e 2 API calls 6295->6296 6297 6f3a1292 6296->6297 6298 6f3a1303 6297->6298 6312 6f3a1332 lstrlenW CharPrevW 6297->6312 6298->6273 6301 6f3a1e4e 2 API calls 6302 6f3a12b6 6301->6302 6302->6298 6303 6f3a1332 4 API calls 6302->6303 6304 6f3a12c9 6303->6304 6305 6f3a1e4e 2 API calls 6304->6305 6306 6f3a12db 6305->6306 6306->6298 6307 6f3a1332 4 API calls 6306->6307 6308 6f3a12ed 6307->6308 6309 6f3a1e4e 2 API calls 6308->6309 6310 6f3a12ff 6309->6310 6310->6298 6311 6f3a1332 4 API calls 6310->6311 6311->6298 6313 6f3a1358 6312->6313 6314 6f3a1360 MulDiv 6313->6314 6315 6f3a1375 6313->6315 6318 6f3a12a4 6314->6318 6317 6f3a137b MapDialogRect 6315->6317 6315->6318 6317->6318 6318->6301 6326 6f3a1cce SendMessageW ShowWindow 6327 6f3a1d02 6326->6327 6328 6f3a1d53 SetWindowLongW 6326->6328 6329 6f3a1d09 KiUserCallbackDispatcher IsDialogMessageW 6327->6329 6332 6f3a1d52 6327->6332 6329->6327 6330 6f3a1d26 IsDialogMessageW 6329->6330 6330->6327 6331 6f3a1d36 TranslateMessage DispatchMessageW 6330->6331 6331->6327 6332->6328 6333 404ab5 6334 404ae1 6333->6334 6335 404af2 6333->6335 6402 405cac GetDlgItemTextW 6334->6402 6336 404afe GetDlgItem 6335->6336 6343 404b6a 6335->6343 6339 404b12 6336->6339 6338 404aec 6341 4068ef 5 API calls 6338->6341 6342 404b26 SetWindowTextW 6339->6342 6346 405fe2 4 API calls 6339->6346 6340 404c41 6396 404df0 6340->6396 6400 405cac GetDlgItemTextW 6340->6400 6341->6335 6349 4045c4 18 API calls 6342->6349 6343->6340 6347 4066a5 17 API calls 6343->6347 6343->6396 6345 40462b 8 API calls 6350 404e04 6345->6350 6351 404b1c 6346->6351 6352 404bd1 SHBrowseForFolderW 6347->6352 6348 404c71 6353 40603f 18 API calls 6348->6353 6354 404b42 6349->6354 6351->6342 6358 405f37 3 API calls 6351->6358 6352->6340 6355 404be9 CoTaskMemFree 6352->6355 6356 404c77 6353->6356 6357 4045c4 18 API calls 6354->6357 6359 405f37 3 API calls 6355->6359 6401 406668 lstrcpynW 6356->6401 6360 404b50 6357->6360 6358->6342 6363 404bf6 6359->6363 6399 4045f9 SendMessageW 6360->6399 6364 404c2d SetDlgItemTextW 6363->6364 6369 4066a5 17 API calls 6363->6369 6364->6340 6365 404c8e 6367 406a35 5 API calls 6365->6367 6366 404b56 6368 406a35 5 API calls 6366->6368 6377 404c95 6367->6377 6370 404b5d 6368->6370 6371 404c15 lstrcmpiW 6369->6371 6373 404b65 SHAutoComplete 6370->6373 6370->6396 6371->6364 6374 404c26 lstrcatW 6371->6374 6372 404cd6 6403 406668 lstrcpynW 6372->6403 6373->6343 6374->6364 6375 404ca4 GetDiskFreeSpaceExW 6375->6377 6385 404d2e 6375->6385 6377->6372 6377->6375 6380 405f83 2 API calls 6377->6380 6378 404cdd 6379 405fe2 4 API calls 6378->6379 6381 404ce3 6379->6381 6380->6377 6382 404ce9 6381->6382 6383 404cec GetDiskFreeSpaceW 6381->6383 6382->6383 6384 404d07 MulDiv 6383->6384 6383->6385 6384->6385 6386 404d9f 6385->6386 6388 404f3a 20 API calls 6385->6388 6387 404dc2 6386->6387 6389 40140b 2 API calls 6386->6389 6404 4045e6 KiUserCallbackDispatcher 6387->6404 6390 404d8c 6388->6390 6389->6387 6391 404da1 SetDlgItemTextW 6390->6391 6392 404d91 6390->6392 6391->6386 6394 404e71 20 API calls 6392->6394 6394->6386 6395 404dde 6395->6396 6397 404deb 6395->6397 6396->6345 6398 404a0e SendMessageW 6397->6398 6398->6396 6399->6366 6400->6348 6401->6365 6402->6338 6403->6378 6404->6395 7293 4014b8 7294 4014be 7293->7294 7295 401389 2 API calls 7294->7295 7296 4014c6 7295->7296 7297 6f3a1cc6 7300 6f3a1c9b 7297->7300 7301 6f3a2053 2 API calls 7300->7301 7302 6f3a1ca0 7301->7302

                                                                                                                              Executed Functions

                                                                                                                              Function 00403640 Relevance: 91.4, APIs: 33, Strings: 19, Instructions: 450stringfilecomCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 90 403640-403690 SetErrorMode GetVersionExW 91 403692-4036c6 GetVersionExW 90->91 92 4036ca-4036d1 90->92 91->92 93 4036d3 92->93 94 4036db-40371b 92->94 93->94 95 40371d-403725 call 406a35 94->95 96 40372e 94->96 95->96 101 403727 95->101 98 403733-403747 call 4069c5 lstrlenA 96->98 103 403749-403765 call 406a35 * 3 98->103 101->96 110 403776-4037d8 #17 OleInitialize SHGetFileInfoW call 406668 GetCommandLineW call 406668 103->110 111 403767-40376d 103->111 118 4037e1-4037f4 call 405f64 CharNextW 110->118 119 4037da-4037dc 110->119 111->110 115 40376f 111->115 115->110 122 4038eb-4038f1 118->122 119->118 123 4038f7 122->123 124 4037f9-4037ff 122->124 127 40390b-403925 GetTempPathW call 40360f 123->127 125 403801-403806 124->125 126 403808-40380e 124->126 125->125 125->126 128 403810-403814 126->128 129 403815-403819 126->129 137 403927-403945 GetWindowsDirectoryW lstrcatW call 40360f 127->137 138 40397d-403995 DeleteFileW call 4030d0 127->138 128->129 131 4038d9-4038e7 call 405f64 129->131 132 40381f-403825 129->132 131->122 148 4038e9-4038ea 131->148 135 403827-40382e 132->135 136 40383f-403878 132->136 141 403830-403833 135->141 142 403835 135->142 143 403894-4038ce 136->143 144 40387a-40387f 136->144 137->138 152 403947-403977 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 40360f 137->152 154 40399b-4039a1 138->154 155 403b6c-403b7a call 403c25 OleUninitialize 138->155 141->136 141->142 142->136 146 4038d0-4038d4 143->146 147 4038d6-4038d8 143->147 144->143 150 403881-403889 144->150 146->147 153 4038f9-403906 call 406668 146->153 147->131 148->122 156 403890 150->156 157 40388b-40388e 150->157 152->138 152->155 153->127 159 4039a7-4039ba call 405f64 154->159 160 403a48-403a4f call 403d17 154->160 169 403b91-403b97 155->169 170 403b7c-403b8b call 405cc8 ExitProcess 155->170 156->143 157->143 157->156 174 403a0c-403a19 159->174 175 4039bc-4039f1 159->175 168 403a54-403a57 160->168 168->155 172 403b99-403bae GetCurrentProcess OpenProcessToken 169->172 173 403c0f-403c17 169->173 179 403bb0-403bd9 LookupPrivilegeValueW AdjustTokenPrivileges 172->179 180 403bdf-403bed call 406a35 172->180 182 403c19 173->182 183 403c1c-403c1f ExitProcess 173->183 176 403a1b-403a29 call 40603f 174->176 177 403a5c-403a70 call 405c33 lstrcatW 174->177 181 4039f3-4039f7 175->181 176->155 193 403a2f-403a45 call 406668 * 2 176->193 196 403a72-403a78 lstrcatW 177->196 197 403a7d-403a97 lstrcatW lstrcmpiW 177->197 179->180 194 403bfb-403c06 ExitWindowsEx 180->194 195 403bef-403bf9 180->195 187 403a00-403a08 181->187 188 4039f9-4039fe 181->188 182->183 187->181 192 403a0a 187->192 188->187 188->192 192->174 193->160 194->173 201 403c08-403c0a call 40140b 194->201 195->194 195->201 196->197 198 403b6a 197->198 199 403a9d-403aa0 197->199 198->155 202 403aa2-403aa7 call 405b99 199->202 203 403aa9 call 405c16 199->203 201->173 211 403aae-403abe SetCurrentDirectoryW 202->211 203->211 213 403ac0-403ac6 call 406668 211->213 214 403acb-403af7 call 406668 211->214 213->214 218 403afc-403b17 call 4066a5 DeleteFileW 214->218 221 403b57-403b61 218->221 222 403b19-403b29 CopyFileW 218->222 221->218 224 403b63-403b65 call 406428 221->224 222->221 223 403b2b-403b4b call 406428 call 4066a5 call 405c4b 222->223 223->221 232 403b4d-403b54 CloseHandle 223->232 224->198 232->221
                                                                                                                              C-Code - Quality: 79%
                                                                                                                              			_entry_() {
				WCHAR* _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				int _v24;
				int _v28;
				struct _TOKEN_PRIVILEGES _v40;
				signed char _v42;
				int _v44;
				signed int _v48;
				intOrPtr _v278;
				signed short _v310;
				struct _OSVERSIONINFOW _v324;
				struct _SHFILEINFOW _v1016;
				intOrPtr* _t88;
				WCHAR* _t92;
				char* _t94;
				void _t97;
				void* _t116;
				WCHAR* _t118;
				signed int _t120;
				intOrPtr* _t124;
				void* _t138;
				short _t144;
				void* _t149;
				void* _t153;
				void* _t158;
				signed int _t168;
				void* _t171;
				void* _t176;
				intOrPtr _t178;
				intOrPtr _t179;
				intOrPtr* _t180;
				int _t189;
				void* _t190;
				void* _t199;
				signed int _t205;
				signed int _t210;
				signed int _t215;
				signed int _t217;
				int* _t219;
				signed int _t227;
				signed int _t230;
				CHAR* _t232;
				char* _t233;
				signed int _t234;
				WCHAR* _t235;
				void* _t251;

				_t217 = 0x20;
				_t189 = 0;
				_v24 = 0;
				_v8 = L"Error writing temporary file. Make sure your temp folder is valid.";
				_v20 = 0;
				SetErrorMode(0x8001); // executed
				_v324.szCSDVersion = 0;
				_v48 = 0;
				_v44 = 0;
				_v324.dwOSVersionInfoSize = 0x11c;
				if(GetVersionExW( &_v324) == 0) {
					_v324.dwOSVersionInfoSize = 0x114;
					GetVersionExW( &_v324);
					asm("sbb eax, eax");
					_v42 = 4;
					_v48 =  !( ~(_v324.szCSDVersion - 0x53)) & _v278 + 0xffffffd0;
				}
				if(_v324.dwMajorVersion < 0xa) {
					_v310 = _v310 & 0x00000000;
				}
				 *0x42a318 = _v324.dwBuildNumber;
				 *0x42a31c = (_v324.dwMajorVersion & 0x0000ffff | _v324.dwMinorVersion & 0x000000ff) << 0x00000010 | _v48 & 0x0000ffff | _v42 & 0x000000ff;
				if( *0x42a31e != 0x600) {
					_t180 = E00406A35(_t189);
					if(_t180 != _t189) {
						 *_t180(0xc00);
					}
				}
				_t232 = "UXTHEME";
				do {
					E004069C5(_t232); // executed
					_t232 =  &(_t232[lstrlenA(_t232) + 1]);
				} while ( *_t232 != 0);
				E00406A35(0xb);
				 *0x42a264 = E00406A35(9);
				_t88 = E00406A35(7);
				if(_t88 != _t189) {
					_t88 =  *_t88(0x1e);
					if(_t88 != 0) {
						 *0x42a31c =  *0x42a31c | 0x00000080;
					}
				}
				__imp__#17();
				__imp__OleInitialize(_t189); // executed
				 *0x42a320 = _t88;
				SHGetFileInfoW(0x421708, _t189,  &_v1016, 0x2b4, _t189); // executed
				E00406668(0x429260, L"NSIS Error");
				_t92 = GetCommandLineW();
				_t233 = L"\"C:\\Users\\alfons\\Desktop\\winamp59_9999_rc1_full_en-us.exe\" ";
				E00406668(_t233, _t92);
				_t94 = _t233;
				_t234 = 0x22;
				 *0x42a260 = 0x400000;
				_t251 = L"\"C:\\Users\\alfons\\Desktop\\winamp59_9999_rc1_full_en-us.exe\" " - _t234; // 0x22
				if(_t251 == 0) {
					_t217 = _t234;
					_t94 =  &M00435002;
				}
				_t199 = CharNextW(E00405F64(_t94, _t217));
				_v16 = _t199;
				while(1) {
					_t97 =  *_t199;
					_t252 = _t97 - _t189;
					if(_t97 == _t189) {
						break;
					}
					_t210 = 0x20;
					__eflags = _t97 - _t210;
					if(_t97 != _t210) {
						L17:
						__eflags =  *_t199 - _t234;
						_v12 = _t210;
						if( *_t199 == _t234) {
							_v12 = _t234;
							_t199 = _t199 + 2;
							__eflags = _t199;
						}
						__eflags =  *_t199 - 0x2f;
						if( *_t199 != 0x2f) {
							L32:
							_t199 = E00405F64(_t199, _v12);
							__eflags =  *_t199 - _t234;
							if(__eflags == 0) {
								_t199 = _t199 + 2;
								__eflags = _t199;
							}
							continue;
						} else {
							_t199 = _t199 + 2;
							__eflags =  *_t199 - 0x53;
							if( *_t199 != 0x53) {
								L24:
								asm("cdq");
								asm("cdq");
								_t215 = L"NCRC" & 0x0000ffff;
								asm("cdq");
								_t227 = ( *0x40a37e & 0x0000ffff) << 0x00000010 |  *0x40a37c & 0x0000ffff | _t215;
								__eflags =  *_t199 - (( *0x40a37a & 0x0000ffff) << 0x00000010 | _t215);
								if( *_t199 != (( *0x40a37a & 0x0000ffff) << 0x00000010 | _t215)) {
									L29:
									asm("cdq");
									asm("cdq");
									_t210 = L" /D=" & 0x0000ffff;
									asm("cdq");
									_t230 = ( *0x40a372 & 0x0000ffff) << 0x00000010 |  *0x40a370 & 0x0000ffff | _t210;
									__eflags =  *(_t199 - 4) - (( *0x40a36e & 0x0000ffff) << 0x00000010 | _t210);
									if( *(_t199 - 4) != (( *0x40a36e & 0x0000ffff) << 0x00000010 | _t210)) {
										L31:
										_t234 = 0x22;
										goto L32;
									}
									__eflags =  *_t199 - _t230;
									if( *_t199 == _t230) {
										 *(_t199 - 4) = _t189;
										__eflags = _t199;
										E00406668(L"C:\\Program Files (x86)\\Winamp", _t199);
										L37:
										_t235 = L"C:\\Users\\alfons\\AppData\\Local\\Temp\\";
										GetTempPathW(0x400, _t235);
										_t116 = E0040360F(_t199, _t252);
										_t253 = _t116;
										if(_t116 != 0) {
											L40:
											DeleteFileW(L"1033"); // executed
											_t118 = E004030D0(_t255, _v20); // executed
											_v8 = _t118;
											if(_t118 != _t189) {
												L68:
												E00403C25();
												__imp__OleUninitialize();
												if(_v8 == _t189) {
													if( *0x42a2f4 == _t189) {
														L77:
														_t120 =  *0x42a30c;
														if(_t120 != 0xffffffff) {
															_v24 = _t120;
														}
														ExitProcess(_v24);
													}
													if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v16) != 0) {
														LookupPrivilegeValueW(_t189, L"SeShutdownPrivilege",  &(_v40.Privileges));
														_v40.PrivilegeCount = 1;
														_v28 = 2;
														AdjustTokenPrivileges(_v16, _t189,  &_v40, _t189, _t189, _t189);
													}
													_t124 = E00406A35(4);
													if(_t124 == _t189) {
														L75:
														if(ExitWindowsEx(2, 0x80040002) != 0) {
															goto L77;
														}
														goto L76;
													} else {
														_push(0x80040002);
														_push(0x25);
														_push(_t189);
														_push(_t189);
														_push(_t189);
														if( *_t124() == 0) {
															L76:
															E0040140B(9);
															goto L77;
														}
														goto L75;
													}
												}
												E00405CC8(_v8, 0x200010);
												ExitProcess(2);
											}
											if( *0x42a27c == _t189) {
												L51:
												 *0x42a30c =  *0x42a30c | 0xffffffff;
												_v24 = E00403D17(_t265);
												goto L68;
											}
											_t219 = E00405F64(L"\"C:\\Users\\alfons\\Desktop\\winamp59_9999_rc1_full_en-us.exe\" ", _t189);
											if(_t219 < L"\"C:\\Users\\alfons\\Desktop\\winamp59_9999_rc1_full_en-us.exe\" ") {
												L48:
												_t264 = _t219 - L"\"C:\\Users\\alfons\\Desktop\\winamp59_9999_rc1_full_en-us.exe\" ";
												_v8 = L"Error launching installer";
												if(_t219 < L"\"C:\\Users\\alfons\\Desktop\\winamp59_9999_rc1_full_en-us.exe\" ") {
													_t190 = E00405C33(__eflags);
													lstrcatW(_t235, L"~nsu");
													__eflags = _t190;
													if(_t190 != 0) {
														lstrcatW(_t235, "A");
													}
													lstrcatW(_t235, L".tmp");
													_t220 = L"C:\\Users\\alfons\\Desktop";
													_t138 = lstrcmpiW(_t235, L"C:\\Users\\alfons\\Desktop");
													__eflags = _t138;
													if(_t138 == 0) {
														L67:
														_t189 = 0;
														__eflags = 0;
														goto L68;
													} else {
														__eflags = _t190;
														_push(_t235);
														if(_t190 == 0) {
															E00405C16();
														} else {
															E00405B99();
														}
														SetCurrentDirectoryW(_t235);
														__eflags = L"C:\\Program Files (x86)\\Winamp"; // 0x43
														if(__eflags == 0) {
															E00406668(L"C:\\Program Files (x86)\\Winamp", _t220);
														}
														E00406668(L"C:\\Users\\alfons\\AppData\\Roaming\\Winamp\\Plugins\\ml\\ml_online.ini", _v16);
														_t202 = "A" & 0x0000ffff;
														_t144 = ( *0x40a316 & 0x0000ffff) << 0x00000010 | "A" & 0x0000ffff;
														__eflags = _t144;
														_v12 = 0x1a;
														"1" = _t144;
														do {
															E004066A5(0, 0x420f08, _t235, 0x420f08,  *((intOrPtr*)( *0x42a270 + 0x120)));
															DeleteFileW(0x420f08);
															__eflags = _v8;
															if(_v8 != 0) {
																_t149 = CopyFileW(L"C:\\Users\\alfons\\Desktop\\winamp59_9999_rc1_full_en-us.exe", 0x420f08, 1);
																__eflags = _t149;
																if(_t149 != 0) {
																	E00406428(_t202, 0x420f08, 0);
																	E004066A5(0, 0x420f08, _t235, 0x420f08,  *((intOrPtr*)( *0x42a270 + 0x124)));
																	_t153 = E00405C4B(0x420f08);
																	__eflags = _t153;
																	if(_t153 != 0) {
																		CloseHandle(_t153);
																		_v8 = 0;
																	}
																}
															}
															"1" =  &("1"[0]);
															_t61 =  &_v12;
															 *_t61 = _v12 - 1;
															__eflags =  *_t61;
														} while ( *_t61 != 0);
														E00406428(_t202, _t235, 0);
														goto L67;
													}
												}
												 *_t219 = _t189;
												_t222 =  &(_t219[2]);
												_t158 = E0040603F(_t264,  &(_t219[2]));
												_t265 = _t158;
												if(_t158 == 0) {
													goto L68;
												}
												E00406668(L"C:\\Program Files (x86)\\Winamp", _t222);
												E00406668(L"C:\\Program Files (x86)\\Winamp\\Plugins\\freeform\\xml\\winamp\\thinger", _t222);
												_v8 = _t189;
												goto L51;
											}
											asm("cdq");
											asm("cdq");
											asm("cdq");
											_t205 = ( *0x40a33a & 0x0000ffff) << 0x00000010 | L" _?=" & 0x0000ffff;
											_t168 = ( *0x40a33e & 0x0000ffff) << 0x00000010 |  *0x40a33c & 0x0000ffff | (_t210 << 0x00000020 |  *0x40a33e & 0x0000ffff) << 0x10;
											while( *_t219 != _t205 || _t219[1] != _t168) {
												_t219 = _t219;
												if(_t219 >= L"\"C:\\Users\\alfons\\Desktop\\winamp59_9999_rc1_full_en-us.exe\" ") {
													continue;
												}
												break;
											}
											_t189 = 0;
											goto L48;
										}
										GetWindowsDirectoryW(_t235, 0x3fb);
										lstrcatW(_t235, L"\\Temp");
										_t171 = E0040360F(_t199, _t253);
										_t254 = _t171;
										if(_t171 != 0) {
											goto L40;
										}
										GetTempPathW(0x3fc, _t235);
										lstrcatW(_t235, L"Low");
										SetEnvironmentVariableW(L"TEMP", _t235);
										SetEnvironmentVariableW(L"TMP", _t235);
										_t176 = E0040360F(_t199, _t254);
										_t255 = _t176;
										if(_t176 == 0) {
											goto L68;
										}
										goto L40;
									}
									goto L31;
								}
								__eflags =  *((intOrPtr*)(_t199 + 4)) - _t227;
								if( *((intOrPtr*)(_t199 + 4)) != _t227) {
									goto L29;
								}
								_t178 =  *((intOrPtr*)(_t199 + 8));
								__eflags = _t178 - 0x20;
								if(_t178 == 0x20) {
									L28:
									_t36 =  &_v20;
									 *_t36 = _v20 | 0x00000004;
									__eflags =  *_t36;
									goto L29;
								}
								__eflags = _t178 - _t189;
								if(_t178 != _t189) {
									goto L29;
								}
								goto L28;
							}
							_t179 =  *((intOrPtr*)(_t199 + 2));
							__eflags = _t179 - _t210;
							if(_t179 == _t210) {
								L23:
								 *0x42a300 = 1;
								goto L24;
							}
							__eflags = _t179 - _t189;
							if(_t179 != _t189) {
								goto L24;
							}
							goto L23;
						}
					} else {
						goto L16;
					}
					do {
						L16:
						_t199 = _t199 + 2;
						__eflags =  *_t199 - _t210;
					} while ( *_t199 == _t210);
					goto L17;
				}
				goto L37;
			}



















































                                                                                                                              0x0040364e
                                                                                                                              0x0040364f
                                                                                                                              0x00403656
                                                                                                                              0x00403659
                                                                                                                              0x00403660
                                                                                                                              0x00403663
                                                                                                                              0x00403676
                                                                                                                              0x0040367c
                                                                                                                              0x0040367f
                                                                                                                              0x00403682
                                                                                                                              0x00403690
                                                                                                                              0x00403698
                                                                                                                              0x004036a3
                                                                                                                              0x004036bc
                                                                                                                              0x004036be
                                                                                                                              0x004036c6
                                                                                                                              0x004036c6
                                                                                                                              0x004036d1
                                                                                                                              0x004036d3
                                                                                                                              0x004036d3
                                                                                                                              0x004036e8
                                                                                                                              0x0040370d
                                                                                                                              0x0040371b
                                                                                                                              0x0040371e
                                                                                                                              0x00403725
                                                                                                                              0x0040372c
                                                                                                                              0x0040372c
                                                                                                                              0x00403725
                                                                                                                              0x0040372e
                                                                                                                              0x00403733
                                                                                                                              0x00403734
                                                                                                                              0x00403740
                                                                                                                              0x00403744
                                                                                                                              0x0040374b
                                                                                                                              0x00403759
                                                                                                                              0x0040375e
                                                                                                                              0x00403765
                                                                                                                              0x00403769
                                                                                                                              0x0040376d
                                                                                                                              0x0040376f
                                                                                                                              0x0040376f
                                                                                                                              0x0040376d
                                                                                                                              0x00403776
                                                                                                                              0x0040377d
                                                                                                                              0x00403783
                                                                                                                              0x0040379b
                                                                                                                              0x004037ab
                                                                                                                              0x004037b0
                                                                                                                              0x004037b6
                                                                                                                              0x004037bd
                                                                                                                              0x004037c4
                                                                                                                              0x004037c6
                                                                                                                              0x004037c7
                                                                                                                              0x004037d1
                                                                                                                              0x004037d8
                                                                                                                              0x004037da
                                                                                                                              0x004037dc
                                                                                                                              0x004037dc
                                                                                                                              0x004037ef
                                                                                                                              0x004037f1
                                                                                                                              0x004038eb
                                                                                                                              0x004038eb
                                                                                                                              0x004038ee
                                                                                                                              0x004038f1
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004037fb
                                                                                                                              0x004037fc
                                                                                                                              0x004037ff
                                                                                                                              0x00403808
                                                                                                                              0x00403808
                                                                                                                              0x0040380b
                                                                                                                              0x0040380e
                                                                                                                              0x00403811
                                                                                                                              0x00403814
                                                                                                                              0x00403814
                                                                                                                              0x00403814
                                                                                                                              0x00403815
                                                                                                                              0x00403819
                                                                                                                              0x004038d9
                                                                                                                              0x004038e2
                                                                                                                              0x004038e4
                                                                                                                              0x004038e7
                                                                                                                              0x004038ea
                                                                                                                              0x004038ea
                                                                                                                              0x004038ea
                                                                                                                              0x00000000
                                                                                                                              0x0040381f
                                                                                                                              0x00403820
                                                                                                                              0x00403821
                                                                                                                              0x00403825
                                                                                                                              0x0040383f
                                                                                                                              0x00403846
                                                                                                                              0x00403859
                                                                                                                              0x0040385a
                                                                                                                              0x0040386f
                                                                                                                              0x00403874
                                                                                                                              0x00403876
                                                                                                                              0x00403878
                                                                                                                              0x00403894
                                                                                                                              0x0040389b
                                                                                                                              0x004038ae
                                                                                                                              0x004038af
                                                                                                                              0x004038c4
                                                                                                                              0x004038ca
                                                                                                                              0x004038cc
                                                                                                                              0x004038ce
                                                                                                                              0x004038d6
                                                                                                                              0x004038d8
                                                                                                                              0x00000000
                                                                                                                              0x004038d8
                                                                                                                              0x004038d2
                                                                                                                              0x004038d4
                                                                                                                              0x004038f9
                                                                                                                              0x004038fd
                                                                                                                              0x00403906
                                                                                                                              0x0040390b
                                                                                                                              0x00403911
                                                                                                                              0x0040391c
                                                                                                                              0x0040391e
                                                                                                                              0x00403923
                                                                                                                              0x00403925
                                                                                                                              0x0040397d
                                                                                                                              0x00403982
                                                                                                                              0x0040398b
                                                                                                                              0x00403992
                                                                                                                              0x00403995
                                                                                                                              0x00403b6c
                                                                                                                              0x00403b6c
                                                                                                                              0x00403b71
                                                                                                                              0x00403b7a
                                                                                                                              0x00403b97
                                                                                                                              0x00403c0f
                                                                                                                              0x00403c0f
                                                                                                                              0x00403c17
                                                                                                                              0x00403c19
                                                                                                                              0x00403c19
                                                                                                                              0x00403c1f
                                                                                                                              0x00403c1f
                                                                                                                              0x00403bae
                                                                                                                              0x00403bba
                                                                                                                              0x00403bcb
                                                                                                                              0x00403bd2
                                                                                                                              0x00403bd9
                                                                                                                              0x00403bd9
                                                                                                                              0x00403be1
                                                                                                                              0x00403bed
                                                                                                                              0x00403bfb
                                                                                                                              0x00403c06
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403bef
                                                                                                                              0x00403bef
                                                                                                                              0x00403bf0
                                                                                                                              0x00403bf2
                                                                                                                              0x00403bf3
                                                                                                                              0x00403bf4
                                                                                                                              0x00403bf9
                                                                                                                              0x00403c08
                                                                                                                              0x00403c0a
                                                                                                                              0x00000000
                                                                                                                              0x00403c0a
                                                                                                                              0x00000000
                                                                                                                              0x00403bf9
                                                                                                                              0x00403bed
                                                                                                                              0x00403b84
                                                                                                                              0x00403b8b
                                                                                                                              0x00403b8b
                                                                                                                              0x004039a1
                                                                                                                              0x00403a48
                                                                                                                              0x00403a48
                                                                                                                              0x00403a54
                                                                                                                              0x00000000
                                                                                                                              0x00403a54
                                                                                                                              0x004039b2
                                                                                                                              0x004039ba
                                                                                                                              0x00403a0c
                                                                                                                              0x00403a0c
                                                                                                                              0x00403a12
                                                                                                                              0x00403a19
                                                                                                                              0x00403a67
                                                                                                                              0x00403a69
                                                                                                                              0x00403a6e
                                                                                                                              0x00403a70
                                                                                                                              0x00403a78
                                                                                                                              0x00403a78
                                                                                                                              0x00403a83
                                                                                                                              0x00403a88
                                                                                                                              0x00403a8f
                                                                                                                              0x00403a95
                                                                                                                              0x00403a97
                                                                                                                              0x00403b6a
                                                                                                                              0x00403b6a
                                                                                                                              0x00403b6a
                                                                                                                              0x00000000
                                                                                                                              0x00403a9d
                                                                                                                              0x00403a9d
                                                                                                                              0x00403a9f
                                                                                                                              0x00403aa0
                                                                                                                              0x00403aa9
                                                                                                                              0x00403aa2
                                                                                                                              0x00403aa2
                                                                                                                              0x00403aa2
                                                                                                                              0x00403aaf
                                                                                                                              0x00403ab7
                                                                                                                              0x00403abe
                                                                                                                              0x00403ac6
                                                                                                                              0x00403ac6
                                                                                                                              0x00403ad3
                                                                                                                              0x00403adf
                                                                                                                              0x00403ae9
                                                                                                                              0x00403ae9
                                                                                                                              0x00403aeb
                                                                                                                              0x00403af2
                                                                                                                              0x00403afc
                                                                                                                              0x00403b08
                                                                                                                              0x00403b0e
                                                                                                                              0x00403b14
                                                                                                                              0x00403b17
                                                                                                                              0x00403b21
                                                                                                                              0x00403b27
                                                                                                                              0x00403b29
                                                                                                                              0x00403b2d
                                                                                                                              0x00403b3e
                                                                                                                              0x00403b44
                                                                                                                              0x00403b49
                                                                                                                              0x00403b4b
                                                                                                                              0x00403b4e
                                                                                                                              0x00403b54
                                                                                                                              0x00403b54
                                                                                                                              0x00403b4b
                                                                                                                              0x00403b29
                                                                                                                              0x00403b57
                                                                                                                              0x00403b5e
                                                                                                                              0x00403b5e
                                                                                                                              0x00403b5e
                                                                                                                              0x00403b5e
                                                                                                                              0x00403b65
                                                                                                                              0x00000000
                                                                                                                              0x00403b65
                                                                                                                              0x00403a97
                                                                                                                              0x00403a1b
                                                                                                                              0x00403a1e
                                                                                                                              0x00403a22
                                                                                                                              0x00403a27
                                                                                                                              0x00403a29
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403a35
                                                                                                                              0x00403a40
                                                                                                                              0x00403a45
                                                                                                                              0x00000000
                                                                                                                              0x00403a45
                                                                                                                              0x004039c3
                                                                                                                              0x004039db
                                                                                                                              0x004039ec
                                                                                                                              0x004039ed
                                                                                                                              0x004039f1
                                                                                                                              0x004039f3
                                                                                                                              0x00403a01
                                                                                                                              0x00403a08
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403a08
                                                                                                                              0x00403a0a
                                                                                                                              0x00000000
                                                                                                                              0x00403a0a
                                                                                                                              0x0040392d
                                                                                                                              0x00403939
                                                                                                                              0x0040393e
                                                                                                                              0x00403943
                                                                                                                              0x00403945
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040394d
                                                                                                                              0x00403955
                                                                                                                              0x00403966
                                                                                                                              0x0040396e
                                                                                                                              0x00403970
                                                                                                                              0x00403975
                                                                                                                              0x00403977
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403977
                                                                                                                              0x00000000
                                                                                                                              0x004038d4
                                                                                                                              0x0040387d
                                                                                                                              0x0040387f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403881
                                                                                                                              0x00403885
                                                                                                                              0x00403889
                                                                                                                              0x00403890
                                                                                                                              0x00403890
                                                                                                                              0x00403890
                                                                                                                              0x00403890
                                                                                                                              0x00000000
                                                                                                                              0x00403890
                                                                                                                              0x0040388b
                                                                                                                              0x0040388e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040388e
                                                                                                                              0x00403827
                                                                                                                              0x0040382b
                                                                                                                              0x0040382e
                                                                                                                              0x00403835
                                                                                                                              0x00403835
                                                                                                                              0x00000000
                                                                                                                              0x00403835
                                                                                                                              0x00403830
                                                                                                                              0x00403833
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403833
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403801
                                                                                                                              0x00403801
                                                                                                                              0x00403802
                                                                                                                              0x00403803
                                                                                                                              0x00403803
                                                                                                                              0x00000000
                                                                                                                              0x00403801
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • SetErrorMode.KERNELBASE(00008001), ref: 00403663
                                                                                                                              • GetVersionExW.KERNEL32(?), ref: 0040368C
                                                                                                                              • GetVersionExW.KERNEL32(0000011C), ref: 004036A3
                                                                                                                              • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 0040373A
                                                                                                                              • #17.COMCTL32(00000007,00000009,0000000B), ref: 00403776
                                                                                                                              • OleInitialize.OLE32(00000000), ref: 0040377D
                                                                                                                              • SHGetFileInfoW.SHELL32(00421708,00000000,?,000002B4,00000000), ref: 0040379B
                                                                                                                              • GetCommandLineW.KERNEL32(00429260,NSIS Error), ref: 004037B0
                                                                                                                              • CharNextW.USER32(00000000,"C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe" ,00000020,"C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe" ,00000000), ref: 004037E9
                                                                                                                              • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,?), ref: 0040391C
                                                                                                                              • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040392D
                                                                                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403939
                                                                                                                              • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040394D
                                                                                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403955
                                                                                                                              • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403966
                                                                                                                              • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 0040396E
                                                                                                                              • DeleteFileW.KERNELBASE(1033), ref: 00403982
                                                                                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu), ref: 00403A69
                                                                                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A328), ref: 00403A78
                                                                                                                                • Part of subcall function 00405C16: CreateDirectoryW.KERNELBASE(?,00000000,00403633,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405C1C
                                                                                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp), ref: 00403A83
                                                                                                                              • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe" ,00000000,?), ref: 00403A8F
                                                                                                                              • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 00403AAF
                                                                                                                              • DeleteFileW.KERNEL32(00420F08,00420F08,?,C:\Users\user\AppData\Roaming\Winamp\Plugins\ml\ml_online.ini,?), ref: 00403B0E
                                                                                                                              • CopyFileW.KERNEL32(C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe,00420F08,00000001), ref: 00403B21
                                                                                                                              • CloseHandle.KERNEL32(00000000,00420F08,00420F08,?,00420F08,00000000), ref: 00403B4E
                                                                                                                              • OleUninitialize.OLE32(?), ref: 00403B71
                                                                                                                              • ExitProcess.KERNEL32 ref: 00403B8B
                                                                                                                              • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403B9F
                                                                                                                              • OpenProcessToken.ADVAPI32(00000000), ref: 00403BA6
                                                                                                                              • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403BBA
                                                                                                                              • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00403BD9
                                                                                                                              • ExitWindowsEx.USER32(00000002,80040002), ref: 00403BFE
                                                                                                                              • ExitProcess.KERNEL32 ref: 00403C1F
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: lstrcat$FileProcess$DirectoryExit$CurrentDeleteEnvironmentPathTempTokenVariableVersionWindows$AdjustCharCloseCommandCopyCreateErrorHandleInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesUninitializeValuelstrcmpilstrlen
                                                                                                                              • String ID: "C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe" $.tmp$1033$C:\Program Files (x86)\Winamp$C:\Program Files (x86)\Winamp\Plugins\freeform\xml\winamp\thinger$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Winamp\Plugins\ml\ml_online.ini$C:\Users\user\Desktop$C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                                                              • API String ID: 3859024572-2966755209
                                                                                                                              • Opcode ID: 54eba713b65b488fe05b557adb658f0301d1077f312d6d7219dab3d109336353
                                                                                                                              • Instruction ID: d56582c8b11bee4b9d4e83ad1f604629a9588d533935b381636b20c84fba3529
                                                                                                                              • Opcode Fuzzy Hash: 54eba713b65b488fe05b557adb658f0301d1077f312d6d7219dab3d109336353
                                                                                                                              • Instruction Fuzzy Hash: D4E1F471A00214AADB20AFB58D45A6E3EB8EB05709F50847FF945B32D1DB7C8A41CB6D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405809 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 233 405809-405824 234 4059b3-4059ba 233->234 235 40582a-4058f1 GetDlgItem * 3 call 4045f9 call 404f52 GetClientRect GetSystemMetrics SendMessageW * 2 233->235 237 4059e4-4059f1 234->237 238 4059bc-4059de GetDlgItem CreateThread FindCloseChangeNotification 234->238 258 4058f3-40590d SendMessageW * 2 235->258 259 40590f-405912 235->259 240 4059f3-4059f9 237->240 241 405a0f-405a19 237->241 238->237 242 405a34-405a3d call 40462b 240->242 243 4059fb-405a0a ShowWindow * 2 call 4045f9 240->243 244 405a1b-405a21 241->244 245 405a6f-405a73 241->245 255 405a42-405a46 242->255 243->241 248 405a23-405a2f call 40459d 244->248 249 405a49-405a59 ShowWindow 244->249 245->242 252 405a75-405a7b 245->252 248->242 256 405a69-405a6a call 40459d 249->256 257 405a5b-405a64 call 4056ca 249->257 252->242 253 405a7d-405a90 SendMessageW 252->253 260 405b92-405b94 253->260 261 405a96-405ac1 CreatePopupMenu call 4066a5 AppendMenuW 253->261 256->245 257->256 258->259 262 405922-405939 call 4045c4 259->262 263 405914-405920 SendMessageW 259->263 260->255 270 405ac3-405ad3 GetWindowRect 261->270 271 405ad6-405aeb TrackPopupMenu 261->271 272 40593b-40594f ShowWindow 262->272 273 40596f-405990 GetDlgItem SendMessageW 262->273 263->262 270->271 271->260 274 405af1-405b08 271->274 275 405951-40595c ShowWindow 272->275 276 40595e 272->276 273->260 277 405996-4059ae SendMessageW * 2 273->277 278 405b0d-405b28 SendMessageW 274->278 279 405964-40596a call 4045f9 275->279 276->279 277->260 278->278 280 405b2a-405b4d OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 278->280 279->273 282 405b4f-405b76 SendMessageW 280->282 282->282 283 405b78-405b8c GlobalUnlock SetClipboardData CloseClipboard 282->283 283->260
                                                                                                                              C-Code - Quality: 95%
                                                                                                                              			E00405809(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t94;
				long _t95;
				int _t100;
				void* _t108;
				intOrPtr _t119;
				void* _t127;
				intOrPtr _t130;
				struct HWND__* _t134;
				int _t156;
				int _t159;
				struct HMENU__* _t164;
				struct HWND__* _t168;
				struct HWND__* _t169;
				int _t171;
				void* _t172;
				short* _t173;
				short* _t175;
				int _t177;

				_t169 =  *0x429244;
				_t156 = 0;
				_v8 = _t169;
				if(_a8 != 0x110) {
					if(_a8 == 0x405) {
						_t127 = CreateThread(0, 0, E0040579D, GetDlgItem(_a4, 0x3ec), 0,  &_v12); // executed
						FindCloseChangeNotification(_t127); // executed
					}
					if(_a8 != 0x111) {
						L17:
						_t171 = 1;
						if(_a8 != 0x404) {
							L25:
							if(_a8 != 0x7b) {
								goto L20;
							}
							_t94 = _v8;
							if(_a12 != _t94) {
								goto L20;
							}
							_t95 = SendMessageW(_t94, 0x1004, _t156, _t156);
							_a8 = _t95;
							if(_t95 <= _t156) {
								L36:
								return 0;
							}
							_t164 = CreatePopupMenu();
							AppendMenuW(_t164, _t156, _t171, E004066A5(_t156, _t164, _t171, _t156, 0xffffffe1));
							_t100 = _a16;
							_t159 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v28);
								_t100 = _v28.left;
								_t159 = _v28.top;
							}
							if(TrackPopupMenu(_t164, 0x180, _t100, _t159, _t156, _a4, _t156) == _t171) {
								_v60 = _t156;
								_v48 = 0x423748;
								_v44 = 0x1000;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t171 = _t171 + SendMessageW(_v8, 0x1073, _a4,  &_v68) + 2;
								} while (_a4 != _t156);
								OpenClipboard(_t156);
								EmptyClipboard();
								_t108 = GlobalAlloc(0x42, _t171 + _t171);
								_a4 = _t108;
								_t172 = GlobalLock(_t108);
								do {
									_v48 = _t172;
									_t173 = _t172 + SendMessageW(_v8, 0x1073, _t156,  &_v68) * 2;
									 *_t173 = 0xd;
									_t175 = _t173 + 2;
									 *_t175 = 0xa;
									_t172 = _t175 + 2;
									_t156 = _t156 + 1;
								} while (_t156 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(0xd, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						if( *0x42922c == _t156) {
							ShowWindow( *0x42a268, 8);
							if( *0x42a2ec == _t156) {
								_t119 =  *0x422720; // 0x54f224
								E004056CA( *((intOrPtr*)(_t119 + 0x34)), _t156);
							}
							E0040459D(_t171);
							goto L25;
						}
						 *0x421f18 = 2;
						E0040459D(0x78);
						goto L20;
					} else {
						if(_a12 != 0x403) {
							L20:
							return E0040462B(_a8, _a12, _a16);
						}
						ShowWindow( *0x429230, _t156);
						ShowWindow(_t169, 8);
						E004045F9(_t169);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_t177 = 2;
				_v60 = _t177;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t130 =  *0x42a270;
				_a8 =  *((intOrPtr*)(_t130 + 0x5c));
				_a12 =  *((intOrPtr*)(_t130 + 0x60));
				 *0x429230 = GetDlgItem(_a4, 0x403);
				 *0x429228 = GetDlgItem(_a4, 0x3ee);
				_t134 = GetDlgItem(_a4, 0x3f8);
				 *0x429244 = _t134;
				_v8 = _t134;
				E004045F9( *0x429230);
				 *0x429234 = E00404F52(4);
				 *0x42924c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(_t177);
				SendMessageW(_v8, 0x1061, 0,  &_v60);
				SendMessageW(_v8, 0x1036, 0x4000, 0x4000); // executed
				if(_a8 >= 0) {
					SendMessageW(_v8, 0x1001, 0, _a8);
					SendMessageW(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t156) {
					SendMessageW(_v8, 0x1024, _t156, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E004045C4(_a4);
				if(( *0x42a278 & 0x00000003) != 0) {
					ShowWindow( *0x429230, _t156); // executed
					if(( *0x42a278 & 0x00000002) != 0) {
						 *0x429230 = _t156;
					} else {
						ShowWindow(_v8, 8);
					}
					E004045F9( *0x429228);
				}
				_t168 = GetDlgItem(_a4, 0x3ec);
				SendMessageW(_t168, 0x401, _t156, 0x75300000);
				if(( *0x42a278 & 0x00000004) != 0) {
					SendMessageW(_t168, 0x409, _t156, _a12);
					SendMessageW(_t168, 0x2001, _t156, _a8);
				}
				goto L36;
			}



































                                                                                                                              0x00405811
                                                                                                                              0x00405817
                                                                                                                              0x00405821
                                                                                                                              0x00405824
                                                                                                                              0x004059ba
                                                                                                                              0x004059d7
                                                                                                                              0x004059de
                                                                                                                              0x004059de
                                                                                                                              0x004059f1
                                                                                                                              0x00405a0f
                                                                                                                              0x00405a11
                                                                                                                              0x00405a19
                                                                                                                              0x00405a6f
                                                                                                                              0x00405a73
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405a75
                                                                                                                              0x00405a7b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405a85
                                                                                                                              0x00405a8d
                                                                                                                              0x00405a90
                                                                                                                              0x00405b92
                                                                                                                              0x00000000
                                                                                                                              0x00405b92
                                                                                                                              0x00405a9f
                                                                                                                              0x00405aaa
                                                                                                                              0x00405ab3
                                                                                                                              0x00405abe
                                                                                                                              0x00405ac1
                                                                                                                              0x00405aca
                                                                                                                              0x00405ad0
                                                                                                                              0x00405ad3
                                                                                                                              0x00405ad3
                                                                                                                              0x00405aeb
                                                                                                                              0x00405af4
                                                                                                                              0x00405af7
                                                                                                                              0x00405afe
                                                                                                                              0x00405b05
                                                                                                                              0x00405b0d
                                                                                                                              0x00405b0d
                                                                                                                              0x00405b24
                                                                                                                              0x00405b24
                                                                                                                              0x00405b2b
                                                                                                                              0x00405b31
                                                                                                                              0x00405b3d
                                                                                                                              0x00405b44
                                                                                                                              0x00405b4d
                                                                                                                              0x00405b4f
                                                                                                                              0x00405b52
                                                                                                                              0x00405b61
                                                                                                                              0x00405b64
                                                                                                                              0x00405b6a
                                                                                                                              0x00405b6b
                                                                                                                              0x00405b71
                                                                                                                              0x00405b72
                                                                                                                              0x00405b73
                                                                                                                              0x00405b7b
                                                                                                                              0x00405b86
                                                                                                                              0x00405b8c
                                                                                                                              0x00405b8c
                                                                                                                              0x00000000
                                                                                                                              0x00405aeb
                                                                                                                              0x00405a21
                                                                                                                              0x00405a51
                                                                                                                              0x00405a59
                                                                                                                              0x00405a5b
                                                                                                                              0x00405a64
                                                                                                                              0x00405a64
                                                                                                                              0x00405a6a
                                                                                                                              0x00000000
                                                                                                                              0x00405a6a
                                                                                                                              0x00405a25
                                                                                                                              0x00405a2f
                                                                                                                              0x00000000
                                                                                                                              0x004059f3
                                                                                                                              0x004059f9
                                                                                                                              0x00405a34
                                                                                                                              0x00000000
                                                                                                                              0x00405a3d
                                                                                                                              0x00405a02
                                                                                                                              0x00405a07
                                                                                                                              0x00405a0a
                                                                                                                              0x00000000
                                                                                                                              0x00405a0a
                                                                                                                              0x004059f1
                                                                                                                              0x0040582a
                                                                                                                              0x0040582e
                                                                                                                              0x00405836
                                                                                                                              0x0040583a
                                                                                                                              0x0040583d
                                                                                                                              0x00405840
                                                                                                                              0x00405843
                                                                                                                              0x00405846
                                                                                                                              0x00405847
                                                                                                                              0x00405848
                                                                                                                              0x00405861
                                                                                                                              0x00405864
                                                                                                                              0x0040586e
                                                                                                                              0x0040587d
                                                                                                                              0x00405885
                                                                                                                              0x0040588d
                                                                                                                              0x00405892
                                                                                                                              0x00405895
                                                                                                                              0x004058a1
                                                                                                                              0x004058aa
                                                                                                                              0x004058b3
                                                                                                                              0x004058d5
                                                                                                                              0x004058db
                                                                                                                              0x004058ec
                                                                                                                              0x004058f1
                                                                                                                              0x004058ff
                                                                                                                              0x0040590d
                                                                                                                              0x0040590d
                                                                                                                              0x00405912
                                                                                                                              0x00405920
                                                                                                                              0x00405920
                                                                                                                              0x00405925
                                                                                                                              0x00405928
                                                                                                                              0x0040592d
                                                                                                                              0x00405939
                                                                                                                              0x00405942
                                                                                                                              0x0040594f
                                                                                                                              0x0040595e
                                                                                                                              0x00405951
                                                                                                                              0x00405956
                                                                                                                              0x00405956
                                                                                                                              0x0040596a
                                                                                                                              0x0040596a
                                                                                                                              0x0040597e
                                                                                                                              0x00405987
                                                                                                                              0x00405990
                                                                                                                              0x004059a0
                                                                                                                              0x004059ac
                                                                                                                              0x004059ac
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • GetDlgItem.USER32 ref: 00405867
                                                                                                                              • GetDlgItem.USER32 ref: 00405876
                                                                                                                              • GetClientRect.USER32 ref: 004058B3
                                                                                                                              • GetSystemMetrics.USER32 ref: 004058BA
                                                                                                                              • SendMessageW.USER32(?,00001061,00000000,?), ref: 004058DB
                                                                                                                              • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004058EC
                                                                                                                              • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004058FF
                                                                                                                              • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040590D
                                                                                                                              • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405920
                                                                                                                              • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405942
                                                                                                                              • ShowWindow.USER32(?,00000008), ref: 00405956
                                                                                                                              • GetDlgItem.USER32 ref: 00405977
                                                                                                                              • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405987
                                                                                                                              • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004059A0
                                                                                                                              • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004059AC
                                                                                                                              • GetDlgItem.USER32 ref: 00405885
                                                                                                                                • Part of subcall function 004045F9: SendMessageW.USER32(00000028,?,00000001,00404424), ref: 00404607
                                                                                                                              • GetDlgItem.USER32 ref: 004059C9
                                                                                                                              • CreateThread.KERNELBASE ref: 004059D7
                                                                                                                              • FindCloseChangeNotification.KERNELBASE(00000000), ref: 004059DE
                                                                                                                              • ShowWindow.USER32(00000000), ref: 00405A02
                                                                                                                              • ShowWindow.USER32(?,00000008), ref: 00405A07
                                                                                                                              • ShowWindow.USER32(00000008), ref: 00405A51
                                                                                                                              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405A85
                                                                                                                              • CreatePopupMenu.USER32 ref: 00405A96
                                                                                                                              • AppendMenuW.USER32 ref: 00405AAA
                                                                                                                              • GetWindowRect.USER32 ref: 00405ACA
                                                                                                                              • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405AE3
                                                                                                                              • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405B1B
                                                                                                                              • OpenClipboard.USER32(00000000), ref: 00405B2B
                                                                                                                              • EmptyClipboard.USER32 ref: 00405B31
                                                                                                                              • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405B3D
                                                                                                                              • GlobalLock.KERNEL32 ref: 00405B47
                                                                                                                              • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405B5B
                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 00405B7B
                                                                                                                              • SetClipboardData.USER32(0000000D,00000000), ref: 00405B86
                                                                                                                              • CloseClipboard.USER32 ref: 00405B8C
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendChangeClientDataEmptyFindLockMetricsNotificationOpenSystemThreadTrackUnlock
                                                                                                                              • String ID: H7B${
                                                                                                                              • API String ID: 4154960007-2256286769
                                                                                                                              • Opcode ID: 0185fb71cb0ebac8bb253ddb79263eb6e3c4c27c477fa06c1930d1494c9be16a
                                                                                                                              • Instruction ID: d0bbb34d81c2c7a38b5cdb5171fa906e4f4201ee6cbe22cb0b3272b57562556b
                                                                                                                              • Opcode Fuzzy Hash: 0185fb71cb0ebac8bb253ddb79263eb6e3c4c27c477fa06c1930d1494c9be16a
                                                                                                                              • Instruction Fuzzy Hash: D8B137B0900608FFDF119FA0DD89AAE7B79FB08354F00417AFA45A61A0CB755E52DF68
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00404AB5 Relevance: 30.0, APIs: 12, Strings: 5, Instructions: 275stringCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 734 404ab5-404adf 735 404ae1-404aed call 405cac call 4068ef 734->735 736 404af2-404afc 734->736 735->736 737 404b6a-404b71 736->737 738 404afe-404b14 GetDlgItem call 405fae 736->738 742 404b77-404b80 737->742 743 404c48-404c4f 737->743 750 404b26-404b5f SetWindowTextW call 4045c4 * 2 call 4045f9 call 406a35 738->750 751 404b16-404b1e call 405fe2 738->751 746 404b82-404b8d 742->746 747 404b9a-404b9f 742->747 748 404c51-404c58 743->748 749 404c5e-404c79 call 405cac call 40603f 743->749 752 404b93 746->752 753 404df6-404e08 call 40462b 746->753 747->743 754 404ba5-404be7 call 4066a5 SHBrowseForFolderW 747->754 748->749 748->753 773 404c82-404c9a call 406668 call 406a35 749->773 774 404c7b 749->774 750->753 792 404b65-404b68 SHAutoComplete 750->792 751->750 766 404b20-404b21 call 405f37 751->766 752->747 767 404c41 754->767 768 404be9-404c03 CoTaskMemFree call 405f37 754->768 766->750 767->743 779 404c05-404c0b 768->779 780 404c2d-404c3f SetDlgItemTextW 768->780 790 404cd6-404ce7 call 406668 call 405fe2 773->790 791 404c9c-404ca2 773->791 774->773 779->780 783 404c0d-404c24 call 4066a5 lstrcmpiW 779->783 780->743 783->780 793 404c26-404c28 lstrcatW 783->793 806 404ce9 790->806 807 404cec-404d05 GetDiskFreeSpaceW 790->807 791->790 794 404ca4-404cb6 GetDiskFreeSpaceExW 791->794 792->737 793->780 796 404cb8-404cba 794->796 797 404d2e-404d48 794->797 800 404cbc 796->800 801 404cbf-404cd4 call 405f83 796->801 799 404d4a 797->799 803 404d4f-404d59 call 404f52 799->803 800->801 801->790 801->794 812 404d74-404d7d 803->812 813 404d5b-404d62 803->813 806->807 807->799 810 404d07-404d2c MulDiv 807->810 810->803 815 404daf-404db9 812->815 816 404d7f-404d8f call 404f3a 812->816 813->812 814 404d64 813->814 819 404d66-404d6b 814->819 820 404d6d 814->820 817 404dc5-404dcb 815->817 818 404dbb-404dc2 call 40140b 815->818 826 404da1-404daa SetDlgItemTextW 816->826 827 404d91-404d9a call 404e71 816->827 823 404dd0-404de1 call 4045e6 817->823 824 404dcd 817->824 818->817 819->812 819->820 820->812 833 404df0 823->833 834 404de3-404de9 823->834 824->823 826->815 832 404d9f 827->832 832->815 833->753 834->833 835 404deb call 404a0e 834->835 835->833
                                                                                                                              C-Code - Quality: 84%
                                                                                                                              			E00404AB5(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				union _ULARGE_INTEGER _v28;
				intOrPtr _v32;
				long _v36;
				union _ULARGE_INTEGER _v40;
				unsigned int _v44;
				union _ULARGE_INTEGER _v48;
				WCHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				WCHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				short* _t89;
				void* _t95;
				signed int _t96;
				struct %anon54 _t109;
				signed short _t114;
				signed int _t118;
				struct HWND__** _t122;
				WCHAR* _t146;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed int* _t160;
				long _t166;
				struct HWND__* _t167;
				int _t169;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x422720; // 0x54f224
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xb) + L"C:\\Users\\alfons\\AppData\\Roaming\\Winamp\\Plugins\\ml\\ml_online.ini";
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E00405CAC(0x3fb, _t146);
					E004068EF(_t146);
				}
				_t167 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E00405CAC(0x3fb, _t146);
							if(E0040603F(_t186, _t146) == 0) {
								_v8 = 1;
							}
							E00406668(0x421718, _t146);
							_t87 = E00406A35(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E00406668(0x421718, _t146);
								_t89 = E00405FE2(0x421718);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 = 0;
								}
								if(GetDiskFreeSpaceW(0x421718,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t169 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48.LowPart = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x421718) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = GetDiskFreeSpaceExW(0x421718,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E00405F83(0x421718);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160;
									 *_t159 = 0x5c;
									if(_t159 != 0x421718) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48.LowPart = (_t150 << 0x00000020 | _v48.LowPart) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t169 = 0x400;
								L36:
								_t95 = E00404F52(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48.LowPart < _t95)) {
										_v8 = 2;
									}
								}
								if( *((intOrPtr*)( *0x42923c + 0x10)) != _t158) {
									E00404F3A(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextW(_a4, _t169, 0x421708);
									} else {
										E00404E71(_t169, 0xfffffffc, _v48.LowPart, _v44); // executed
									}
								}
								_t96 = _v8;
								 *0x42a304 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t169) != 0) {
									_v8 = _t158;
								}
								E004045E6(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x423738 == _t158) {
									E00404A0E();
								}
								 *0x423738 = _t158;
								goto L53;
							}
						}
						_t186 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t167;
							_v72 = 0x423748;
							_v60 = E00404E0B;
							_v56 = _t146;
							_v68 = E004066A5(_t146, 0x423748, _t167, 0x421f20, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderW(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405F37(_t146);
								_t125 =  *((intOrPtr*)( *0x42a270 + 0x11c));
								if( *((intOrPtr*)( *0x42a270 + 0x11c)) != 0 && _t146 == L"C:\\Program Files (x86)\\Winamp") {
									E004066A5(_t146, 0x423748, _t167, 0, _t125);
									if(lstrcmpiW(0x428200, 0x423748) != 0) {
										lstrcatW(_t146, 0x428200);
									}
								}
								 *0x423738 =  *0x423738 + 1;
								SetDlgItemTextW(_t167, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t166 = GetDlgItem(_t167, 0x3fb);
					if(E00405FAE(_t146) != 0 && E00405FE2(_t146) == 0) {
						E00405F37(_t146);
					}
					 *0x429238 = _t167; // executed
					SetWindowTextW(_t166, _t146); // executed
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E004045C4(_t167);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E004045C4(_t167);
					E004045F9(_t166);
					if(E00406A35(8) == 0) {
						L53:
						return E0040462B(_a8, _a12, _a16);
					} else {
						SHAutoComplete(_t166, 1); // executed
						goto L8;
					}
				}
			}












































                                                                                                                              0x00404ab5
                                                                                                                              0x00404abb
                                                                                                                              0x00404ac1
                                                                                                                              0x00404ace
                                                                                                                              0x00404adc
                                                                                                                              0x00404adf
                                                                                                                              0x00404ae7
                                                                                                                              0x00404aed
                                                                                                                              0x00404aed
                                                                                                                              0x00404af9
                                                                                                                              0x00404afc
                                                                                                                              0x00404b6a
                                                                                                                              0x00404b71
                                                                                                                              0x00404c48
                                                                                                                              0x00404c4f
                                                                                                                              0x00404c5e
                                                                                                                              0x00404c5e
                                                                                                                              0x00404c62
                                                                                                                              0x00404c6c
                                                                                                                              0x00404c79
                                                                                                                              0x00404c7b
                                                                                                                              0x00404c7b
                                                                                                                              0x00404c89
                                                                                                                              0x00404c90
                                                                                                                              0x00404c97
                                                                                                                              0x00404c9a
                                                                                                                              0x00404cd6
                                                                                                                              0x00404cd8
                                                                                                                              0x00404cde
                                                                                                                              0x00404ce3
                                                                                                                              0x00404ce7
                                                                                                                              0x00404ce9
                                                                                                                              0x00404ce9
                                                                                                                              0x00404d05
                                                                                                                              0x00000000
                                                                                                                              0x00404d07
                                                                                                                              0x00404d0a
                                                                                                                              0x00404d18
                                                                                                                              0x00404d1e
                                                                                                                              0x00404d1f
                                                                                                                              0x00404d22
                                                                                                                              0x00404d25
                                                                                                                              0x00000000
                                                                                                                              0x00404d25
                                                                                                                              0x00404c9c
                                                                                                                              0x00404c9e
                                                                                                                              0x00404ca2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00404ca4
                                                                                                                              0x00404ca4
                                                                                                                              0x00404cb1
                                                                                                                              0x00404cb6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00404cba
                                                                                                                              0x00404cbc
                                                                                                                              0x00404cbc
                                                                                                                              0x00404cc5
                                                                                                                              0x00404cc7
                                                                                                                              0x00404ccc
                                                                                                                              0x00404ccf
                                                                                                                              0x00404cd4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00404cd4
                                                                                                                              0x00404d31
                                                                                                                              0x00404d3b
                                                                                                                              0x00404d3e
                                                                                                                              0x00404d41
                                                                                                                              0x00404d48
                                                                                                                              0x00404d48
                                                                                                                              0x00404d4a
                                                                                                                              0x00404d4a
                                                                                                                              0x00404d4f
                                                                                                                              0x00404d51
                                                                                                                              0x00404d59
                                                                                                                              0x00404d60
                                                                                                                              0x00404d62
                                                                                                                              0x00404d6d
                                                                                                                              0x00404d6d
                                                                                                                              0x00404d62
                                                                                                                              0x00404d7d
                                                                                                                              0x00404d87
                                                                                                                              0x00404d8f
                                                                                                                              0x00404daa
                                                                                                                              0x00404d91
                                                                                                                              0x00404d9a
                                                                                                                              0x00404d9a
                                                                                                                              0x00404d8f
                                                                                                                              0x00404daf
                                                                                                                              0x00404db4
                                                                                                                              0x00404db9
                                                                                                                              0x00404dc2
                                                                                                                              0x00404dc2
                                                                                                                              0x00404dcb
                                                                                                                              0x00404dcd
                                                                                                                              0x00404dcd
                                                                                                                              0x00404dd9
                                                                                                                              0x00404de1
                                                                                                                              0x00404deb
                                                                                                                              0x00404deb
                                                                                                                              0x00404df0
                                                                                                                              0x00000000
                                                                                                                              0x00404df0
                                                                                                                              0x00404c9a
                                                                                                                              0x00404c51
                                                                                                                              0x00404c58
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00404c58
                                                                                                                              0x00404b77
                                                                                                                              0x00404b80
                                                                                                                              0x00404b9a
                                                                                                                              0x00404b9f
                                                                                                                              0x00404ba9
                                                                                                                              0x00404bb0
                                                                                                                              0x00404bbc
                                                                                                                              0x00404bbf
                                                                                                                              0x00404bc2
                                                                                                                              0x00404bc9
                                                                                                                              0x00404bd1
                                                                                                                              0x00404bd4
                                                                                                                              0x00404bd8
                                                                                                                              0x00404bdf
                                                                                                                              0x00404be7
                                                                                                                              0x00404c41
                                                                                                                              0x00404be9
                                                                                                                              0x00404bea
                                                                                                                              0x00404bf1
                                                                                                                              0x00404bfb
                                                                                                                              0x00404c03
                                                                                                                              0x00404c10
                                                                                                                              0x00404c24
                                                                                                                              0x00404c28
                                                                                                                              0x00404c28
                                                                                                                              0x00404c24
                                                                                                                              0x00404c2d
                                                                                                                              0x00404c3a
                                                                                                                              0x00404c3a
                                                                                                                              0x00404be7
                                                                                                                              0x00000000
                                                                                                                              0x00404b9f
                                                                                                                              0x00404b8d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00404b93
                                                                                                                              0x00000000
                                                                                                                              0x00404afe
                                                                                                                              0x00404b0b
                                                                                                                              0x00404b14
                                                                                                                              0x00404b21
                                                                                                                              0x00404b21
                                                                                                                              0x00404b28
                                                                                                                              0x00404b2e
                                                                                                                              0x00404b37
                                                                                                                              0x00404b3a
                                                                                                                              0x00404b3d
                                                                                                                              0x00404b45
                                                                                                                              0x00404b48
                                                                                                                              0x00404b4b
                                                                                                                              0x00404b51
                                                                                                                              0x00404b5f
                                                                                                                              0x00404df6
                                                                                                                              0x00404e08
                                                                                                                              0x00404b65
                                                                                                                              0x00404b68
                                                                                                                              0x00000000
                                                                                                                              0x00404b68
                                                                                                                              0x00404b5f

                                                                                                                              APIs
                                                                                                                              • GetDlgItem.USER32 ref: 00404B04
                                                                                                                              • SetWindowTextW.USER32(00000000,?), ref: 00404B2E
                                                                                                                              • SHAutoComplete.SHLWAPI(00000000,00000001,00000008,00000000,?,00000014,?,?,00000001,?), ref: 00404B68
                                                                                                                              • SHBrowseForFolderW.SHELL32(?), ref: 00404BDF
                                                                                                                              • CoTaskMemFree.OLE32(00000000), ref: 00404BEA
                                                                                                                              • lstrcmpiW.KERNEL32(C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\xml\xui\titlebar,00423748,00000000,?,?), ref: 00404C1C
                                                                                                                              • lstrcatW.KERNEL32(?,C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\xml\xui\titlebar), ref: 00404C28
                                                                                                                              • SetDlgItemTextW.USER32 ref: 00404C3A
                                                                                                                                • Part of subcall function 00405CAC: GetDlgItemTextW.USER32 ref: 00405CBF
                                                                                                                                • Part of subcall function 004068EF: CharNextW.USER32(?,*?|<>/":,00000000,00000000,76DDFAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406952
                                                                                                                                • Part of subcall function 004068EF: CharNextW.USER32(?,?,?,00000000,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406961
                                                                                                                                • Part of subcall function 004068EF: CharNextW.USER32(?,00000000,76DDFAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406966
                                                                                                                                • Part of subcall function 004068EF: CharPrevW.USER32(?,?,76DDFAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406979
                                                                                                                              • GetDiskFreeSpaceExW.KERNELBASE(00421718,?,?,?,00000001,00421718,?,?,000003FB,?), ref: 00404CB1
                                                                                                                              • GetDiskFreeSpaceW.KERNEL32(00421718,?,?,0000040F,?,00421718,00421718,?,00000001,00421718,?,?,000003FB,?), ref: 00404CFD
                                                                                                                              • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404D18
                                                                                                                                • Part of subcall function 00404E71: lstrlenW.KERNEL32(00423748,00423748,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404F12
                                                                                                                                • Part of subcall function 00404E71: wsprintfW.USER32 ref: 00404F1B
                                                                                                                                • Part of subcall function 00404E71: SetDlgItemTextW.USER32 ref: 00404F2E
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CharItemText$FreeNext$DiskSpace$AutoBrowseCompleteFolderPrevTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                              • String ID: A$C:\Program Files (x86)\Winamp$C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\xml\xui\titlebar$C:\Users\user\AppData\Roaming\Winamp\Plugins\ml\ml_online.ini$H7B
                                                                                                                              • API String ID: 4039761011-1088853655
                                                                                                                              • Opcode ID: 8fe5d6185855569599b0147f93014e69bfe7dcd8b72b59fe1028842fc76bdad0
                                                                                                                              • Instruction ID: 9155a42c54a3203d4d9709c494e168d8d926bd307d67cbb08bf4d9f42020e7e3
                                                                                                                              • Opcode Fuzzy Hash: 8fe5d6185855569599b0147f93014e69bfe7dcd8b72b59fe1028842fc76bdad0
                                                                                                                              • Instruction Fuzzy Hash: 94A171F1900219ABDB11EFA5CD41AAFB7B8EF84315F11843BF601B62D1D77C8A418B69
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 6F561BFF Relevance: 20.1, APIs: 13, Instructions: 597stringlibrarymemoryCOMMONCrypto
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 95%
                                                                                                                              			E6F561BFF() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				WCHAR* _v24;
				WCHAR* _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				WCHAR* _v48;
				signed int _v52;
				void* _v56;
				intOrPtr _v60;
				WCHAR* _t208;
				signed int _t211;
				void* _t213;
				void* _t215;
				WCHAR* _t217;
				void* _t225;
				struct HINSTANCE__* _t226;
				struct HINSTANCE__* _t227;
				struct HINSTANCE__* _t229;
				signed short _t231;
				struct HINSTANCE__* _t234;
				struct HINSTANCE__* _t236;
				void* _t237;
				intOrPtr* _t238;
				void* _t249;
				signed char _t250;
				signed int _t251;
				void* _t255;
				struct HINSTANCE__* _t257;
				void* _t258;
				signed int _t260;
				signed int _t261;
				signed short* _t264;
				signed int _t269;
				signed int _t272;
				signed int _t274;
				void* _t277;
				void* _t281;
				struct HINSTANCE__* _t283;
				signed int _t286;
				void _t287;
				signed int _t288;
				signed int _t300;
				signed int _t301;
				signed short _t304;
				void* _t305;
				signed int _t309;
				signed int _t312;
				signed int _t315;
				signed int _t316;
				signed int _t317;
				signed short* _t321;
				WCHAR* _t322;
				WCHAR* _t324;
				WCHAR* _t325;
				struct HINSTANCE__* _t326;
				void* _t328;
				signed int _t331;
				void* _t332;

				_t283 = 0;
				_v32 = 0;
				_v36 = 0;
				_v16 = 0;
				_v8 = 0;
				_v40 = 0;
				_t332 = 0;
				_v52 = 0;
				_v44 = 0;
				_t208 = E6F5612BB();
				_v24 = _t208;
				_v28 = _t208;
				_v48 = E6F5612BB();
				_t321 = E6F5612E3();
				_v56 = _t321;
				_v12 = _t321;
				while(1) {
					_t211 = _v32;
					_v60 = _t211;
					if(_t211 != _t283 && _t332 == _t283) {
						break;
					}
					_t286 =  *_t321 & 0x0000ffff;
					_t213 = _t286 - _t283;
					if(_t213 == 0) {
						_t37 =  &_v32;
						 *_t37 = _v32 | 0xffffffff;
						__eflags =  *_t37;
						L20:
						_t215 = _v60 - _t283;
						if(_t215 == 0) {
							__eflags = _t332 - _t283;
							 *_v28 = _t283;
							if(_t332 == _t283) {
								_t255 = GlobalAlloc(0x40, 0x1ca4); // executed
								_t332 = _t255;
								 *(_t332 + 0x1010) = _t283;
								 *(_t332 + 0x1014) = _t283;
							}
							_t287 = _v36;
							_t47 = _t332 + 8; // 0x8
							_t217 = _t47;
							_t48 = _t332 + 0x808; // 0x808
							_t322 = _t48;
							 *_t332 = _t287;
							_t288 = _t287 - _t283;
							__eflags = _t288;
							 *_t217 = _t283;
							 *_t322 = _t283;
							 *(_t332 + 0x1008) = _t283;
							 *(_t332 + 0x100c) = _t283;
							 *(_t332 + 4) = _t283;
							if(_t288 == 0) {
								__eflags = _v28 - _v24;
								if(_v28 == _v24) {
									goto L42;
								}
								_t328 = 0;
								GlobalFree(_t332);
								_t332 = E6F5613B1(_v24);
								__eflags = _t332 - _t283;
								if(_t332 == _t283) {
									goto L42;
								} else {
									goto L35;
								}
								while(1) {
									L35:
									_t249 =  *(_t332 + 0x1ca0);
									__eflags = _t249 - _t283;
									if(_t249 == _t283) {
										break;
									}
									_t328 = _t332;
									_t332 = _t249;
									__eflags = _t332 - _t283;
									if(_t332 != _t283) {
										continue;
									}
									break;
								}
								__eflags = _t328 - _t283;
								if(_t328 != _t283) {
									 *(_t328 + 0x1ca0) = _t283;
								}
								_t250 =  *(_t332 + 0x1010);
								__eflags = _t250 & 0x00000008;
								if((_t250 & 0x00000008) == 0) {
									_t251 = _t250 | 0x00000002;
									__eflags = _t251;
									 *(_t332 + 0x1010) = _t251;
								} else {
									_t332 = E6F56162F(_t332);
									 *(_t332 + 0x1010) =  *(_t332 + 0x1010) & 0xfffffff5;
								}
								goto L42;
							} else {
								_t300 = _t288 - 1;
								__eflags = _t300;
								if(_t300 == 0) {
									L31:
									lstrcpyW(_t217, _v48);
									L32:
									lstrcpyW(_t322, _v24);
									goto L42;
								}
								_t301 = _t300 - 1;
								__eflags = _t301;
								if(_t301 == 0) {
									goto L32;
								}
								__eflags = _t301 != 1;
								if(_t301 != 1) {
									goto L42;
								}
								goto L31;
							}
						} else {
							if(_t215 == 1) {
								_t257 = _v16;
								if(_v40 == _t283) {
									_t257 = _t257 - 1;
								}
								 *(_t332 + 0x1014) = _t257;
							}
							L42:
							_v12 = _v12 + 2;
							_v28 = _v24;
							L59:
							if(_v32 != 0xffffffff) {
								_t321 = _v12;
								continue;
							}
							break;
						}
					}
					_t258 = _t213 - 0x23;
					if(_t258 == 0) {
						__eflags = _t321 - _v56;
						if(_t321 <= _v56) {
							L17:
							__eflags = _v44 - _t283;
							if(_v44 != _t283) {
								L43:
								_t260 = _v32 - _t283;
								__eflags = _t260;
								if(_t260 == 0) {
									_t261 = _t286;
									while(1) {
										__eflags = _t261 - 0x22;
										if(_t261 != 0x22) {
											break;
										}
										_t321 =  &(_t321[1]);
										__eflags = _v44 - _t283;
										_v12 = _t321;
										if(_v44 == _t283) {
											_v44 = 1;
											L162:
											_v28 =  &(_v28[0]);
											 *_v28 =  *_t321;
											L58:
											_t331 =  &(_t321[1]);
											__eflags = _t331;
											_v12 = _t331;
											goto L59;
										}
										_t261 =  *_t321 & 0x0000ffff;
										_v44 = _t283;
									}
									__eflags = _t261 - 0x2a;
									if(_t261 == 0x2a) {
										_v36 = 2;
										L57:
										_t321 = _v12;
										_v28 = _v24;
										_t283 = 0;
										__eflags = 0;
										goto L58;
									}
									__eflags = _t261 - 0x2d;
									if(_t261 == 0x2d) {
										L151:
										_t304 =  *_t321;
										__eflags = _t304 - 0x2d;
										if(_t304 != 0x2d) {
											L154:
											_t264 =  &(_t321[1]);
											__eflags =  *_t264 - 0x3a;
											if( *_t264 != 0x3a) {
												goto L162;
											}
											__eflags = _t304 - 0x2d;
											if(_t304 == 0x2d) {
												goto L162;
											}
											_v36 = 1;
											L157:
											_v12 = _t264;
											__eflags = _v28 - _v24;
											if(_v28 <= _v24) {
												 *_v48 = _t283;
											} else {
												 *_v28 = _t283;
												lstrcpyW(_v48, _v24);
											}
											goto L57;
										}
										_t264 =  &(_t321[1]);
										__eflags =  *_t264 - 0x3e;
										if( *_t264 != 0x3e) {
											goto L154;
										}
										_v36 = 3;
										goto L157;
									}
									__eflags = _t261 - 0x3a;
									if(_t261 != 0x3a) {
										goto L162;
									}
									goto L151;
								}
								_t269 = _t260 - 1;
								__eflags = _t269;
								if(_t269 == 0) {
									L80:
									_t305 = _t286 + 0xffffffde;
									__eflags = _t305 - 0x55;
									if(_t305 > 0x55) {
										goto L57;
									}
									switch( *((intOrPtr*)(( *(_t305 + 0x6f5623e8) & 0x000000ff) * 4 +  &M6F56235C))) {
										case 0:
											__ecx = _v24;
											__edi = _v12;
											while(1) {
												__edi = __edi + 1;
												__edi = __edi + 1;
												_v12 = __edi;
												__ax =  *__edi;
												__eflags = __ax - __dx;
												if(__ax != __dx) {
													goto L132;
												}
												L131:
												__eflags =  *((intOrPtr*)(__edi + 2)) - __dx;
												if( *((intOrPtr*)(__edi + 2)) != __dx) {
													L136:
													 *__ecx =  *__ecx & 0x00000000;
													__eax = E6F5612CC(_v24);
													__ebx = __eax;
													goto L97;
												}
												L132:
												__eflags = __ax;
												if(__ax == 0) {
													goto L136;
												}
												__eflags = __ax - __dx;
												if(__ax == __dx) {
													__edi = __edi + 1;
													__edi = __edi + 1;
													__eflags = __edi;
												}
												__ax =  *__edi;
												 *__ecx =  *__edi;
												__ecx = __ecx + 1;
												__ecx = __ecx + 1;
												__edi = __edi + 1;
												__edi = __edi + 1;
												_v12 = __edi;
												__ax =  *__edi;
												__eflags = __ax - __dx;
												if(__ax != __dx) {
													goto L132;
												}
												goto L131;
											}
										case 1:
											_v8 = 1;
											goto L57;
										case 2:
											_v8 = _v8 | 0xffffffff;
											goto L57;
										case 3:
											_v8 = _v8 & 0x00000000;
											_v20 = _v20 & 0x00000000;
											_v16 = _v16 + 1;
											goto L85;
										case 4:
											__eflags = _v20;
											if(_v20 != 0) {
												goto L57;
											}
											_v12 = _v12 - 2;
											__ebx = E6F5612BB();
											 &_v12 = E6F561B86( &_v12);
											__eax = E6F561510(__edx, __eax, __edx, __ebx);
											goto L97;
										case 5:
											L105:
											_v20 = _v20 + 1;
											goto L57;
										case 6:
											_push(7);
											goto L123;
										case 7:
											_push(0x19);
											goto L143;
										case 8:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L107;
										case 9:
											_push(0x15);
											goto L143;
										case 0xa:
											_push(0x16);
											goto L143;
										case 0xb:
											_push(0x18);
											goto L143;
										case 0xc:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L118;
										case 0xd:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L109;
										case 0xe:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L111;
										case 0xf:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L122;
										case 0x10:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L113;
										case 0x11:
											_push(3);
											goto L123;
										case 0x12:
											_push(0x17);
											L143:
											_pop(__ebx);
											goto L98;
										case 0x13:
											__eax =  &_v12;
											__eax = E6F561B86( &_v12);
											__ebx = __eax;
											__ebx = __eax + 1;
											__eflags = __ebx - 0xb;
											if(__ebx < 0xb) {
												__ebx = __ebx + 0xa;
											}
											goto L97;
										case 0x14:
											__ebx = 0xffffffff;
											goto L98;
										case 0x15:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L116;
										case 0x16:
											__ecx = 0;
											__eflags = 0;
											goto L91;
										case 0x17:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L120;
										case 0x18:
											_t271 =  *(_t332 + 0x1014);
											__eflags = _t271 - _v16;
											if(_t271 > _v16) {
												_v16 = _t271;
											}
											_v8 = _v8 & 0x00000000;
											_v20 = _v20 & 0x00000000;
											_v36 - 3 = _t271 - (_v36 == 3);
											if(_t271 != _v36 == 3) {
												L85:
												_v40 = 1;
											}
											goto L57;
										case 0x19:
											L107:
											__ecx = 0;
											_v8 = 2;
											__ecx = 1;
											goto L91;
										case 0x1a:
											L118:
											_push(5);
											goto L123;
										case 0x1b:
											L109:
											__ecx = 0;
											_v8 = 3;
											__ecx = 1;
											goto L91;
										case 0x1c:
											L111:
											__ecx = 0;
											__ecx = 1;
											goto L91;
										case 0x1d:
											L122:
											_push(6);
											goto L123;
										case 0x1e:
											L113:
											_push(2);
											goto L123;
										case 0x1f:
											__eax =  &_v12;
											__eax = E6F561B86( &_v12);
											__ebx = __eax;
											__ebx = __eax + 1;
											goto L97;
										case 0x20:
											L116:
											_v52 = _v52 + 1;
											_push(4);
											_pop(__ecx);
											goto L91;
										case 0x21:
											L120:
											_push(4);
											L123:
											_pop(__ecx);
											L91:
											__edi = _v16;
											__edx =  *(0x6f56405c + __ecx * 4);
											__eax =  ~__eax;
											asm("sbb eax, eax");
											_v40 = 1;
											__edi = _v16 << 5;
											__eax = __eax & 0x00008000;
											__edi = (_v16 << 5) + __esi;
											__eax = __eax | __ecx;
											__eflags = _v8;
											 *(__edi + 0x1018) = __eax;
											if(_v8 < 0) {
												L93:
												__edx = 0;
												__edx = 1;
												__eflags = 1;
												L94:
												__eflags = _v8 - 1;
												 *(__edi + 0x1028) = __edx;
												if(_v8 == 1) {
													__eax =  &_v12;
													__eax = E6F561B86( &_v12);
													__eax = __eax + 1;
													__eflags = __eax;
													_v8 = __eax;
												}
												__eax = _v8;
												 *((intOrPtr*)(__edi + 0x101c)) = _v8;
												_t136 = _v16 + 0x81; // 0x81
												_t136 = _t136 << 5;
												__eax = 0;
												__eflags = 0;
												 *((intOrPtr*)((_t136 << 5) + __esi)) = 0;
												 *((intOrPtr*)(__edi + 0x1030)) = 0;
												 *((intOrPtr*)(__edi + 0x102c)) = 0;
												L97:
												__eflags = __ebx;
												if(__ebx == 0) {
													goto L57;
												}
												L98:
												__eflags = _v20;
												_v40 = 1;
												if(_v20 != 0) {
													L103:
													__eflags = _v20 - 1;
													if(_v20 == 1) {
														__eax = _v16;
														__eax = _v16 << 5;
														__eflags = __eax;
														 *(__eax + __esi + 0x102c) = __ebx;
													}
													goto L105;
												}
												_v16 = _v16 << 5;
												_t144 = __esi + 0x1030; // 0x1030
												__edi = (_v16 << 5) + _t144;
												__eax =  *__edi;
												__eflags = __eax - 0xffffffff;
												if(__eax <= 0xffffffff) {
													L101:
													__eax = GlobalFree(__eax);
													L102:
													 *__edi = __ebx;
													goto L103;
												}
												__eflags = __eax - 0x19;
												if(__eax <= 0x19) {
													goto L102;
												}
												goto L101;
											}
											__eflags = __edx;
											if(__edx > 0) {
												goto L94;
											}
											goto L93;
										case 0x22:
											goto L57;
									}
								}
								_t272 = _t269 - 1;
								__eflags = _t272;
								if(_t272 == 0) {
									_v16 = _t283;
									goto L80;
								}
								__eflags = _t272 != 1;
								if(_t272 != 1) {
									goto L162;
								}
								__eflags = _t286 - 0x6e;
								if(__eflags > 0) {
									_t309 = _t286 - 0x72;
									__eflags = _t309;
									if(_t309 == 0) {
										_push(4);
										L74:
										_pop(_t274);
										L75:
										__eflags = _v8 - 1;
										if(_v8 != 1) {
											_t96 = _t332 + 0x1010;
											 *_t96 =  *(_t332 + 0x1010) &  !_t274;
											__eflags =  *_t96;
										} else {
											 *(_t332 + 0x1010) =  *(_t332 + 0x1010) | _t274;
										}
										_v8 = 1;
										goto L57;
									}
									_t312 = _t309 - 1;
									__eflags = _t312;
									if(_t312 == 0) {
										_push(0x10);
										goto L74;
									}
									__eflags = _t312 != 0;
									if(_t312 != 0) {
										goto L57;
									}
									_push(0x40);
									goto L74;
								}
								if(__eflags == 0) {
									_push(8);
									goto L74;
								}
								_t315 = _t286 - 0x21;
								__eflags = _t315;
								if(_t315 == 0) {
									_v8 =  ~_v8;
									goto L57;
								}
								_t316 = _t315 - 0x11;
								__eflags = _t316;
								if(_t316 == 0) {
									_t274 = 0x100;
									goto L75;
								}
								_t317 = _t316 - 0x31;
								__eflags = _t317;
								if(_t317 == 0) {
									_t274 = 1;
									goto L75;
								}
								__eflags = _t317 != 0;
								if(_t317 != 0) {
									goto L57;
								}
								_push(0x20);
								goto L74;
							} else {
								_v32 = _t283;
								_v36 = _t283;
								goto L20;
							}
						}
						__eflags =  *((short*)(_t321 - 2)) - 0x3a;
						if( *((short*)(_t321 - 2)) != 0x3a) {
							goto L17;
						}
						__eflags = _v32 - _t283;
						if(_v32 == _t283) {
							goto L43;
						}
						goto L17;
					}
					_t277 = _t258 - 5;
					if(_t277 == 0) {
						__eflags = _v44 - _t283;
						if(_v44 != _t283) {
							goto L43;
						} else {
							__eflags = _v36 - 3;
							_v32 = 1;
							_v8 = _t283;
							_v20 = _t283;
							_v16 = (0 | _v36 == 0x00000003) + 1;
							_v40 = _t283;
							goto L20;
						}
					}
					_t281 = _t277 - 1;
					if(_t281 == 0) {
						__eflags = _v44 - _t283;
						if(_v44 != _t283) {
							goto L43;
						} else {
							_v32 = 2;
							_v8 = _t283;
							_v20 = _t283;
							goto L20;
						}
					}
					if(_t281 != 0x16) {
						goto L43;
					} else {
						_v32 = 3;
						_v8 = 1;
						goto L20;
					}
				}
				GlobalFree(_v56);
				GlobalFree(_v24);
				GlobalFree(_v48);
				if(_t332 == _t283 ||  *(_t332 + 0x100c) != _t283) {
					L182:
					return _t332;
				} else {
					_t225 =  *_t332 - 1;
					if(_t225 == 0) {
						_t187 = _t332 + 8; // 0x8
						_t324 = _t187;
						__eflags =  *_t324 - _t283;
						if( *_t324 != _t283) {
							_t226 = GetModuleHandleW(_t324);
							__eflags = _t226 - _t283;
							 *(_t332 + 0x1008) = _t226;
							if(_t226 != _t283) {
								L171:
								_t192 = _t332 + 0x808; // 0x808
								_t325 = _t192;
								_t227 = E6F5616BD( *(_t332 + 0x1008), _t325);
								__eflags = _t227 - _t283;
								 *(_t332 + 0x100c) = _t227;
								if(_t227 == _t283) {
									__eflags =  *_t325 - 0x23;
									if( *_t325 == 0x23) {
										_t195 = _t332 + 0x80a; // 0x80a
										_t231 = E6F5613B1(_t195);
										__eflags = _t231 - _t283;
										if(_t231 != _t283) {
											__eflags = _t231 & 0xffff0000;
											if((_t231 & 0xffff0000) == 0) {
												 *(_t332 + 0x100c) = GetProcAddress( *(_t332 + 0x1008), _t231 & 0x0000ffff);
											}
										}
									}
								}
								__eflags = _v52 - _t283;
								if(_v52 != _t283) {
									L178:
									_t325[lstrlenW(_t325)] = 0x57;
									_t229 = E6F5616BD( *(_t332 + 0x1008), _t325);
									__eflags = _t229 - _t283;
									if(_t229 != _t283) {
										L166:
										 *(_t332 + 0x100c) = _t229;
										goto L182;
									}
									__eflags =  *(_t332 + 0x100c) - _t283;
									L180:
									if(__eflags != 0) {
										goto L182;
									}
									L181:
									_t206 = _t332 + 4;
									 *_t206 =  *(_t332 + 4) | 0xffffffff;
									__eflags =  *_t206;
									goto L182;
								} else {
									__eflags =  *(_t332 + 0x100c) - _t283;
									if( *(_t332 + 0x100c) != _t283) {
										goto L182;
									}
									goto L178;
								}
							}
							_t234 = LoadLibraryW(_t324);
							__eflags = _t234 - _t283;
							 *(_t332 + 0x1008) = _t234;
							if(_t234 == _t283) {
								goto L181;
							}
							goto L171;
						}
						_t188 = _t332 + 0x808; // 0x808
						_t236 = E6F5613B1(_t188);
						 *(_t332 + 0x100c) = _t236;
						__eflags = _t236 - _t283;
						goto L180;
					}
					_t237 = _t225 - 1;
					if(_t237 == 0) {
						_t185 = _t332 + 0x808; // 0x808
						_t238 = _t185;
						__eflags =  *_t238 - _t283;
						if( *_t238 == _t283) {
							goto L182;
						}
						_t229 = E6F5613B1(_t238);
						L165:
						goto L166;
					}
					if(_t237 != 1) {
						goto L182;
					}
					_t81 = _t332 + 8; // 0x8
					_t284 = _t81;
					_t326 = E6F5613B1(_t81);
					 *(_t332 + 0x1008) = _t326;
					if(_t326 == 0) {
						goto L181;
					}
					 *(_t332 + 0x104c) =  *(_t332 + 0x104c) & 0x00000000;
					 *((intOrPtr*)(_t332 + 0x1050)) = E6F5612CC(_t284);
					 *(_t332 + 0x103c) =  *(_t332 + 0x103c) & 0x00000000;
					 *((intOrPtr*)(_t332 + 0x1048)) = 1;
					 *((intOrPtr*)(_t332 + 0x1038)) = 1;
					_t90 = _t332 + 0x808; // 0x808
					_t229 =  *(_t326->i + E6F5613B1(_t90) * 4);
					goto L165;
				}
			}


































































                                                                                                                              0x6f561c07
                                                                                                                              0x6f561c0a
                                                                                                                              0x6f561c0d
                                                                                                                              0x6f561c10
                                                                                                                              0x6f561c13
                                                                                                                              0x6f561c16
                                                                                                                              0x6f561c19
                                                                                                                              0x6f561c1b
                                                                                                                              0x6f561c1e
                                                                                                                              0x6f561c21
                                                                                                                              0x6f561c26
                                                                                                                              0x6f561c29
                                                                                                                              0x6f561c31
                                                                                                                              0x6f561c39
                                                                                                                              0x6f561c3b
                                                                                                                              0x6f561c3e
                                                                                                                              0x6f561c46
                                                                                                                              0x6f561c46
                                                                                                                              0x6f561c4b
                                                                                                                              0x6f561c4e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f561c5b
                                                                                                                              0x6f561c60
                                                                                                                              0x6f561c62
                                                                                                                              0x6f561cf4
                                                                                                                              0x6f561cf4
                                                                                                                              0x6f561cf4
                                                                                                                              0x6f561cf8
                                                                                                                              0x6f561cfb
                                                                                                                              0x6f561cfd
                                                                                                                              0x6f561d1f
                                                                                                                              0x6f561d21
                                                                                                                              0x6f561d24
                                                                                                                              0x6f561d2d
                                                                                                                              0x6f561d33
                                                                                                                              0x6f561d35
                                                                                                                              0x6f561d3b
                                                                                                                              0x6f561d3b
                                                                                                                              0x6f561d41
                                                                                                                              0x6f561d44
                                                                                                                              0x6f561d44
                                                                                                                              0x6f561d47
                                                                                                                              0x6f561d47
                                                                                                                              0x6f561d4d
                                                                                                                              0x6f561d4f
                                                                                                                              0x6f561d4f
                                                                                                                              0x6f561d51
                                                                                                                              0x6f561d54
                                                                                                                              0x6f561d57
                                                                                                                              0x6f561d5d
                                                                                                                              0x6f561d63
                                                                                                                              0x6f561d66
                                                                                                                              0x6f561d8a
                                                                                                                              0x6f561d8d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f561d90
                                                                                                                              0x6f561d92
                                                                                                                              0x6f561da0
                                                                                                                              0x6f561da3
                                                                                                                              0x6f561da5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f561da7
                                                                                                                              0x6f561da7
                                                                                                                              0x6f561da7
                                                                                                                              0x6f561dad
                                                                                                                              0x6f561daf
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f561db1
                                                                                                                              0x6f561db3
                                                                                                                              0x6f561db5
                                                                                                                              0x6f561db7
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f561db7
                                                                                                                              0x6f561db9
                                                                                                                              0x6f561dbb
                                                                                                                              0x6f561dbd
                                                                                                                              0x6f561dbd
                                                                                                                              0x6f561dc3
                                                                                                                              0x6f561dc9
                                                                                                                              0x6f561dcb
                                                                                                                              0x6f561ddf
                                                                                                                              0x6f561ddf
                                                                                                                              0x6f561de1
                                                                                                                              0x6f561dcd
                                                                                                                              0x6f561dd3
                                                                                                                              0x6f561dd6
                                                                                                                              0x6f561dd6
                                                                                                                              0x00000000
                                                                                                                              0x6f561d68
                                                                                                                              0x6f561d68
                                                                                                                              0x6f561d68
                                                                                                                              0x6f561d69
                                                                                                                              0x6f561d71
                                                                                                                              0x6f561d75
                                                                                                                              0x6f561d7b
                                                                                                                              0x6f561d7f
                                                                                                                              0x00000000
                                                                                                                              0x6f561d7f
                                                                                                                              0x6f561d6b
                                                                                                                              0x6f561d6b
                                                                                                                              0x6f561d6c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f561d6e
                                                                                                                              0x6f561d6f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f561d6f
                                                                                                                              0x6f561cff
                                                                                                                              0x6f561d00
                                                                                                                              0x6f561d09
                                                                                                                              0x6f561d0c
                                                                                                                              0x6f561d19
                                                                                                                              0x6f561d19
                                                                                                                              0x6f561d0e
                                                                                                                              0x6f561d0e
                                                                                                                              0x6f561de7
                                                                                                                              0x6f561dea
                                                                                                                              0x6f561dee
                                                                                                                              0x6f561e61
                                                                                                                              0x6f561e65
                                                                                                                              0x6f561c43
                                                                                                                              0x00000000
                                                                                                                              0x6f561c43
                                                                                                                              0x00000000
                                                                                                                              0x6f561e65
                                                                                                                              0x6f561cfd
                                                                                                                              0x6f561c68
                                                                                                                              0x6f561c6b
                                                                                                                              0x6f561cce
                                                                                                                              0x6f561cd1
                                                                                                                              0x6f561ce3
                                                                                                                              0x6f561ce3
                                                                                                                              0x6f561ce6
                                                                                                                              0x6f561df3
                                                                                                                              0x6f561df6
                                                                                                                              0x6f561df6
                                                                                                                              0x6f561df8
                                                                                                                              0x6f5621ae
                                                                                                                              0x6f5621c6
                                                                                                                              0x6f5621c6
                                                                                                                              0x6f5621c9
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f5621b3
                                                                                                                              0x6f5621b4
                                                                                                                              0x6f5621b7
                                                                                                                              0x6f5621ba
                                                                                                                              0x6f562244
                                                                                                                              0x6f56224b
                                                                                                                              0x6f562251
                                                                                                                              0x6f562255
                                                                                                                              0x6f561e5c
                                                                                                                              0x6f561e5d
                                                                                                                              0x6f561e5d
                                                                                                                              0x6f561e5e
                                                                                                                              0x00000000
                                                                                                                              0x6f561e5e
                                                                                                                              0x6f5621c0
                                                                                                                              0x6f5621c3
                                                                                                                              0x6f5621c3
                                                                                                                              0x6f5621cb
                                                                                                                              0x6f5621ce
                                                                                                                              0x6f562238
                                                                                                                              0x6f561e51
                                                                                                                              0x6f561e54
                                                                                                                              0x6f561e57
                                                                                                                              0x6f561e5a
                                                                                                                              0x6f561e5a
                                                                                                                              0x00000000
                                                                                                                              0x6f561e5a
                                                                                                                              0x6f5621d0
                                                                                                                              0x6f5621d3
                                                                                                                              0x6f5621da
                                                                                                                              0x6f5621da
                                                                                                                              0x6f5621dd
                                                                                                                              0x6f5621e1
                                                                                                                              0x6f5621f5
                                                                                                                              0x6f5621f5
                                                                                                                              0x6f5621f8
                                                                                                                              0x6f5621fc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f5621fe
                                                                                                                              0x6f562202
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f562204
                                                                                                                              0x6f56220b
                                                                                                                              0x6f56220b
                                                                                                                              0x6f562211
                                                                                                                              0x6f562214
                                                                                                                              0x6f562230
                                                                                                                              0x6f562216
                                                                                                                              0x6f56221f
                                                                                                                              0x6f562222
                                                                                                                              0x6f562222
                                                                                                                              0x00000000
                                                                                                                              0x6f562214
                                                                                                                              0x6f5621e3
                                                                                                                              0x6f5621e6
                                                                                                                              0x6f5621ea
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f5621ec
                                                                                                                              0x00000000
                                                                                                                              0x6f5621ec
                                                                                                                              0x6f5621d5
                                                                                                                              0x6f5621d8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f5621d8
                                                                                                                              0x6f561dfe
                                                                                                                              0x6f561dfe
                                                                                                                              0x6f561dff
                                                                                                                              0x6f561f49
                                                                                                                              0x6f561f49
                                                                                                                              0x6f561f50
                                                                                                                              0x6f561f53
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f561f60
                                                                                                                              0x00000000
                                                                                                                              0x6f56214b
                                                                                                                              0x6f56214e
                                                                                                                              0x6f562151
                                                                                                                              0x6f562151
                                                                                                                              0x6f562152
                                                                                                                              0x6f562153
                                                                                                                              0x6f562156
                                                                                                                              0x6f562159
                                                                                                                              0x6f56215c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f56215e
                                                                                                                              0x6f56215e
                                                                                                                              0x6f562162
                                                                                                                              0x6f56217a
                                                                                                                              0x6f56217d
                                                                                                                              0x6f562181
                                                                                                                              0x6f562187
                                                                                                                              0x00000000
                                                                                                                              0x6f562187
                                                                                                                              0x6f562164
                                                                                                                              0x6f562164
                                                                                                                              0x6f562167
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f562169
                                                                                                                              0x6f56216c
                                                                                                                              0x6f56216e
                                                                                                                              0x6f56216f
                                                                                                                              0x6f56216f
                                                                                                                              0x6f56216f
                                                                                                                              0x6f562170
                                                                                                                              0x6f562173
                                                                                                                              0x6f562176
                                                                                                                              0x6f562177
                                                                                                                              0x6f562151
                                                                                                                              0x6f562152
                                                                                                                              0x6f562153
                                                                                                                              0x6f562156
                                                                                                                              0x6f562159
                                                                                                                              0x6f56215c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f56215c
                                                                                                                              0x00000000
                                                                                                                              0x6f561fa7
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f561fb3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f561f9a
                                                                                                                              0x6f561f9e
                                                                                                                              0x6f561fa2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f56211c
                                                                                                                              0x6f562120
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f562126
                                                                                                                              0x6f56212f
                                                                                                                              0x6f562136
                                                                                                                              0x6f56213e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f562083
                                                                                                                              0x6f562083
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f561fbc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f5621a6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f56208b
                                                                                                                              0x6f56208d
                                                                                                                              0x6f56208d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f562196
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f56219a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f5621a2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f5620d3
                                                                                                                              0x6f5620d5
                                                                                                                              0x6f5620d5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f56209d
                                                                                                                              0x6f56209f
                                                                                                                              0x6f56209f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f5620af
                                                                                                                              0x6f5620b1
                                                                                                                              0x6f5620b1
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f5620e1
                                                                                                                              0x6f5620e3
                                                                                                                              0x6f5620e3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f5620ba
                                                                                                                              0x6f5620bc
                                                                                                                              0x6f5620bc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f5620c1
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f56219e
                                                                                                                              0x6f5621a8
                                                                                                                              0x6f5621a8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f5620ec
                                                                                                                              0x6f5620f0
                                                                                                                              0x6f5620f5
                                                                                                                              0x6f5620f8
                                                                                                                              0x6f5620f9
                                                                                                                              0x6f5620fc
                                                                                                                              0x6f562102
                                                                                                                              0x6f562102
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f56218e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f5620c5
                                                                                                                              0x6f5620c7
                                                                                                                              0x6f5620c7
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f561fc3
                                                                                                                              0x6f561fc3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f5620da
                                                                                                                              0x6f5620dc
                                                                                                                              0x6f5620dc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f561f67
                                                                                                                              0x6f561f6d
                                                                                                                              0x6f561f70
                                                                                                                              0x6f561f72
                                                                                                                              0x6f561f72
                                                                                                                              0x6f561f75
                                                                                                                              0x6f561f79
                                                                                                                              0x6f561f86
                                                                                                                              0x6f561f88
                                                                                                                              0x6f561f8e
                                                                                                                              0x6f561f8e
                                                                                                                              0x6f561f8e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f56208e
                                                                                                                              0x6f56208e
                                                                                                                              0x6f562090
                                                                                                                              0x6f562097
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f5620d6
                                                                                                                              0x6f5620d6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f5620a0
                                                                                                                              0x6f5620a0
                                                                                                                              0x6f5620a2
                                                                                                                              0x6f5620a9
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f5620b2
                                                                                                                              0x6f5620b2
                                                                                                                              0x6f5620b4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f5620e4
                                                                                                                              0x6f5620e4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f5620bd
                                                                                                                              0x6f5620bd
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f56210a
                                                                                                                              0x6f56210e
                                                                                                                              0x6f562113
                                                                                                                              0x6f562116
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f5620c8
                                                                                                                              0x6f5620c8
                                                                                                                              0x6f5620cb
                                                                                                                              0x6f5620cd
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f5620dd
                                                                                                                              0x6f5620dd
                                                                                                                              0x6f5620e6
                                                                                                                              0x6f5620e6
                                                                                                                              0x6f561fc5
                                                                                                                              0x6f561fc5
                                                                                                                              0x6f561fc8
                                                                                                                              0x6f561fcf
                                                                                                                              0x6f561fd1
                                                                                                                              0x6f561fd3
                                                                                                                              0x6f561fda
                                                                                                                              0x6f561fdd
                                                                                                                              0x6f561fe2
                                                                                                                              0x6f561fe4
                                                                                                                              0x6f561fe6
                                                                                                                              0x6f561fea
                                                                                                                              0x6f561ff0
                                                                                                                              0x6f561ff6
                                                                                                                              0x6f561ff6
                                                                                                                              0x6f561ff8
                                                                                                                              0x6f561ff8
                                                                                                                              0x6f561ff9
                                                                                                                              0x6f561ff9
                                                                                                                              0x6f561ffd
                                                                                                                              0x6f562003
                                                                                                                              0x6f562005
                                                                                                                              0x6f562009
                                                                                                                              0x6f56200e
                                                                                                                              0x6f56200e
                                                                                                                              0x6f562010
                                                                                                                              0x6f562010
                                                                                                                              0x6f562013
                                                                                                                              0x6f562016
                                                                                                                              0x6f56201f
                                                                                                                              0x6f562025
                                                                                                                              0x6f562028
                                                                                                                              0x6f562028
                                                                                                                              0x6f56202a
                                                                                                                              0x6f56202d
                                                                                                                              0x6f562033
                                                                                                                              0x6f562039
                                                                                                                              0x6f562039
                                                                                                                              0x6f56203b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f562041
                                                                                                                              0x6f562041
                                                                                                                              0x6f562045
                                                                                                                              0x6f56204c
                                                                                                                              0x6f562070
                                                                                                                              0x6f562070
                                                                                                                              0x6f562074
                                                                                                                              0x6f562076
                                                                                                                              0x6f562079
                                                                                                                              0x6f562079
                                                                                                                              0x6f56207c
                                                                                                                              0x6f56207c
                                                                                                                              0x00000000
                                                                                                                              0x6f562074
                                                                                                                              0x6f562051
                                                                                                                              0x6f562054
                                                                                                                              0x6f562054
                                                                                                                              0x6f56205b
                                                                                                                              0x6f56205d
                                                                                                                              0x6f562060
                                                                                                                              0x6f562067
                                                                                                                              0x6f562068
                                                                                                                              0x6f56206e
                                                                                                                              0x6f56206e
                                                                                                                              0x00000000
                                                                                                                              0x6f56206e
                                                                                                                              0x6f562062
                                                                                                                              0x6f562065
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f562065
                                                                                                                              0x6f561ff2
                                                                                                                              0x6f561ff4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f561f60
                                                                                                                              0x6f561e05
                                                                                                                              0x6f561e05
                                                                                                                              0x6f561e06
                                                                                                                              0x6f561f46
                                                                                                                              0x00000000
                                                                                                                              0x6f561f46
                                                                                                                              0x6f561e0c
                                                                                                                              0x6f561e0d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f561e13
                                                                                                                              0x6f561e16
                                                                                                                              0x6f561f0b
                                                                                                                              0x6f561f0b
                                                                                                                              0x6f561f0e
                                                                                                                              0x6f561f23
                                                                                                                              0x6f561f25
                                                                                                                              0x6f561f25
                                                                                                                              0x6f561f26
                                                                                                                              0x6f561f29
                                                                                                                              0x6f561f2c
                                                                                                                              0x6f561f38
                                                                                                                              0x6f561f38
                                                                                                                              0x6f561f38
                                                                                                                              0x6f561f2e
                                                                                                                              0x6f561f2e
                                                                                                                              0x6f561f2e
                                                                                                                              0x6f561f3e
                                                                                                                              0x00000000
                                                                                                                              0x6f561f3e
                                                                                                                              0x6f561f10
                                                                                                                              0x6f561f10
                                                                                                                              0x6f561f11
                                                                                                                              0x6f561f1f
                                                                                                                              0x00000000
                                                                                                                              0x6f561f1f
                                                                                                                              0x6f561f14
                                                                                                                              0x6f561f15
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f561f1b
                                                                                                                              0x00000000
                                                                                                                              0x6f561f1b
                                                                                                                              0x6f561e1c
                                                                                                                              0x6f561f07
                                                                                                                              0x00000000
                                                                                                                              0x6f561f07
                                                                                                                              0x6f561e22
                                                                                                                              0x6f561e22
                                                                                                                              0x6f561e25
                                                                                                                              0x6f561e4e
                                                                                                                              0x00000000
                                                                                                                              0x6f561e4e
                                                                                                                              0x6f561e27
                                                                                                                              0x6f561e27
                                                                                                                              0x6f561e2a
                                                                                                                              0x6f561e44
                                                                                                                              0x00000000
                                                                                                                              0x6f561e44
                                                                                                                              0x6f561e2c
                                                                                                                              0x6f561e2c
                                                                                                                              0x6f561e2f
                                                                                                                              0x6f561e3e
                                                                                                                              0x00000000
                                                                                                                              0x6f561e3e
                                                                                                                              0x6f561e32
                                                                                                                              0x6f561e33
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f561e35
                                                                                                                              0x00000000
                                                                                                                              0x6f561cec
                                                                                                                              0x6f561cec
                                                                                                                              0x6f561cef
                                                                                                                              0x00000000
                                                                                                                              0x6f561cef
                                                                                                                              0x6f561ce6
                                                                                                                              0x6f561cd3
                                                                                                                              0x6f561cd8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f561cda
                                                                                                                              0x6f561cdd
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f561cdd
                                                                                                                              0x6f561c6d
                                                                                                                              0x6f561c70
                                                                                                                              0x6f561ca6
                                                                                                                              0x6f561ca9
                                                                                                                              0x00000000
                                                                                                                              0x6f561caf
                                                                                                                              0x6f561cb1
                                                                                                                              0x6f561cb5
                                                                                                                              0x6f561cbc
                                                                                                                              0x6f561cc3
                                                                                                                              0x6f561cc6
                                                                                                                              0x6f561cc9
                                                                                                                              0x00000000
                                                                                                                              0x6f561cc9
                                                                                                                              0x6f561ca9
                                                                                                                              0x6f561c72
                                                                                                                              0x6f561c73
                                                                                                                              0x6f561c8e
                                                                                                                              0x6f561c91
                                                                                                                              0x00000000
                                                                                                                              0x6f561c97
                                                                                                                              0x6f561c97
                                                                                                                              0x6f561c9e
                                                                                                                              0x6f561ca1
                                                                                                                              0x00000000
                                                                                                                              0x6f561ca1
                                                                                                                              0x6f561c91
                                                                                                                              0x6f561c78
                                                                                                                              0x00000000
                                                                                                                              0x6f561c7e
                                                                                                                              0x6f561c7e
                                                                                                                              0x6f561c85
                                                                                                                              0x00000000
                                                                                                                              0x6f561c85
                                                                                                                              0x6f561c78
                                                                                                                              0x6f561e74
                                                                                                                              0x6f561e79
                                                                                                                              0x6f561e7e
                                                                                                                              0x6f561e82
                                                                                                                              0x6f562355
                                                                                                                              0x6f56235b
                                                                                                                              0x6f561e94
                                                                                                                              0x6f561e96
                                                                                                                              0x6f561e97
                                                                                                                              0x6f56227e
                                                                                                                              0x6f56227e
                                                                                                                              0x6f562281
                                                                                                                              0x6f562284
                                                                                                                              0x6f5622a1
                                                                                                                              0x6f5622a7
                                                                                                                              0x6f5622a9
                                                                                                                              0x6f5622af
                                                                                                                              0x6f5622c6
                                                                                                                              0x6f5622c6
                                                                                                                              0x6f5622c6
                                                                                                                              0x6f5622d3
                                                                                                                              0x6f5622d9
                                                                                                                              0x6f5622dc
                                                                                                                              0x6f5622e2
                                                                                                                              0x6f5622e4
                                                                                                                              0x6f5622e8
                                                                                                                              0x6f5622ea
                                                                                                                              0x6f5622f1
                                                                                                                              0x6f5622f6
                                                                                                                              0x6f5622f9
                                                                                                                              0x6f5622fb
                                                                                                                              0x6f562300
                                                                                                                              0x6f562312
                                                                                                                              0x6f562312
                                                                                                                              0x6f562300
                                                                                                                              0x6f5622f9
                                                                                                                              0x6f5622e8
                                                                                                                              0x6f562318
                                                                                                                              0x6f56231b
                                                                                                                              0x6f562325
                                                                                                                              0x6f56232d
                                                                                                                              0x6f56233a
                                                                                                                              0x6f562340
                                                                                                                              0x6f562343
                                                                                                                              0x6f562273
                                                                                                                              0x6f562273
                                                                                                                              0x00000000
                                                                                                                              0x6f562273
                                                                                                                              0x6f562349
                                                                                                                              0x6f56234f
                                                                                                                              0x6f56234f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f562351
                                                                                                                              0x6f562351
                                                                                                                              0x6f562351
                                                                                                                              0x6f562351
                                                                                                                              0x00000000
                                                                                                                              0x6f56231d
                                                                                                                              0x6f56231d
                                                                                                                              0x6f562323
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f562323
                                                                                                                              0x6f56231b
                                                                                                                              0x6f5622b2
                                                                                                                              0x6f5622b8
                                                                                                                              0x6f5622ba
                                                                                                                              0x6f5622c0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f5622c0
                                                                                                                              0x6f562286
                                                                                                                              0x6f56228d
                                                                                                                              0x6f562293
                                                                                                                              0x6f562299
                                                                                                                              0x00000000
                                                                                                                              0x6f562299
                                                                                                                              0x6f561e9d
                                                                                                                              0x6f561e9e
                                                                                                                              0x6f56225d
                                                                                                                              0x6f56225d
                                                                                                                              0x6f562263
                                                                                                                              0x6f562266
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f56226d
                                                                                                                              0x6f562272
                                                                                                                              0x00000000
                                                                                                                              0x6f562272
                                                                                                                              0x6f561ea5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f561eab
                                                                                                                              0x6f561eab
                                                                                                                              0x6f561eb4
                                                                                                                              0x6f561eb9
                                                                                                                              0x6f561ebf
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f561ec5
                                                                                                                              0x6f561ed2
                                                                                                                              0x6f561ed8
                                                                                                                              0x6f561ee2
                                                                                                                              0x6f561ee8
                                                                                                                              0x6f561ef0
                                                                                                                              0x6f561f00
                                                                                                                              0x00000000
                                                                                                                              0x6f561f00

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 6F5612BB: GlobalAlloc.KERNELBASE(00000040,?,6F5612DB,?,6F56137F,00000019,6F5611CA,-000000A0), ref: 6F5612C5
                                                                                                                              • GlobalAlloc.KERNELBASE(00000040,00001CA4), ref: 6F561D2D
                                                                                                                              • lstrcpyW.KERNEL32 ref: 6F561D75
                                                                                                                              • lstrcpyW.KERNEL32 ref: 6F561D7F
                                                                                                                              • GlobalFree.KERNEL32 ref: 6F561D92
                                                                                                                              • GlobalFree.KERNEL32 ref: 6F561E74
                                                                                                                              • GlobalFree.KERNEL32 ref: 6F561E79
                                                                                                                              • GlobalFree.KERNEL32 ref: 6F561E7E
                                                                                                                              • GlobalFree.KERNEL32 ref: 6F562068
                                                                                                                              • lstrcpyW.KERNEL32 ref: 6F562222
                                                                                                                              • GetModuleHandleW.KERNEL32(00000008), ref: 6F5622A1
                                                                                                                              • LoadLibraryW.KERNEL32(00000008), ref: 6F5622B2
                                                                                                                              • GetProcAddress.KERNEL32(?,?), ref: 6F56230C
                                                                                                                              • lstrlenW.KERNEL32(00000808), ref: 6F562326
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.699435220.000000006F561000.00000020.00000001.01000000.00000004.sdmp, Offset: 6F560000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.699425612.000000006F560000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699447140.000000006F564000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699455238.000000006F566000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6f560000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Global$Free$lstrcpy$Alloc$AddressHandleLibraryLoadModuleProclstrlen
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 245916457-0
                                                                                                                              • Opcode ID: 2a28027ed4ff7d0f2f45fe7fbbdf67728f42096cacd8387dd9db899c41316126
                                                                                                                              • Instruction ID: 41bbe553a3ef358b41724e1ed3714b06f4f62eb9f290e01e790d6ec64874ec24
                                                                                                                              • Opcode Fuzzy Hash: 2a28027ed4ff7d0f2f45fe7fbbdf67728f42096cacd8387dd9db899c41316126
                                                                                                                              • Instruction Fuzzy Hash: DA225A71D4464ADADB10CFA8C5846EEBBB0FF05B19F104A3ED1B5E62A0D774AE81CB50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405D74 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148filestringCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 1189 405d74-405d9a call 40603f 1192 405db3-405dba 1189->1192 1193 405d9c-405dae DeleteFileW 1189->1193 1195 405dbc-405dbe 1192->1195 1196 405dcd-405ddd call 406668 1192->1196 1194 405f30-405f34 1193->1194 1197 405dc4-405dc7 1195->1197 1198 405ede-405ee3 1195->1198 1202 405dec-405ded call 405f83 1196->1202 1203 405ddf-405dea lstrcatW 1196->1203 1197->1196 1197->1198 1198->1194 1201 405ee5-405ee8 1198->1201 1204 405ef2-405efa call 40699e 1201->1204 1205 405eea-405ef0 1201->1205 1206 405df2-405df6 1202->1206 1203->1206 1204->1194 1212 405efc-405f10 call 405f37 call 405d2c 1204->1212 1205->1194 1210 405e02-405e08 lstrcatW 1206->1210 1211 405df8-405e00 1206->1211 1213 405e0d-405e29 lstrlenW FindFirstFileW 1210->1213 1211->1210 1211->1213 1229 405f12-405f15 1212->1229 1230 405f28-405f2b call 4056ca 1212->1230 1214 405ed3-405ed7 1213->1214 1215 405e2f-405e37 1213->1215 1214->1198 1220 405ed9 1214->1220 1217 405e57-405e6b call 406668 1215->1217 1218 405e39-405e41 1215->1218 1231 405e82-405e8d call 405d2c 1217->1231 1232 405e6d-405e75 1217->1232 1221 405e43-405e4b 1218->1221 1222 405eb6-405ec6 FindNextFileW 1218->1222 1220->1198 1221->1217 1225 405e4d-405e55 1221->1225 1222->1215 1228 405ecc-405ecd FindClose 1222->1228 1225->1217 1225->1222 1228->1214 1229->1205 1233 405f17-405f26 call 4056ca call 406428 1229->1233 1230->1194 1242 405eae-405eb1 call 4056ca 1231->1242 1243 405e8f-405e92 1231->1243 1232->1222 1234 405e77-405e80 call 405d74 1232->1234 1233->1194 1234->1222 1242->1222 1246 405e94-405ea4 call 4056ca call 406428 1243->1246 1247 405ea6-405eac 1243->1247 1246->1222 1247->1222
                                                                                                                              C-Code - Quality: 98%
                                                                                                                              			E00405D74(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				short _v556;
				short _v558;
				struct _WIN32_FIND_DATAW _v604;
				signed int _t38;
				signed int _t52;
				signed int _t55;
				signed int _t62;
				void* _t64;
				signed char _t65;
				WCHAR* _t66;
				void* _t67;
				WCHAR* _t68;
				void* _t70;

				_t65 = _a8;
				_t68 = _a4;
				_v8 = _t65 & 0x00000004;
				_t38 = E0040603F(__eflags, _t68);
				_v12 = _t38;
				if((_t65 & 0x00000008) != 0) {
					_t62 = DeleteFileW(_t68); // executed
					asm("sbb eax, eax");
					_t64 =  ~_t62 + 1;
					 *0x42a2e8 =  *0x42a2e8 + _t64;
					return _t64;
				}
				_a4 = _t65;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E00406668(0x425750, _t68);
					__eflags = _a4;
					if(_a4 == 0) {
						E00405F83(_t68);
					} else {
						lstrcatW(0x425750, L"\\*.*");
					}
					__eflags =  *_t68;
					if( *_t68 != 0) {
						L10:
						lstrcatW(_t68, 0x40a014);
						L11:
						_t66 =  &(_t68[lstrlenW(_t68)]);
						_t38 = FindFirstFileW(0x425750,  &_v604); // executed
						_t70 = _t38;
						__eflags = _t70 - 0xffffffff;
						if(_t70 == 0xffffffff) {
							L26:
							__eflags = _a4;
							if(_a4 != 0) {
								_t30 = _t66 - 2;
								 *_t30 =  *(_t66 - 2) & 0x00000000;
								__eflags =  *_t30;
							}
							goto L28;
						} else {
							goto L12;
						}
						do {
							L12:
							__eflags = _v604.cFileName - 0x2e;
							if(_v604.cFileName != 0x2e) {
								L16:
								E00406668(_t66,  &(_v604.cFileName));
								__eflags = _v604.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t52 = E00405D2C(__eflags, _t68, _v8);
									__eflags = _t52;
									if(_t52 != 0) {
										E004056CA(0xfffffff2, _t68);
									} else {
										__eflags = _v8 - _t52;
										if(_v8 == _t52) {
											 *0x42a2e8 =  *0x42a2e8 + 1;
										} else {
											E004056CA(0xfffffff1, _t68);
											E00406428(_t67, _t68, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E00405D74(__eflags, _t68, _a8);
									}
								}
								goto L24;
							}
							__eflags = _v558;
							if(_v558 == 0) {
								goto L24;
							}
							__eflags = _v558 - 0x2e;
							if(_v558 != 0x2e) {
								goto L16;
							}
							__eflags = _v556;
							if(_v556 == 0) {
								goto L24;
							}
							goto L16;
							L24:
							_t55 = FindNextFileW(_t70,  &_v604);
							__eflags = _t55;
						} while (_t55 != 0);
						_t38 = FindClose(_t70);
						goto L26;
					}
					__eflags =  *0x425750 - 0x5c;
					if( *0x425750 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t38;
					if(_t38 == 0) {
						L28:
						__eflags = _a4;
						if(_a4 == 0) {
							L36:
							return _t38;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t38 = E0040699E(_t68);
							__eflags = _t38;
							if(_t38 == 0) {
								goto L36;
							}
							E00405F37(_t68);
							_t38 = E00405D2C(__eflags, _t68, _v8 | 0x00000001);
							__eflags = _t38;
							if(_t38 != 0) {
								return E004056CA(0xffffffe5, _t68);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L30;
							}
							E004056CA(0xfffffff1, _t68);
							return E00406428(_t67, _t68, 0);
						}
						L30:
						 *0x42a2e8 =  *0x42a2e8 + 1;
						return _t38;
					}
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) == 0) {
						goto L28;
					}
					goto L5;
				}
			}


















                                                                                                                              0x00405d7e
                                                                                                                              0x00405d83
                                                                                                                              0x00405d8c
                                                                                                                              0x00405d8f
                                                                                                                              0x00405d97
                                                                                                                              0x00405d9a
                                                                                                                              0x00405d9d
                                                                                                                              0x00405da5
                                                                                                                              0x00405da7
                                                                                                                              0x00405da8
                                                                                                                              0x00000000
                                                                                                                              0x00405da8
                                                                                                                              0x00405db3
                                                                                                                              0x00405db6
                                                                                                                              0x00405db6
                                                                                                                              0x00405db6
                                                                                                                              0x00405dba
                                                                                                                              0x00405dcd
                                                                                                                              0x00405dd4
                                                                                                                              0x00405dd9
                                                                                                                              0x00405ddd
                                                                                                                              0x00405ded
                                                                                                                              0x00405ddf
                                                                                                                              0x00405de5
                                                                                                                              0x00405de5
                                                                                                                              0x00405df2
                                                                                                                              0x00405df6
                                                                                                                              0x00405e02
                                                                                                                              0x00405e08
                                                                                                                              0x00405e0d
                                                                                                                              0x00405e13
                                                                                                                              0x00405e1e
                                                                                                                              0x00405e24
                                                                                                                              0x00405e26
                                                                                                                              0x00405e29
                                                                                                                              0x00405ed3
                                                                                                                              0x00405ed3
                                                                                                                              0x00405ed7
                                                                                                                              0x00405ed9
                                                                                                                              0x00405ed9
                                                                                                                              0x00405ed9
                                                                                                                              0x00405ed9
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405e2f
                                                                                                                              0x00405e2f
                                                                                                                              0x00405e2f
                                                                                                                              0x00405e37
                                                                                                                              0x00405e57
                                                                                                                              0x00405e5f
                                                                                                                              0x00405e64
                                                                                                                              0x00405e6b
                                                                                                                              0x00405e86
                                                                                                                              0x00405e8b
                                                                                                                              0x00405e8d
                                                                                                                              0x00405eb1
                                                                                                                              0x00405e8f
                                                                                                                              0x00405e8f
                                                                                                                              0x00405e92
                                                                                                                              0x00405ea6
                                                                                                                              0x00405e94
                                                                                                                              0x00405e97
                                                                                                                              0x00405e9f
                                                                                                                              0x00405e9f
                                                                                                                              0x00405e92
                                                                                                                              0x00405e6d
                                                                                                                              0x00405e73
                                                                                                                              0x00405e75
                                                                                                                              0x00405e7b
                                                                                                                              0x00405e7b
                                                                                                                              0x00405e75
                                                                                                                              0x00000000
                                                                                                                              0x00405e6b
                                                                                                                              0x00405e39
                                                                                                                              0x00405e41
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405e43
                                                                                                                              0x00405e4b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405e4d
                                                                                                                              0x00405e55
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405eb6
                                                                                                                              0x00405ebe
                                                                                                                              0x00405ec4
                                                                                                                              0x00405ec4
                                                                                                                              0x00405ecd
                                                                                                                              0x00000000
                                                                                                                              0x00405ecd
                                                                                                                              0x00405df8
                                                                                                                              0x00405e00
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405dbc
                                                                                                                              0x00405dbc
                                                                                                                              0x00405dbe
                                                                                                                              0x00405ede
                                                                                                                              0x00405ee0
                                                                                                                              0x00405ee3
                                                                                                                              0x00405f34
                                                                                                                              0x00405f34
                                                                                                                              0x00405f34
                                                                                                                              0x00405ee5
                                                                                                                              0x00405ee8
                                                                                                                              0x00405ef3
                                                                                                                              0x00405ef8
                                                                                                                              0x00405efa
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405efd
                                                                                                                              0x00405f09
                                                                                                                              0x00405f0e
                                                                                                                              0x00405f10
                                                                                                                              0x00000000
                                                                                                                              0x00405f2b
                                                                                                                              0x00405f12
                                                                                                                              0x00405f15
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405f1a
                                                                                                                              0x00000000
                                                                                                                              0x00405f21
                                                                                                                              0x00405eea
                                                                                                                              0x00405eea
                                                                                                                              0x00000000
                                                                                                                              0x00405eea
                                                                                                                              0x00405dc4
                                                                                                                              0x00405dc7
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405dc7

                                                                                                                              APIs
                                                                                                                              • DeleteFileW.KERNELBASE(?,?,76DDFAA0,76DDF560,00000000), ref: 00405D9D
                                                                                                                              • lstrcatW.KERNEL32(C:\Program Files (x86)\Winamp\Plugins\ml_ipod.dll,\*.*), ref: 00405DE5
                                                                                                                              • lstrcatW.KERNEL32(?,0040A014), ref: 00405E08
                                                                                                                              • lstrlenW.KERNEL32(?,?,0040A014,?,C:\Program Files (x86)\Winamp\Plugins\ml_ipod.dll,?,?,76DDFAA0,76DDF560,00000000), ref: 00405E0E
                                                                                                                              • FindFirstFileW.KERNELBASE(C:\Program Files (x86)\Winamp\Plugins\ml_ipod.dll,?,?,?,0040A014,?,C:\Program Files (x86)\Winamp\Plugins\ml_ipod.dll,?,?,76DDFAA0,76DDF560,00000000), ref: 00405E1E
                                                                                                                              • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405EBE
                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00405ECD
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                              • String ID: .$.$C:\Program Files (x86)\Winamp\Plugins\ml_ipod.dll$\*.*
                                                                                                                              • API String ID: 2035342205-2699520935
                                                                                                                              • Opcode ID: eb4081a649fdbb44c8907daec76b44e1c805ca5b036c6d0867ef95af4715127c
                                                                                                                              • Instruction ID: 3801e3340fbbb9c460ab277ab089a7ece50ce31247a5b640c745bca9484d7288
                                                                                                                              • Opcode Fuzzy Hash: eb4081a649fdbb44c8907daec76b44e1c805ca5b036c6d0867ef95af4715127c
                                                                                                                              • Instruction Fuzzy Hash: 46410330800A15AADB21AB61CC49BBF7678EF41715F50413FF881711D1DB7C4A82CEAE
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 6F3A1407 Relevance: 6.0, APIs: 4, Instructions: 44memoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 82%
                                                                                                                              			E6F3A1407(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				long _t20;

				if(_a8 != 0x408 || _a12 != 0xffffffff) {
					L4:
					_t20 = CallWindowProcW( *0x6f3a6148, _a4, _a8, _a12, _a16);
					if(_a8 == 0x408 && _t20 == 0) {
						DestroyWindow( *0x6f3a6140); // executed
						HeapFree(GetProcessHeap(), _t20,  *0x6f3a6158);
						 *0x6f3a6140 =  *0x6f3a6140 & _t20;
						 *0x6f3a6158 =  *0x6f3a6158 & _t20;
					}
					return _t20;
				} else {
					_push(0);
					_push( *0x6f3a6150 - 1);
					if( *((intOrPtr*)( *0x6f3a6128 + 4))() == 0) {
						goto L4;
					}
					return 0;
				}
			}




                                                                                                                              0x6f3a1413
                                                                                                                              0x6f3a1434
                                                                                                                              0x6f3a1450
                                                                                                                              0x6f3a1452
                                                                                                                              0x6f3a145e
                                                                                                                              0x6f3a1472
                                                                                                                              0x6f3a1478
                                                                                                                              0x6f3a147e
                                                                                                                              0x6f3a147e
                                                                                                                              0x00000000
                                                                                                                              0x6f3a141b
                                                                                                                              0x6f3a1420
                                                                                                                              0x6f3a1423
                                                                                                                              0x6f3a142e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f3a1430

                                                                                                                              APIs
                                                                                                                              • CallWindowProcW.USER32(?,?,?,?), ref: 6F3A1447
                                                                                                                              • DestroyWindow.USER32 ref: 6F3A145E
                                                                                                                              • GetProcessHeap.KERNEL32(00000000), ref: 6F3A146B
                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 6F3A1472
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.699359362.000000006F3A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6F3A0000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.699351571.000000006F3A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699369720.000000006F3A3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699377071.000000006F3A4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699384845.000000006F3A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6f3a0000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: HeapWindow$CallDestroyFreeProcProcess
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1278960361-0
                                                                                                                              • Opcode ID: 3e7191e4aca8d1c37610f8913745a791e0ada0306fc7f626c2b63be3faf08bba
                                                                                                                              • Instruction ID: 6b3848669df99a4f53ded8538b7d0e1e947ce164d47322400f503f74e5643200
                                                                                                                              • Opcode Fuzzy Hash: 3e7191e4aca8d1c37610f8913745a791e0ada0306fc7f626c2b63be3faf08bba
                                                                                                                              • Instruction Fuzzy Hash: 9D010832500A04ABCF029FAFC80999E7B7DFB4A372B448129F66586152C7729470DF50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00406D5F Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 98%
                                                                                                                              			E00406D5F() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8));
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                                                              0x00000000
                                                                                                                              0x00406d5f
                                                                                                                              0x00406d5f
                                                                                                                              0x00406d64
                                                                                                                              0x00406ddb
                                                                                                                              0x00406de2
                                                                                                                              0x00406dec
                                                                                                                              0x004073cb
                                                                                                                              0x004073cb
                                                                                                                              0x004073ce
                                                                                                                              0x004073ce
                                                                                                                              0x004073d4
                                                                                                                              0x004073da
                                                                                                                              0x004073e0
                                                                                                                              0x004073fa
                                                                                                                              0x004073fd
                                                                                                                              0x00407403
                                                                                                                              0x0040740e
                                                                                                                              0x00407410
                                                                                                                              0x004073e2
                                                                                                                              0x004073e2
                                                                                                                              0x004073f1
                                                                                                                              0x004073f5
                                                                                                                              0x004073f5
                                                                                                                              0x0040741a
                                                                                                                              0x00407441
                                                                                                                              0x00407441
                                                                                                                              0x00407447
                                                                                                                              0x00407447
                                                                                                                              0x00000000
                                                                                                                              0x0040741c
                                                                                                                              0x0040741c
                                                                                                                              0x00407420
                                                                                                                              0x004075cf
                                                                                                                              0x00000000
                                                                                                                              0x004075cf
                                                                                                                              0x0040742c
                                                                                                                              0x00407433
                                                                                                                              0x0040743b
                                                                                                                              0x0040743e
                                                                                                                              0x00000000
                                                                                                                              0x0040743e
                                                                                                                              0x00406d66
                                                                                                                              0x00406d66
                                                                                                                              0x00406d6a
                                                                                                                              0x00406d72
                                                                                                                              0x00406d75
                                                                                                                              0x00406d77
                                                                                                                              0x00406d7a
                                                                                                                              0x00406d7c
                                                                                                                              0x00406d81
                                                                                                                              0x00406d84
                                                                                                                              0x00406d8b
                                                                                                                              0x00406d92
                                                                                                                              0x00406d95
                                                                                                                              0x00406da0
                                                                                                                              0x00406da8
                                                                                                                              0x00406da8
                                                                                                                              0x00406da2
                                                                                                                              0x00406da2
                                                                                                                              0x00406da2
                                                                                                                              0x00406d97
                                                                                                                              0x00406d97
                                                                                                                              0x00406d97
                                                                                                                              0x00406daf
                                                                                                                              0x00406dcd
                                                                                                                              0x00406dcf
                                                                                                                              0x00406fa2
                                                                                                                              0x00406fa2
                                                                                                                              0x00406fa5
                                                                                                                              0x00406fa8
                                                                                                                              0x00406fab
                                                                                                                              0x00406fae
                                                                                                                              0x00406fb1
                                                                                                                              0x00406fb4
                                                                                                                              0x00406fb7
                                                                                                                              0x00406fba
                                                                                                                              0x00406fc0
                                                                                                                              0x00406fd8
                                                                                                                              0x00406fdb
                                                                                                                              0x00406fde
                                                                                                                              0x00406fe1
                                                                                                                              0x00406fe1
                                                                                                                              0x00406fe4
                                                                                                                              0x00406fea
                                                                                                                              0x00406fc2
                                                                                                                              0x00406fc2
                                                                                                                              0x00406fca
                                                                                                                              0x00406fcf
                                                                                                                              0x00406fd1
                                                                                                                              0x00406fd3
                                                                                                                              0x00406fd3
                                                                                                                              0x00406ff4
                                                                                                                              0x00406ff7
                                                                                                                              0x00406f9a
                                                                                                                              0x00406fa0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406ff9
                                                                                                                              0x00406f75
                                                                                                                              0x00406f79
                                                                                                                              0x00407581
                                                                                                                              0x00000000
                                                                                                                              0x00407581
                                                                                                                              0x00406f7f
                                                                                                                              0x00406f82
                                                                                                                              0x00406f85
                                                                                                                              0x00406f89
                                                                                                                              0x00406f8c
                                                                                                                              0x00406f92
                                                                                                                              0x00406f94
                                                                                                                              0x00406f94
                                                                                                                              0x00406f97
                                                                                                                              0x00000000
                                                                                                                              0x00406f97
                                                                                                                              0x00406db1
                                                                                                                              0x00406db1
                                                                                                                              0x00406db4
                                                                                                                              0x00406dba
                                                                                                                              0x00406dbc
                                                                                                                              0x00406dbc
                                                                                                                              0x00406dbf
                                                                                                                              0x00406dc2
                                                                                                                              0x00406dc4
                                                                                                                              0x00406dc5
                                                                                                                              0x00406dc8
                                                                                                                              0x00406e35
                                                                                                                              0x00406e35
                                                                                                                              0x00406e39
                                                                                                                              0x00406e3c
                                                                                                                              0x00406e3f
                                                                                                                              0x00406e42
                                                                                                                              0x00406e45
                                                                                                                              0x00406e46
                                                                                                                              0x00406e49
                                                                                                                              0x00406e4b
                                                                                                                              0x00406e51
                                                                                                                              0x00406e54
                                                                                                                              0x00406e57
                                                                                                                              0x00406e5a
                                                                                                                              0x00406e5d
                                                                                                                              0x00406e63
                                                                                                                              0x00406e7f
                                                                                                                              0x00406e82
                                                                                                                              0x00406e85
                                                                                                                              0x00406e88
                                                                                                                              0x00406e8f
                                                                                                                              0x00406e95
                                                                                                                              0x00406e99
                                                                                                                              0x00406e65
                                                                                                                              0x00406e65
                                                                                                                              0x00406e69
                                                                                                                              0x00406e71
                                                                                                                              0x00406e76
                                                                                                                              0x00406e78
                                                                                                                              0x00406e7a
                                                                                                                              0x00406e7a
                                                                                                                              0x00406ea3
                                                                                                                              0x00406ea6
                                                                                                                              0x00406e1d
                                                                                                                              0x00406e1d
                                                                                                                              0x00406e23
                                                                                                                              0x00406ed6
                                                                                                                              0x00406edc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406ede
                                                                                                                              0x00406ee1
                                                                                                                              0x00406ee4
                                                                                                                              0x00406ee7
                                                                                                                              0x00406eea
                                                                                                                              0x00406eed
                                                                                                                              0x00406ef0
                                                                                                                              0x00406ef3
                                                                                                                              0x00406ef6
                                                                                                                              0x00406efc
                                                                                                                              0x00406f14
                                                                                                                              0x00406f17
                                                                                                                              0x00406f1a
                                                                                                                              0x00406f1d
                                                                                                                              0x00406f1d
                                                                                                                              0x00406f20
                                                                                                                              0x00406f26
                                                                                                                              0x00406efe
                                                                                                                              0x00406efe
                                                                                                                              0x00406f06
                                                                                                                              0x00406f0b
                                                                                                                              0x00406f0d
                                                                                                                              0x00406f0f
                                                                                                                              0x00406f0f
                                                                                                                              0x00406f30
                                                                                                                              0x00406f33
                                                                                                                              0x00406eb1
                                                                                                                              0x00406eb5
                                                                                                                              0x00407575
                                                                                                                              0x00000000
                                                                                                                              0x00407575
                                                                                                                              0x00406ebb
                                                                                                                              0x00406ebe
                                                                                                                              0x00406ec1
                                                                                                                              0x00406ec5
                                                                                                                              0x00406ec8
                                                                                                                              0x00406ece
                                                                                                                              0x00406ed0
                                                                                                                              0x00406ed0
                                                                                                                              0x00406ed3
                                                                                                                              0x00406ed3
                                                                                                                              0x00406f33
                                                                                                                              0x00406f3a
                                                                                                                              0x00406f3a
                                                                                                                              0x00406f3a
                                                                                                                              0x00406f3e
                                                                                                                              0x00406f3e
                                                                                                                              0x00406f41
                                                                                                                              0x00406f44
                                                                                                                              0x00406f48
                                                                                                                              0x0040758d
                                                                                                                              0x00000000
                                                                                                                              0x0040758d
                                                                                                                              0x00406f4e
                                                                                                                              0x00406f51
                                                                                                                              0x00406f54
                                                                                                                              0x00406f57
                                                                                                                              0x00406f5a
                                                                                                                              0x00406f5d
                                                                                                                              0x00406f60
                                                                                                                              0x00406f62
                                                                                                                              0x00406f65
                                                                                                                              0x00406f68
                                                                                                                              0x00406f6b
                                                                                                                              0x00406f6d
                                                                                                                              0x00406f6d
                                                                                                                              0x00406f6d
                                                                                                                              0x0040710a
                                                                                                                              0x0040710a
                                                                                                                              0x0040710d
                                                                                                                              0x0040710d
                                                                                                                              0x00000000
                                                                                                                              0x0040710d
                                                                                                                              0x00406e2f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406eac
                                                                                                                              0x00406df8
                                                                                                                              0x00406dfc
                                                                                                                              0x00407569
                                                                                                                              0x004075e5
                                                                                                                              0x004075ed
                                                                                                                              0x004075f4
                                                                                                                              0x004075f6
                                                                                                                              0x004075fd
                                                                                                                              0x00407601
                                                                                                                              0x00407601
                                                                                                                              0x00406e02
                                                                                                                              0x00406e05
                                                                                                                              0x00406e08
                                                                                                                              0x00406e0c
                                                                                                                              0x00406e0f
                                                                                                                              0x00406e15
                                                                                                                              0x00406e17
                                                                                                                              0x00406e17
                                                                                                                              0x00406e1a
                                                                                                                              0x00000000
                                                                                                                              0x00406e1a
                                                                                                                              0x00406ea6
                                                                                                                              0x00406daf
                                                                                                                              0x00406be3
                                                                                                                              0x00406be3
                                                                                                                              0x00406bec
                                                                                                                              0x004075fa
                                                                                                                              0x004075fa
                                                                                                                              0x00000000
                                                                                                                              0x004075fa
                                                                                                                              0x00406bf2
                                                                                                                              0x00000000
                                                                                                                              0x00406bfd
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406c06
                                                                                                                              0x00406c09
                                                                                                                              0x00406c0c
                                                                                                                              0x00406c10
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406c16
                                                                                                                              0x00406c19
                                                                                                                              0x00406c1b
                                                                                                                              0x00406c1c
                                                                                                                              0x00406c1f
                                                                                                                              0x00406c21
                                                                                                                              0x00406c22
                                                                                                                              0x00406c24
                                                                                                                              0x00406c27
                                                                                                                              0x00406c2c
                                                                                                                              0x00406c31
                                                                                                                              0x00406c3a
                                                                                                                              0x00406c4d
                                                                                                                              0x00406c50
                                                                                                                              0x00406c5c
                                                                                                                              0x00406c84
                                                                                                                              0x00406c86
                                                                                                                              0x00406c94
                                                                                                                              0x00406c94
                                                                                                                              0x00406c98
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406c88
                                                                                                                              0x00406c88
                                                                                                                              0x00406c8b
                                                                                                                              0x00406c8c
                                                                                                                              0x00406c8c
                                                                                                                              0x00000000
                                                                                                                              0x00406c88
                                                                                                                              0x00406c62
                                                                                                                              0x00406c67
                                                                                                                              0x00406c67
                                                                                                                              0x00406c70
                                                                                                                              0x00406c78
                                                                                                                              0x00406c7b
                                                                                                                              0x00000000
                                                                                                                              0x00406c81
                                                                                                                              0x00406c81
                                                                                                                              0x00000000
                                                                                                                              0x00406c81
                                                                                                                              0x00000000
                                                                                                                              0x00406c9e
                                                                                                                              0x00406c9e
                                                                                                                              0x00406ca2
                                                                                                                              0x0040754e
                                                                                                                              0x00000000
                                                                                                                              0x0040754e
                                                                                                                              0x00406cab
                                                                                                                              0x00406cbb
                                                                                                                              0x00406cbe
                                                                                                                              0x00406cc1
                                                                                                                              0x00406cc1
                                                                                                                              0x00406cc1
                                                                                                                              0x00406cc4
                                                                                                                              0x00406cc8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406cca
                                                                                                                              0x00406cd0
                                                                                                                              0x00406cfa
                                                                                                                              0x00406d00
                                                                                                                              0x00406d07
                                                                                                                              0x00000000
                                                                                                                              0x00406d07
                                                                                                                              0x00406cd6
                                                                                                                              0x00406cd9
                                                                                                                              0x00406cde
                                                                                                                              0x00406cde
                                                                                                                              0x00406ce9
                                                                                                                              0x00406cf1
                                                                                                                              0x00406cf4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406d39
                                                                                                                              0x00406d3f
                                                                                                                              0x00406d42
                                                                                                                              0x00406d4f
                                                                                                                              0x00406d57
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406d0e
                                                                                                                              0x00406d0e
                                                                                                                              0x00406d12
                                                                                                                              0x0040755d
                                                                                                                              0x00000000
                                                                                                                              0x0040755d
                                                                                                                              0x00406d1e
                                                                                                                              0x00406d29
                                                                                                                              0x00406d29
                                                                                                                              0x00406d29
                                                                                                                              0x00406d2c
                                                                                                                              0x00406d2f
                                                                                                                              0x00406d32
                                                                                                                              0x00406d37
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406ffe
                                                                                                                              0x00407002
                                                                                                                              0x00407020
                                                                                                                              0x00407023
                                                                                                                              0x0040702a
                                                                                                                              0x0040702d
                                                                                                                              0x00407030
                                                                                                                              0x00407033
                                                                                                                              0x00407036
                                                                                                                              0x00407039
                                                                                                                              0x0040703b
                                                                                                                              0x00407042
                                                                                                                              0x00407043
                                                                                                                              0x00407045
                                                                                                                              0x00407048
                                                                                                                              0x0040704b
                                                                                                                              0x0040704e
                                                                                                                              0x0040704e
                                                                                                                              0x00407053
                                                                                                                              0x00000000
                                                                                                                              0x00407053
                                                                                                                              0x00407004
                                                                                                                              0x00407007
                                                                                                                              0x0040700a
                                                                                                                              0x00407014
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407068
                                                                                                                              0x0040706c
                                                                                                                              0x0040708f
                                                                                                                              0x00407092
                                                                                                                              0x00407095
                                                                                                                              0x0040709f
                                                                                                                              0x0040706e
                                                                                                                              0x0040706e
                                                                                                                              0x00407071
                                                                                                                              0x00407074
                                                                                                                              0x00407077
                                                                                                                              0x00407084
                                                                                                                              0x00407087
                                                                                                                              0x00407087
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004070ab
                                                                                                                              0x004070af
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004070b5
                                                                                                                              0x004070b9
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004070bf
                                                                                                                              0x004070c1
                                                                                                                              0x004070c5
                                                                                                                              0x004070c5
                                                                                                                              0x004070c8
                                                                                                                              0x004070cc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040711c
                                                                                                                              0x00407120
                                                                                                                              0x00407127
                                                                                                                              0x0040712a
                                                                                                                              0x0040712d
                                                                                                                              0x00407137
                                                                                                                              0x00000000
                                                                                                                              0x00407137
                                                                                                                              0x00407122
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407143
                                                                                                                              0x00407147
                                                                                                                              0x0040714e
                                                                                                                              0x00407151
                                                                                                                              0x00407154
                                                                                                                              0x00407149
                                                                                                                              0x00407149
                                                                                                                              0x00407149
                                                                                                                              0x00407157
                                                                                                                              0x0040715a
                                                                                                                              0x0040715d
                                                                                                                              0x0040715d
                                                                                                                              0x00407160
                                                                                                                              0x00407163
                                                                                                                              0x00407166
                                                                                                                              0x00407166
                                                                                                                              0x00407169
                                                                                                                              0x00407170
                                                                                                                              0x00407175
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407203
                                                                                                                              0x00407203
                                                                                                                              0x00407207
                                                                                                                              0x004075a5
                                                                                                                              0x00000000
                                                                                                                              0x004075a5
                                                                                                                              0x0040720d
                                                                                                                              0x00407210
                                                                                                                              0x00407213
                                                                                                                              0x00407217
                                                                                                                              0x0040721a
                                                                                                                              0x00407220
                                                                                                                              0x00407222
                                                                                                                              0x00407222
                                                                                                                              0x00407222
                                                                                                                              0x00407225
                                                                                                                              0x00407228
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407286
                                                                                                                              0x00407286
                                                                                                                              0x0040728a
                                                                                                                              0x004075b1
                                                                                                                              0x00000000
                                                                                                                              0x004075b1
                                                                                                                              0x00407290
                                                                                                                              0x00407293
                                                                                                                              0x00407296
                                                                                                                              0x0040729a
                                                                                                                              0x0040729d
                                                                                                                              0x004072a3
                                                                                                                              0x004072a5
                                                                                                                              0x004072a5
                                                                                                                              0x004072a5
                                                                                                                              0x004072a8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407056
                                                                                                                              0x00407056
                                                                                                                              0x00407059
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407395
                                                                                                                              0x00407399
                                                                                                                              0x004073bb
                                                                                                                              0x004073be
                                                                                                                              0x004073c8
                                                                                                                              0x00000000
                                                                                                                              0x004073c8
                                                                                                                              0x0040739b
                                                                                                                              0x0040739e
                                                                                                                              0x004073a2
                                                                                                                              0x004073a5
                                                                                                                              0x004073a5
                                                                                                                              0x004073a8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407452
                                                                                                                              0x00407456
                                                                                                                              0x00407474
                                                                                                                              0x00407474
                                                                                                                              0x00407474
                                                                                                                              0x0040747b
                                                                                                                              0x00407482
                                                                                                                              0x00407489
                                                                                                                              0x00407489
                                                                                                                              0x00000000
                                                                                                                              0x00407489
                                                                                                                              0x00407458
                                                                                                                              0x0040745b
                                                                                                                              0x0040745e
                                                                                                                              0x00407461
                                                                                                                              0x00407468
                                                                                                                              0x004073ac
                                                                                                                              0x004073ac
                                                                                                                              0x004073af
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407543
                                                                                                                              0x00407546
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040717d
                                                                                                                              0x0040717f
                                                                                                                              0x00407186
                                                                                                                              0x00407187
                                                                                                                              0x00407189
                                                                                                                              0x0040718c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407194
                                                                                                                              0x00407197
                                                                                                                              0x0040719a
                                                                                                                              0x0040719c
                                                                                                                              0x0040719e
                                                                                                                              0x0040719e
                                                                                                                              0x0040719f
                                                                                                                              0x004071a2
                                                                                                                              0x004071a9
                                                                                                                              0x004071ac
                                                                                                                              0x004071ba
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407490
                                                                                                                              0x00407490
                                                                                                                              0x00407493
                                                                                                                              0x0040749a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040749f
                                                                                                                              0x0040749f
                                                                                                                              0x004074a3
                                                                                                                              0x004075db
                                                                                                                              0x00000000
                                                                                                                              0x004075db
                                                                                                                              0x004074a9
                                                                                                                              0x004074ac
                                                                                                                              0x004074af
                                                                                                                              0x004074b3
                                                                                                                              0x004074b6
                                                                                                                              0x004074bc
                                                                                                                              0x004074be
                                                                                                                              0x004074be
                                                                                                                              0x004074be
                                                                                                                              0x004074c1
                                                                                                                              0x004074c4
                                                                                                                              0x004074c4
                                                                                                                              0x004074c4
                                                                                                                              0x004074c4
                                                                                                                              0x004074c7
                                                                                                                              0x004074c7
                                                                                                                              0x004074cb
                                                                                                                              0x0040752b
                                                                                                                              0x0040752e
                                                                                                                              0x00407533
                                                                                                                              0x00407534
                                                                                                                              0x00407536
                                                                                                                              0x00407538
                                                                                                                              0x0040753b
                                                                                                                              0x00000000
                                                                                                                              0x0040753b
                                                                                                                              0x004074cd
                                                                                                                              0x004074d3
                                                                                                                              0x004074d6
                                                                                                                              0x004074d9
                                                                                                                              0x004074dc
                                                                                                                              0x004074df
                                                                                                                              0x004074e2
                                                                                                                              0x004074e5
                                                                                                                              0x004074e8
                                                                                                                              0x004074eb
                                                                                                                              0x004074ee
                                                                                                                              0x00407507
                                                                                                                              0x0040750a
                                                                                                                              0x0040750d
                                                                                                                              0x00407510
                                                                                                                              0x00407514
                                                                                                                              0x00407516
                                                                                                                              0x00407516
                                                                                                                              0x00407517
                                                                                                                              0x0040751a
                                                                                                                              0x004074f0
                                                                                                                              0x004074f0
                                                                                                                              0x004074f8
                                                                                                                              0x004074fd
                                                                                                                              0x004074ff
                                                                                                                              0x00407502
                                                                                                                              0x00407502
                                                                                                                              0x0040751d
                                                                                                                              0x00407524
                                                                                                                              0x00000000
                                                                                                                              0x00407526
                                                                                                                              0x00000000
                                                                                                                              0x00407526
                                                                                                                              0x00000000
                                                                                                                              0x004071c2
                                                                                                                              0x004071c5
                                                                                                                              0x004071fb
                                                                                                                              0x0040732b
                                                                                                                              0x0040732b
                                                                                                                              0x0040732b
                                                                                                                              0x0040732b
                                                                                                                              0x0040732e
                                                                                                                              0x0040732e
                                                                                                                              0x00407331
                                                                                                                              0x00407333
                                                                                                                              0x004075bd
                                                                                                                              0x00000000
                                                                                                                              0x004075bd
                                                                                                                              0x00407339
                                                                                                                              0x0040733c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407342
                                                                                                                              0x00407346
                                                                                                                              0x00407349
                                                                                                                              0x00407349
                                                                                                                              0x00407349
                                                                                                                              0x00000000
                                                                                                                              0x00407349
                                                                                                                              0x004071c7
                                                                                                                              0x004071c9
                                                                                                                              0x004071cb
                                                                                                                              0x004071cd
                                                                                                                              0x004071d0
                                                                                                                              0x004071d1
                                                                                                                              0x004071d3
                                                                                                                              0x004071d5
                                                                                                                              0x004071d8
                                                                                                                              0x004071db
                                                                                                                              0x004071f1
                                                                                                                              0x004071f6
                                                                                                                              0x0040722e
                                                                                                                              0x0040722e
                                                                                                                              0x00407232
                                                                                                                              0x0040725e
                                                                                                                              0x00407260
                                                                                                                              0x00407267
                                                                                                                              0x0040726a
                                                                                                                              0x0040726d
                                                                                                                              0x0040726d
                                                                                                                              0x00407272
                                                                                                                              0x00407272
                                                                                                                              0x00407274
                                                                                                                              0x00407277
                                                                                                                              0x0040727e
                                                                                                                              0x00407281
                                                                                                                              0x004072ae
                                                                                                                              0x004072ae
                                                                                                                              0x004072b1
                                                                                                                              0x004072b4
                                                                                                                              0x00407328
                                                                                                                              0x00407328
                                                                                                                              0x00407328
                                                                                                                              0x00000000
                                                                                                                              0x00407328
                                                                                                                              0x004072b6
                                                                                                                              0x004072bc
                                                                                                                              0x004072bf
                                                                                                                              0x004072c2
                                                                                                                              0x004072c5
                                                                                                                              0x004072c8
                                                                                                                              0x004072cb
                                                                                                                              0x004072ce
                                                                                                                              0x004072d1
                                                                                                                              0x004072d4
                                                                                                                              0x004072d7
                                                                                                                              0x004072f0
                                                                                                                              0x004072f2
                                                                                                                              0x004072f5
                                                                                                                              0x004072f6
                                                                                                                              0x004072f9
                                                                                                                              0x004072fb
                                                                                                                              0x004072fe
                                                                                                                              0x00407300
                                                                                                                              0x00407302
                                                                                                                              0x00407305
                                                                                                                              0x00407307
                                                                                                                              0x0040730a
                                                                                                                              0x0040730e
                                                                                                                              0x00407310
                                                                                                                              0x00407310
                                                                                                                              0x00407311
                                                                                                                              0x00407314
                                                                                                                              0x00407317
                                                                                                                              0x004072d9
                                                                                                                              0x004072d9
                                                                                                                              0x004072e1
                                                                                                                              0x004072e6
                                                                                                                              0x004072e8
                                                                                                                              0x004072eb
                                                                                                                              0x004072eb
                                                                                                                              0x0040731a
                                                                                                                              0x00407321
                                                                                                                              0x004072ab
                                                                                                                              0x004072ab
                                                                                                                              0x004072ab
                                                                                                                              0x004072ab
                                                                                                                              0x00000000
                                                                                                                              0x00407323
                                                                                                                              0x00000000
                                                                                                                              0x00407323
                                                                                                                              0x00407321
                                                                                                                              0x00407234
                                                                                                                              0x00407237
                                                                                                                              0x00407239
                                                                                                                              0x0040723c
                                                                                                                              0x0040723f
                                                                                                                              0x00407242
                                                                                                                              0x00407244
                                                                                                                              0x00407247
                                                                                                                              0x0040724a
                                                                                                                              0x0040724a
                                                                                                                              0x0040724d
                                                                                                                              0x0040724d
                                                                                                                              0x00407250
                                                                                                                              0x00407257
                                                                                                                              0x0040722b
                                                                                                                              0x0040722b
                                                                                                                              0x0040722b
                                                                                                                              0x0040722b
                                                                                                                              0x00000000
                                                                                                                              0x00407259
                                                                                                                              0x00000000
                                                                                                                              0x00407259
                                                                                                                              0x00407257
                                                                                                                              0x004071dd
                                                                                                                              0x004071e0
                                                                                                                              0x004071e2
                                                                                                                              0x004071e5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004070cf
                                                                                                                              0x004070cf
                                                                                                                              0x004070d3
                                                                                                                              0x00407599
                                                                                                                              0x00000000
                                                                                                                              0x00407599
                                                                                                                              0x004070d9
                                                                                                                              0x004070dc
                                                                                                                              0x004070df
                                                                                                                              0x004070e2
                                                                                                                              0x004070e4
                                                                                                                              0x004070e4
                                                                                                                              0x004070e4
                                                                                                                              0x004070e7
                                                                                                                              0x004070ea
                                                                                                                              0x004070ed
                                                                                                                              0x004070f0
                                                                                                                              0x004070f3
                                                                                                                              0x004070f6
                                                                                                                              0x004070f7
                                                                                                                              0x004070f9
                                                                                                                              0x004070f9
                                                                                                                              0x004070f9
                                                                                                                              0x004070fc
                                                                                                                              0x004070ff
                                                                                                                              0x00407102
                                                                                                                              0x00407105
                                                                                                                              0x00407105
                                                                                                                              0x00407105
                                                                                                                              0x00407108
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040734c
                                                                                                                              0x0040734c
                                                                                                                              0x0040734c
                                                                                                                              0x00407350
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407356
                                                                                                                              0x00407359
                                                                                                                              0x0040735c
                                                                                                                              0x0040735f
                                                                                                                              0x00407361
                                                                                                                              0x00407361
                                                                                                                              0x00407361
                                                                                                                              0x00407364
                                                                                                                              0x00407367
                                                                                                                              0x0040736a
                                                                                                                              0x0040736d
                                                                                                                              0x00407370
                                                                                                                              0x00407373
                                                                                                                              0x00407374
                                                                                                                              0x00407376
                                                                                                                              0x00407376
                                                                                                                              0x00407376
                                                                                                                              0x00407379
                                                                                                                              0x0040737c
                                                                                                                              0x0040737f
                                                                                                                              0x00407382
                                                                                                                              0x00407385
                                                                                                                              0x00407389
                                                                                                                              0x0040738b
                                                                                                                              0x0040738e
                                                                                                                              0x00000000
                                                                                                                              0x00407390
                                                                                                                              0x00000000
                                                                                                                              0x00407390
                                                                                                                              0x0040738e
                                                                                                                              0x004075c3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406bf2

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6ae840c17bc4cb012e3c6e2f9739eb08ea49decd14d2b7f73774d31e5ba5825a
                                                                                                                              • Instruction ID: 02c1e40b0c9780dd067322b7733c474732bd0f187a49f53fd7fd3c108ee94619
                                                                                                                              • Opcode Fuzzy Hash: 6ae840c17bc4cb012e3c6e2f9739eb08ea49decd14d2b7f73774d31e5ba5825a
                                                                                                                              • Instruction Fuzzy Hash: 7CF15570D04229CBDF28CFA8C8946ADBBB0FF44305F24816ED456BB281D7386A86DF45
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040699E Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E0040699E(WCHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileW(_a4, 0x426798); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x426798;
			}




                                                                                                                              0x004069a9
                                                                                                                              0x004069b2
                                                                                                                              0x00000000
                                                                                                                              0x004069bf
                                                                                                                              0x004069b5
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • FindFirstFileW.KERNELBASE(76DDFAA0,00426798,00425F50,00406088,00425F50,00425F50,00000000,00425F50,00425F50,76DDFAA0,?,76DDF560,00405D94,?,76DDFAA0,76DDF560), ref: 004069A9
                                                                                                                              • FindClose.KERNEL32(00000000), ref: 004069B5
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Find$CloseFileFirst
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2295610775-0
                                                                                                                              • Opcode ID: 1093b80bdde5f117a2aeaff90f04fc035896fcf98737a4a628a8a679d5dfa397
                                                                                                                              • Instruction ID: 0ca7534fdffec89160a31ceabb6ef5ff718bfc83d1618d69d17f9e635378cbc3
                                                                                                                              • Opcode Fuzzy Hash: 1093b80bdde5f117a2aeaff90f04fc035896fcf98737a4a628a8a679d5dfa397
                                                                                                                              • Instruction Fuzzy Hash: 5ED012B15192205FC34057387E0C84B7A989F563317268A36B4AAF11E0CB348C3297AC
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 6FED101D Relevance: 112.5, APIs: 58, Strings: 6, Instructions: 458filestringpipeCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 0 6fed101d-6fed107b GlobalAlloc 1 6fed107d-6fed108e GlobalAlloc 0->1 2 6fed1091-6fed1094 0->2 1->2 3 6fed10b4-6fed10cb CreatePipe 2->3 4 6fed1096-6fed10af GetModuleHandleW GetProcAddress 2->4 5 6fed155f 3->5 6 6fed10d1-6fed10e2 CreatePipe 3->6 4->3 7 6fed10b1 4->7 8 6fed1566-6fed1585 GlobalFree * 5 5->8 6->5 9 6fed10e8-6fed1108 GetCurrentProcess * 2 DuplicateHandle 6->9 7->3 10 6fed158c-6fed1592 8->10 11 6fed1587-6fed158a GlobalFree 8->11 12 6fed110e-6fed1127 GetCurrentProcess * 2 DuplicateHandle 9->12 13 6fed1556-6fed155d 9->13 14 6fed159f-6fed15a6 10->14 15 6fed1594-6fed159b 10->15 11->10 12->13 16 6fed112d-6fed1146 GetCurrentProcess * 2 DuplicateHandle 12->16 13->8 15->14 16->13 17 6fed114c-6fed118b CreateProcessW 16->17 18 6fed118d-6fed1194 17->18 19 6fed1199-6fed11a6 CloseHandle 17->19 18->8 20 6fed154d-6fed1554 19->20 21 6fed11ac-6fed11b3 CloseHandle 19->21 20->8 21->20 22 6fed11b9-6fed11c0 CloseHandle 21->22 22->20 23 6fed11c6-6fed11cd CloseHandle 22->23 23->20 24 6fed11d3-6fed11da CloseHandle 23->24 24->20 25 6fed11e0-6fed11e7 CloseHandle 24->25 25->20 26 6fed11ed-6fed11fa lstrlenW 25->26 27 6fed11fc-6fed1215 lstrlenW WriteFile 26->27 28 6fed122a-6fed122d 26->28 31 6fed1217-6fed121f lstrlenW 27->31 32 6fed1262-6fed1269 27->32 29 6fed122f-6fed1235 28->29 30 6fed126e 28->30 29->30 34 6fed1237-6fed1254 CreateFileW 29->34 35 6fed1274-6fed1278 30->35 31->32 33 6fed1221-6fed1224 FlushFileBuffers 31->33 32->8 33->28 34->30 36 6fed1256-6fed125d 34->36 37 6fed127e-6fed1291 PeekNamedPipe 35->37 38 6fed1327-6fed132c 35->38 36->8 37->38 41 6fed1297-6fed12a6 GetExitCodeProcess 37->41 39 6fed133d-6fed1347 38->39 40 6fed132e-6fed1338 call 6fed1901 38->40 43 6fed134e-6fed135d GetExitCodeProcess 39->43 44 6fed1349-6fed134c CloseHandle 39->44 40->39 41->38 45 6fed12a8-6fed12ab 41->45 46 6fed1535 43->46 47 6fed1363-6fed136a 43->47 44->43 48 6fed150b-6fed1512 45->48 49 6fed12b1-6fed12b9 45->49 51 6fed153c-6fed154b CloseHandle * 3 46->51 47->51 52 6fed1370-6fed1382 TerminateProcess 47->52 48->38 50 6fed1518-6fed1520 Sleep 48->50 53 6fed12be-6fed12d6 ReadFile 49->53 54 6fed12bb 49->54 55 6fed1524-6fed152a 50->55 51->8 52->51 56 6fed12dc-6fed12df 53->56 57 6fed14fa-6fed14fe 53->57 54->53 55->35 59 6fed1530 55->59 56->57 60 6fed12e5-6fed12e8 56->60 57->55 58 6fed1500-6fed1509 FlushFileBuffers 57->58 58->55 59->38 61 6fed12ee-6fed12f2 60->61 62 6fed1387-6fed138f 60->62 61->55 63 6fed12f8-6fed1312 WriteFile 61->63 62->57 64 6fed1395-6fed139e 62->64 65 6fed1314-6fed131a 63->65 66 6fed1320 63->66 67 6fed14cb-6fed14cd 64->67 68 6fed13a4-6fed13a9 64->68 65->57 65->66 66->38 69 6fed14cf-6fed14d9 67->69 70 6fed14ea-6fed14f4 67->70 68->70 71 6fed13af-6fed13be 68->71 69->70 74 6fed14db-6fed14e6 69->74 70->57 70->64 72 6fed13cb-6fed13ce 71->72 73 6fed13c0-6fed13c6 call 6fed1901 71->73 76 6fed13e9-6fed13f9 lstrcmpiW 72->76 77 6fed13d0-6fed13e4 call 6fed1901 72->77 82 6fed14c6-6fed14c9 73->82 74->70 80 6fed13fb-6fed142c SendMessageW * 2 76->80 81 6fed1431-6fed1441 lstrcmpiW 76->81 77->82 84 6fed14c1-6fed14c4 SendMessageW 80->84 85 6fed148f-6fed14bc lstrcatW SendMessageW * 2 81->85 86 6fed1443-6fed1453 lstrcmpiW 81->86 82->70 84->82 85->84 86->85 87 6fed1455-6fed1465 lstrcmpiW 86->87 87->82 89 6fed1467-6fed148d SendMessageW * 2 87->89 89->82
                                                                                                                              C-Code - Quality: 90%
                                                                                                                              			E6FED101D(void* _a4) {
				long _v8;
				struct _OVERLAPPED* _v12;
				long _v16;
				struct _OVERLAPPED* _v20;
				signed int _v24;
				void* _v28;
				void* _v32;
				struct _OVERLAPPED* _v36;
				void* _v40;
				void* _v44;
				void* _v48;
				void* _v52;
				void* _v56;
				void* _v60;
				struct _SECURITY_ATTRIBUTES _v72;
				struct _PROCESS_INFORMATION _v88;
				struct _OVERLAPPED* _v124;
				struct _OVERLAPPED* _v128;
				struct _OVERLAPPED* _v140;
				long _v144;
				void* _v148;
				void _v404;
				void* _t162;
				int _t168;
				int _t181;
				void* _t183;
				int _t185;
				void* _t187;
				int _t189;
				void* _t191;
				struct _STARTUPINFOW* _t194;
				int _t195;
				signed int _t203;
				int _t205;
				int _t213;
				int _t215;
				long _t217;
				int _t219;
				long _t221;
				short _t222;
				signed int _t224;
				intOrPtr _t225;
				int _t229;
				int _t234;
				long _t238;
				WCHAR* _t249;
				void* _t250;
				_Unknown_base(*)()* _t257;
				void* _t261;
				void* _t285;
				intOrPtr _t286;
				void* _t288;

				_t162 = GlobalAlloc(0x40, 0x44);
				_t285 = _a4;
				_v24 = _v24 | 0xffffffff;
				_v48 = _t162;
				_v8 = 0;
				_v36 = 0;
				_v16 = 0;
				_v12 = 0;
				_v20 = 0;
				_v148 = 1;
				_v144 = 0;
				_v140 = 0;
				_v128 = 0;
				_v124 = 0;
				_v72.nLength = 0xc;
				_v72.lpSecurityDescriptor = 0;
				_v72.bInheritHandle = 1;
				if( *((intOrPtr*)(_t285 + 8)) != 0) {
					_t261 = GlobalAlloc(0x40,  *0x6fed300c +  *0x6fed300c + 4);
					_v12 = _t261;
					_v128 = _t261;
				}
				if( *((intOrPtr*)(_t285 + 0xc)) != 0) {
					_t257 = GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "Wow64EnableWow64FsRedirection");
					if(_t257 != 0) {
						 *_t257(0);
					}
				}
				_t168 = CreatePipe( &_v56,  &_v40,  &_v72, 0); // executed
				if(_t168 == 0) {
					L78:
					_v8 = 0xfffffff1;
					L79:
					GlobalFree(_v48);
					GlobalFree( *_t285);
					GlobalFree( *(_t285 + 4));
					GlobalFree( *(_t285 + 0x10));
					GlobalFree(_t285);
					if(_v12 != 0) {
						GlobalFree(_v12);
					}
					_t286 =  *((intOrPtr*)(_t285 + 0x20));
					if(_t286 != 0xffffffff) {
						 *((intOrPtr*)( *0x6fed3004 + 4))(_t286 - 1, 0);
					}
					return _v8;
				}
				_t181 = CreatePipe( &_v44,  &_v60,  &_v72, 0); // executed
				if(_t181 == 0) {
					goto L78;
				}
				_t183 = GetCurrentProcess();
				_t185 = DuplicateHandle(GetCurrentProcess(), _v40, _t183,  &_v52, 0, 1, 2); // executed
				if(_t185 == 0) {
					L77:
					_v8 = 0xfffffff0;
					goto L79;
				}
				_t187 = GetCurrentProcess();
				_t189 = DuplicateHandle(GetCurrentProcess(), _v56, _t187,  &_v32, 0, 0, 2); // executed
				if(_t189 == 0) {
					goto L77;
				}
				_t191 = GetCurrentProcess();
				if(DuplicateHandle(GetCurrentProcess(), _v60, _t191,  &_v28, 0, 0, 2) == 0) {
					goto L77;
				}
				_t194 = _v48;
				_t194->cb = 0x44;
				_t194->dwFlags = 0x101;
				_t194->hStdOutput = _v40;
				_t194->hStdInput = _v44;
				_t194->hStdError = _v52;
				_t194->wShowWindow = 0;
				_t195 = CreateProcessW(0,  *_t285, 0, 0, 1, 0, 0, 0, _t194,  &_v88); // executed
				if(_t195 != 0) {
					if(CloseHandle(_v56) == 0 || CloseHandle(_v60) == 0 || CloseHandle(_v88.hThread) == 0 || CloseHandle(_v40) == 0 || CloseHandle(_v44) == 0 || CloseHandle(_v52) == 0) {
						_v8 = 0xfffffff3;
						goto L79;
					} else {
						if(lstrlenW( *(_t285 + 4)) <= 0) {
							L22:
							if( *((intOrPtr*)(_t285 + 8)) != 0) {
								L27:
								while(_v8 != 0xfffffff7) {
									_t213 = PeekNamedPipe(_v32, 0, 0, 0,  &_v16, 0); // executed
									if(_t213 == 0) {
										break;
									}
									_t215 = GetExitCodeProcess(_v88.hProcess,  &_v8); // executed
									if(_t215 == 0) {
										break;
									}
									if(_v16 <= 0) {
										if(_v8 != 0x103) {
											break;
										}
										Sleep(0xa); // executed
										_v36 = _v36 + 0xa;
										L72:
										if(_v36 <=  *((intOrPtr*)(_t285 + 0x14))) {
											continue;
										}
										break;
									}
									_t217 = 0x100;
									if(_v16 <= 0x100) {
										_t217 = _v16;
									}
									_t219 = ReadFile(_v32,  &_v404, _t217,  &_v8, 0); // executed
									if(_t219 == 0 || _v8 <= 0) {
										L68:
										if(_v24 != 0xffffffff) {
											FlushFileBuffers(_v24);
										}
										goto L72;
									} else {
										if( *((intOrPtr*)(_t285 + 8)) != 0) {
											_t221 = 0;
											_v16 = 0;
											if(_v8 <= 0) {
												goto L68;
											} else {
												goto L49;
											}
											do {
												L49:
												_t222 =  *((intOrPtr*)(_t288 + _t221 - 0x190));
												if(_t222 != 0xa) {
													if(_t222 != 0xd && _v20 <  *0x6fed300c - 1) {
														_v20 =  &(_v20->Internal);
														asm("cbw");
														 *((short*)(_v12 + _v20 * 2)) = _t222;
													}
													goto L67;
												}
												_t224 = _v20;
												if(_t224 <= 0) {
													goto L67;
												}
												_t277 = _v12;
												 *((short*)(_v12 + _t224 * 2)) = 0;
												_t225 =  *((intOrPtr*)(_t285 + 8));
												if(_t225 != 1) {
													if(_t225 != 3) {
														if(lstrcmpiW( *(_t285 + 0x10), L"SysListView32") != 0) {
															if(lstrcmpiW( *(_t285 + 0x10), L"Edit") == 0 || lstrcmpiW( *(_t285 + 0x10), L"RichEdit20A") == 0) {
																lstrcatW(_v12, 0x6fed2080);
																_t229 = SendMessageW( *(_t285 + 0x18), 0xe, 0, 0);
																_v144 = _t229;
																SendMessageW( *(_t285 + 0x18), 0xb1, _t229, _t229);
																_push(_v12);
																_push(0);
																_push(0xc2);
																L62:
																SendMessageW( *(_t285 + 0x18), ??, ??, ??);
																goto L63;
															} else {
																if(lstrcmpiW( *(_t285 + 0x10), L"ListBox") == 0) {
																	_t234 = SendMessageW( *(_t285 + 0x18), 0x18b, 0, 0);
																	_v144 = _t234;
																	_v144 = SendMessageW( *(_t285 + 0x18), 0x181, _t234, _v12);
																}
																L63:
																_v20 = 0;
																goto L67;
															}
														}
														_v144 = SendMessageW( *(_t285 + 0x18), 0x1004, 0, 0);
														_t238 = SendMessageW( *(_t285 + 0x18), 0x104d, 0,  &_v148);
														_push(0);
														_push(_t238);
														_v144 = _t238;
														_push(0x1013);
														goto L62;
													}
													E6FED1901(_t277);
													 *((intOrPtr*)( *0x6fed3004 + 4))( *((intOrPtr*)(_t285 + 0x1c)) - 1, 0);
													goto L63;
												}
												E6FED1901(_t277);
												goto L63;
												L67:
												_t221 = _v16 + 1;
												_v16 = _t221;
											} while (_t221 < _v8);
											goto L68;
										}
										if(_v24 == 0xffffffff) {
											goto L72;
										}
										if(WriteFile(_v24,  &_v404, _v8,  &_v16, 0) == 0 || _v16 != _v8) {
											_v8 = 0xfffffff7;
											break;
										} else {
											goto L68;
										}
									}
								}
								_t203 = _v20;
								if(_t203 > 0) {
									 *((short*)(_v12 + _t203 * 2)) = 0;
									E6FED1901(_v12);
								}
								if(_v24 != 0xffffffff) {
									CloseHandle(_v24);
								}
								_t205 = GetExitCodeProcess(_v88.hProcess,  &_v8); // executed
								if(_t205 == 0) {
									_v8 = 0xfffffff5;
								} else {
									if(_v8 == 0x103) {
										TerminateProcess(_v88.hProcess, 0xffffffff);
										_v8 = 0xfffffff8;
									}
								}
								CloseHandle(_v88);
								CloseHandle(_v32);
								CloseHandle(_v28);
								goto L79;
							}
							_t249 =  *(_t285 + 0x10);
							if( *_t249 == 0) {
								goto L27;
							}
							_t250 = CreateFileW(_t249, 0x40000000, 1, 0, 2, 0x80, 0);
							_v24 = _t250;
							if(_t250 != 0xffffffff) {
								goto L27;
							}
							_v8 = 0xfffffff6;
							goto L79;
						}
						if(WriteFile(_v28,  *(_t285 + 4), lstrlenW( *(_t285 + 4)),  &_v8, 0) == 0 || _v8 != lstrlenW( *(_t285 + 4))) {
							_v8 = 0xfffffff4;
							goto L79;
						} else {
							FlushFileBuffers(_v28);
							goto L22;
						}
					}
				}
				_v8 = 0xfffffff2;
				goto L79;
			}























































                                                                                                                              0x6fed1033
                                                                                                                              0x6fed1035
                                                                                                                              0x6fed1038
                                                                                                                              0x6fed103e
                                                                                                                              0x6fed1044
                                                                                                                              0x6fed1047
                                                                                                                              0x6fed104a
                                                                                                                              0x6fed104d
                                                                                                                              0x6fed1050
                                                                                                                              0x6fed1053
                                                                                                                              0x6fed1059
                                                                                                                              0x6fed105f
                                                                                                                              0x6fed1065
                                                                                                                              0x6fed1068
                                                                                                                              0x6fed106b
                                                                                                                              0x6fed1072
                                                                                                                              0x6fed1075
                                                                                                                              0x6fed107b
                                                                                                                              0x6fed1089
                                                                                                                              0x6fed108b
                                                                                                                              0x6fed108e
                                                                                                                              0x6fed108e
                                                                                                                              0x6fed1094
                                                                                                                              0x6fed10a7
                                                                                                                              0x6fed10af
                                                                                                                              0x6fed10b2
                                                                                                                              0x6fed10b2
                                                                                                                              0x6fed10af
                                                                                                                              0x6fed10c7
                                                                                                                              0x6fed10cb
                                                                                                                              0x6fed155f
                                                                                                                              0x6fed155f
                                                                                                                              0x6fed1566
                                                                                                                              0x6fed156f
                                                                                                                              0x6fed1573
                                                                                                                              0x6fed1578
                                                                                                                              0x6fed157d
                                                                                                                              0x6fed1580
                                                                                                                              0x6fed1585
                                                                                                                              0x6fed158a
                                                                                                                              0x6fed158a
                                                                                                                              0x6fed158c
                                                                                                                              0x6fed1592
                                                                                                                              0x6fed159c
                                                                                                                              0x6fed159c
                                                                                                                              0x6fed15a6
                                                                                                                              0x6fed15a6
                                                                                                                              0x6fed10de
                                                                                                                              0x6fed10e2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6fed10f7
                                                                                                                              0x6fed1100
                                                                                                                              0x6fed1108
                                                                                                                              0x6fed1556
                                                                                                                              0x6fed1556
                                                                                                                              0x00000000
                                                                                                                              0x6fed1556
                                                                                                                              0x6fed1116
                                                                                                                              0x6fed111f
                                                                                                                              0x6fed1127
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6fed1135
                                                                                                                              0x6fed1146
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6fed114c
                                                                                                                              0x6fed114f
                                                                                                                              0x6fed1155
                                                                                                                              0x6fed115f
                                                                                                                              0x6fed1165
                                                                                                                              0x6fed116b
                                                                                                                              0x6fed1170
                                                                                                                              0x6fed1183
                                                                                                                              0x6fed118b
                                                                                                                              0x6fed11a6
                                                                                                                              0x6fed154d
                                                                                                                              0x00000000
                                                                                                                              0x6fed11ed
                                                                                                                              0x6fed11fa
                                                                                                                              0x6fed122a
                                                                                                                              0x6fed122d
                                                                                                                              0x6fed126e
                                                                                                                              0x6fed1274
                                                                                                                              0x6fed1289
                                                                                                                              0x6fed1291
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6fed129e
                                                                                                                              0x6fed12a6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6fed12ab
                                                                                                                              0x6fed1512
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6fed151a
                                                                                                                              0x6fed1520
                                                                                                                              0x6fed1524
                                                                                                                              0x6fed152a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6fed1530
                                                                                                                              0x6fed12b1
                                                                                                                              0x6fed12b9
                                                                                                                              0x6fed12bb
                                                                                                                              0x6fed12bb
                                                                                                                              0x6fed12ce
                                                                                                                              0x6fed12d6
                                                                                                                              0x6fed14fa
                                                                                                                              0x6fed14fe
                                                                                                                              0x6fed1503
                                                                                                                              0x6fed1503
                                                                                                                              0x00000000
                                                                                                                              0x6fed12e5
                                                                                                                              0x6fed12e8
                                                                                                                              0x6fed1387
                                                                                                                              0x6fed1389
                                                                                                                              0x6fed138f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6fed1395
                                                                                                                              0x6fed1395
                                                                                                                              0x6fed1395
                                                                                                                              0x6fed139e
                                                                                                                              0x6fed14cd
                                                                                                                              0x6fed14e1
                                                                                                                              0x6fed14e4
                                                                                                                              0x6fed14e6
                                                                                                                              0x6fed14e6
                                                                                                                              0x00000000
                                                                                                                              0x6fed14cd
                                                                                                                              0x6fed13a4
                                                                                                                              0x6fed13a9
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6fed13af
                                                                                                                              0x6fed13b4
                                                                                                                              0x6fed13b8
                                                                                                                              0x6fed13be
                                                                                                                              0x6fed13ce
                                                                                                                              0x6fed13f9
                                                                                                                              0x6fed1441
                                                                                                                              0x6fed1497
                                                                                                                              0x6fed14a4
                                                                                                                              0x6fed14b0
                                                                                                                              0x6fed14b6
                                                                                                                              0x6fed14b8
                                                                                                                              0x6fed14bb
                                                                                                                              0x6fed14bc
                                                                                                                              0x6fed14c1
                                                                                                                              0x6fed14c4
                                                                                                                              0x00000000
                                                                                                                              0x6fed1455
                                                                                                                              0x6fed1465
                                                                                                                              0x6fed1471
                                                                                                                              0x6fed1476
                                                                                                                              0x6fed1487
                                                                                                                              0x6fed1487
                                                                                                                              0x6fed14c6
                                                                                                                              0x6fed14c6
                                                                                                                              0x00000000
                                                                                                                              0x6fed14c6
                                                                                                                              0x6fed1441
                                                                                                                              0x6fed1407
                                                                                                                              0x6fed141d
                                                                                                                              0x6fed141f
                                                                                                                              0x6fed1420
                                                                                                                              0x6fed1421
                                                                                                                              0x6fed1427
                                                                                                                              0x00000000
                                                                                                                              0x6fed1427
                                                                                                                              0x6fed13d1
                                                                                                                              0x6fed13e1
                                                                                                                              0x00000000
                                                                                                                              0x6fed13e1
                                                                                                                              0x6fed13c1
                                                                                                                              0x00000000
                                                                                                                              0x6fed14ea
                                                                                                                              0x6fed14ed
                                                                                                                              0x6fed14ee
                                                                                                                              0x6fed14f1
                                                                                                                              0x00000000
                                                                                                                              0x6fed1395
                                                                                                                              0x6fed12f2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6fed1312
                                                                                                                              0x6fed1320
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6fed1312
                                                                                                                              0x6fed12d6
                                                                                                                              0x6fed1327
                                                                                                                              0x6fed132c
                                                                                                                              0x6fed1334
                                                                                                                              0x6fed1338
                                                                                                                              0x6fed1338
                                                                                                                              0x6fed1347
                                                                                                                              0x6fed134c
                                                                                                                              0x6fed134c
                                                                                                                              0x6fed1355
                                                                                                                              0x6fed135d
                                                                                                                              0x6fed1535
                                                                                                                              0x6fed1363
                                                                                                                              0x6fed136a
                                                                                                                              0x6fed1375
                                                                                                                              0x6fed137b
                                                                                                                              0x6fed137b
                                                                                                                              0x6fed136a
                                                                                                                              0x6fed153f
                                                                                                                              0x6fed1544
                                                                                                                              0x6fed1549
                                                                                                                              0x00000000
                                                                                                                              0x6fed1549
                                                                                                                              0x6fed122f
                                                                                                                              0x6fed1235
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6fed1248
                                                                                                                              0x6fed124e
                                                                                                                              0x6fed1254
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6fed1256
                                                                                                                              0x00000000
                                                                                                                              0x6fed1256
                                                                                                                              0x6fed1215
                                                                                                                              0x6fed1262
                                                                                                                              0x00000000
                                                                                                                              0x6fed1221
                                                                                                                              0x6fed1224
                                                                                                                              0x00000000
                                                                                                                              0x6fed1224
                                                                                                                              0x6fed1215
                                                                                                                              0x6fed11a6
                                                                                                                              0x6fed118d
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • GlobalAlloc.KERNEL32(00000040,00000044), ref: 6FED1033
                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?), ref: 6FED1089
                                                                                                                              • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 6FED109B
                                                                                                                              • GetProcAddress.KERNEL32(00000000,Wow64EnableWow64FsRedirection), ref: 6FED10A7
                                                                                                                              • CreatePipe.KERNELBASE(?,?,0000000C,00000000), ref: 6FED10C7
                                                                                                                              • CreatePipe.KERNELBASE(?,?,0000000C,00000000), ref: 6FED10DE
                                                                                                                              • GetCurrentProcess.KERNEL32(?,00000000,00000001,00000002), ref: 6FED10F7
                                                                                                                              • GetCurrentProcess.KERNEL32(?,00000000), ref: 6FED10FD
                                                                                                                              • DuplicateHandle.KERNELBASE(00000000), ref: 6FED1100
                                                                                                                              • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002), ref: 6FED1116
                                                                                                                              • GetCurrentProcess.KERNEL32(?,00000000), ref: 6FED111C
                                                                                                                              • DuplicateHandle.KERNELBASE(00000000), ref: 6FED111F
                                                                                                                              • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002), ref: 6FED1135
                                                                                                                              • GetCurrentProcess.KERNEL32(?,00000000), ref: 6FED113B
                                                                                                                              • DuplicateHandle.KERNEL32(00000000), ref: 6FED113E
                                                                                                                              • CreateProcessW.KERNELBASE ref: 6FED1183
                                                                                                                              • CloseHandle.KERNEL32(?), ref: 6FED11A2
                                                                                                                              • CloseHandle.KERNEL32(?), ref: 6FED11AF
                                                                                                                              • CloseHandle.KERNEL32(?), ref: 6FED11BC
                                                                                                                              • CloseHandle.KERNEL32(?), ref: 6FED11C9
                                                                                                                              • CloseHandle.KERNEL32(?), ref: 6FED11D6
                                                                                                                              • CloseHandle.KERNEL32(?), ref: 6FED11E3
                                                                                                                              • lstrlenW.KERNEL32(?), ref: 6FED11F6
                                                                                                                              • lstrlenW.KERNEL32(?,?,00000000), ref: 6FED1204
                                                                                                                              • WriteFile.KERNEL32(?,?,00000000), ref: 6FED120D
                                                                                                                              • lstrlenW.KERNEL32(?), ref: 6FED121A
                                                                                                                              • FlushFileBuffers.KERNEL32(?), ref: 6FED1224
                                                                                                                              • CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000002,00000080,00000000), ref: 6FED1248
                                                                                                                              • PeekNamedPipe.KERNELBASE(?,00000000,00000000,00000000,?,00000000), ref: 6FED1289
                                                                                                                              • GetExitCodeProcess.KERNELBASE ref: 6FED129E
                                                                                                                              • ReadFile.KERNELBASE(?,?,00000100,000000F7,00000000), ref: 6FED12CE
                                                                                                                              • WriteFile.KERNEL32(000000FF,?,000000F7,?,00000000), ref: 6FED130A
                                                                                                                              • CloseHandle.KERNEL32(000000FF), ref: 6FED134C
                                                                                                                              • GetExitCodeProcess.KERNELBASE ref: 6FED1355
                                                                                                                              • TerminateProcess.KERNEL32(?,000000FF), ref: 6FED1375
                                                                                                                              • lstrcmpiW.KERNEL32(?,SysListView32), ref: 6FED13F1
                                                                                                                              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 6FED1405
                                                                                                                              • SendMessageW.USER32(?,0000104D,00000000,?), ref: 6FED141D
                                                                                                                              • SendMessageW.USER32(?,000000C2,00000000,?), ref: 6FED14C4
                                                                                                                                • Part of subcall function 6FED1901: GlobalAlloc.KERNEL32(00000040,?,00000000,6FED160B,?), ref: 6FED1917
                                                                                                                                • Part of subcall function 6FED1901: lstrcpynW.KERNEL32(00000004,?), ref: 6FED192D
                                                                                                                              • FlushFileBuffers.KERNEL32(000000FF), ref: 6FED1503
                                                                                                                              • Sleep.KERNELBASE(0000000A), ref: 6FED151A
                                                                                                                              • CloseHandle.KERNEL32(?), ref: 6FED153F
                                                                                                                              • CloseHandle.KERNEL32(?), ref: 6FED1544
                                                                                                                              • CloseHandle.KERNEL32(?), ref: 6FED1549
                                                                                                                              • GlobalFree.KERNEL32 ref: 6FED156F
                                                                                                                              • GlobalFree.KERNEL32 ref: 6FED1573
                                                                                                                              • GlobalFree.KERNEL32 ref: 6FED1578
                                                                                                                              • GlobalFree.KERNEL32 ref: 6FED157D
                                                                                                                              • GlobalFree.KERNEL32 ref: 6FED1580
                                                                                                                              • GlobalFree.KERNEL32 ref: 6FED158A
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.699472199.000000006FED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FED0000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.699464369.000000006FED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699480141.000000006FED2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699488485.000000006FED4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6fed0000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Handle$CloseProcess$Global$CurrentFileFree$Create$AllocDuplicateMessagePipeSendlstrlen$BuffersCodeExitFlushWrite$AddressModuleNamedPeekProcReadSleepTerminatelstrcmpilstrcpyn
                                                                                                                              • String ID: Edit$ListBox$RichEdit20A$SysListView32$Wow64EnableWow64FsRedirection$kernel32.dll
                                                                                                                              • API String ID: 3802129636-3654290
                                                                                                                              • Opcode ID: 96161e7fe8ce60084957a18b7e60c414d932127ac21e56201b83c22261c4c9d0
                                                                                                                              • Instruction ID: 01032aa9330d9d7fa0df244db061cc45c6373da995f726a99a912b9186c45548
                                                                                                                              • Opcode Fuzzy Hash: 96161e7fe8ce60084957a18b7e60c414d932127ac21e56201b83c22261c4c9d0
                                                                                                                              • Instruction Fuzzy Hash: F1F15C70900609EFEF219FE5CD44E9EBFBAFF46314F204219F511A6AA0D7359A52DB20
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405031 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 284 405031-40507d GetDlgItem * 2 285 405083-40511b GlobalAlloc LoadImageW SetWindowLongW ImageList_Create ImageList_AddMasked SendMessageW * 2 284->285 286 4052a8-4052af 284->286 289 40512a-405131 DeleteObject 285->289 290 40511d-405128 SendMessageW 285->290 287 4052b1-4052c1 286->287 288 4052c3 286->288 291 4052c6-4052cf 287->291 288->291 292 405133-40513b 289->292 290->289 293 4052d1-4052d4 291->293 294 4052da-4052e0 291->294 295 405164-405168 292->295 296 40513d-405140 292->296 293->294 297 4053be-4053c5 293->297 298 4052e2-4052e9 294->298 299 4052ef-4052f6 294->299 295->292 302 40516a-40519a call 4045c4 * 2 295->302 300 405142 296->300 301 405145-405162 call 4066a5 SendMessageW * 2 296->301 303 405436-40543e 297->303 304 4053c7-4053cd 297->304 298->297 298->299 305 4052f8-4052fb 299->305 306 40536b-40536e 299->306 300->301 301->295 338 4051a0-4051a6 302->338 339 40526a-40527d GetWindowLongW SetWindowLongW 302->339 313 405440-405446 SendMessageW 303->313 314 405448-40544f 303->314 310 4053d3-4053dd 304->310 311 405629-40563b call 40462b 304->311 315 405306-40531b call 404f7f 305->315 316 4052fd-405304 305->316 306->297 312 405370-40537a 306->312 310->311 319 4053e3-4053f2 SendMessageW 310->319 320 40538a-405394 312->320 321 40537c-405388 SendMessageW 312->321 313->314 323 405451-405458 314->323 324 405483-40548a 314->324 315->306 337 40531d-40532e 315->337 316->306 316->315 319->311 329 4053f8-405409 SendMessageW 319->329 320->297 330 405396-4053a0 320->330 321->320 332 405461-405468 323->332 333 40545a-40545b ImageList_Destroy 323->333 327 405490-40549c call 4011ef 324->327 328 4055eb-4055f2 324->328 356 4054ac-4054af 327->356 357 40549e-4054a1 327->357 328->311 343 4055f4-4055fb 328->343 341 405413-405415 329->341 342 40540b-405411 329->342 344 4053b1-4053bb 330->344 345 4053a2-4053af 330->345 335 405471-40547d 332->335 336 40546a-40546b GlobalFree 332->336 333->332 335->324 336->335 337->306 346 405330-405332 337->346 347 4051a9-4051af 338->347 351 405283-405286 339->351 349 405416-40542f call 401299 SendMessageW 341->349 342->341 342->349 343->311 350 4055fd-405627 ShowWindow GetDlgItem ShowWindow 343->350 344->297 345->297 352 405334-40533b 346->352 353 405345 346->353 354 4051b5-4051e0 347->354 355 40524c-40525f 347->355 349->303 350->311 359 4052a0-4052a3 call 4045f9 351->359 360 405288-405296 ShowWindow call 4045f9 351->360 362 405341-405343 352->362 363 40533d-40533f 352->363 364 405348-405364 call 40117d 353->364 365 4051e2-40521a SendMessageW 354->365 366 40521c-40521e 354->366 355->347 370 405265-405268 355->370 371 4054f0-405514 call 4011ef 356->371 372 4054b1-4054ca call 4012e2 call 401299 356->372 367 4054a3 357->367 368 4054a4-4054a7 call 404fff 357->368 359->286 379 40529b 360->379 362->364 363->364 364->306 365->355 375 405220-405232 SendMessageW 366->375 376 405234-405249 SendMessageW 366->376 367->368 368->356 370->339 370->351 385 4055b6-4055bf 371->385 386 40551a 371->386 392 4054da-4054e9 SendMessageW 372->392 393 4054cc-4054d2 372->393 375->355 376->355 379->311 387 4055c1-4055c7 InvalidateRect 385->387 388 4055cd-4055d5 385->388 389 40551d-405528 386->389 387->388 388->328 391 4055d7-4055e6 call 404f52 call 404f3a 388->391 394 40552a-405539 389->394 395 40559e-4055b0 389->395 391->328 392->371 396 4054d4 393->396 397 4054d5-4054d8 393->397 399 40553b-405548 394->399 400 40554c-40554f 394->400 395->385 395->389 396->397 397->392 397->393 399->400 402 405551-405554 400->402 403 405556-40555f 400->403 405 405564-40559c SendMessageW * 2 402->405 403->405 406 405561 403->406 405->395 406->405
                                                                                                                              C-Code - Quality: 96%
                                                                                                                              			E00405031(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				long _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				signed char* _v32;
				int _v36;
				signed int _v44;
				int _v48;
				signed int* _v60;
				signed char* _v64;
				signed int _v68;
				long _v72;
				void* _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t198;
				intOrPtr _t201;
				long _t207;
				signed int _t211;
				signed int _t222;
				void* _t225;
				void* _t226;
				int _t232;
				long _t237;
				long _t238;
				signed int _t239;
				signed int _t245;
				signed int _t247;
				signed char _t248;
				signed char _t254;
				void* _t258;
				void* _t260;
				signed char* _t278;
				signed char _t279;
				long _t281;
				long _t284;
				int _t288;
				struct HWND__* _t291;
				signed int* _t292;
				int _t293;
				long _t294;
				signed int _t295;
				void* _t297;
				long _t298;
				int _t299;
				signed int _t300;
				signed int _t303;
				signed int _t311;
				signed char* _t319;
				int _t324;
				void* _t326;

				_t291 = _a4;
				_v12 = GetDlgItem(_t291, 0x3f9);
				_v8 = GetDlgItem(_t291, 0x408);
				_t326 = SendMessageW;
				_v24 =  *0x42a288;
				_v28 =  *0x42a270 + 0x94;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t301 = _a16;
					} else {
						_a12 = 0;
						_t301 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t301;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t301 + 4)) == 0x408) {
							if(( *0x42a279 & 0x00000002) != 0) {
								L41:
								if(_v16 != 0) {
									_t237 = _v16;
									if( *((intOrPtr*)(_t237 + 8)) == 0xfffffe3d) {
										SendMessageW(_v8, 0x419, 0,  *(_t237 + 0x5c));
									}
									_t238 = _v16;
									if( *((intOrPtr*)(_t238 + 8)) == 0xfffffe39) {
										_t301 = _v24;
										_t239 =  *(_t238 + 0x5c);
										if( *((intOrPtr*)(_t238 + 0xc)) != 2) {
											 *(_t239 * 0x818 + _t301 + 8) =  *(_t239 * 0x818 + _t301 + 8) & 0xffffffdf;
										} else {
											 *(_t239 * 0x818 + _t301 + 8) =  *(_t239 * 0x818 + _t301 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t301 = 0 | _a8 != 0x00000413;
								_t245 = E00404F7F(_v8, _a8 != 0x413);
								_t295 = _t245;
								if(_t295 >= 0) {
									_t94 = _v24 + 8; // 0x8
									_t301 = _t245 * 0x818 + _t94;
									_t247 =  *_t301;
									if((_t247 & 0x00000010) == 0) {
										if((_t247 & 0x00000040) == 0) {
											_t248 = _t247 ^ 0x00000001;
										} else {
											_t254 = _t247 ^ 0x00000080;
											if(_t254 >= 0) {
												_t248 = _t254 & 0x000000fe;
											} else {
												_t248 = _t254 | 0x00000001;
											}
										}
										 *_t301 = _t248;
										E0040117D(_t295);
										_a12 = _t295 + 1;
										_a16 =  !( *0x42a278) >> 0x00000008 & 0x00000001;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t301 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageW(_v8, 0x200, 0, 0); // executed
							}
							if(_a8 == 0x40b) {
								_t225 =  *0x42372c;
								if(_t225 != 0) {
									ImageList_Destroy(_t225);
								}
								_t226 =  *0x423740;
								if(_t226 != 0) {
									GlobalFree(_t226);
								}
								 *0x42372c = 0;
								 *0x423740 = 0;
								 *0x42a2c0 = 0;
							}
							if(_a8 != 0x40f) {
								L90:
								if(_a8 == 0x420 && ( *0x42a279 & 0x00000001) != 0) {
									_t324 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t324);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t324);
								}
								goto L93;
							} else {
								E004011EF(_t301, 0, 0);
								_t198 = _a12;
								if(_t198 != 0) {
									if(_t198 != 0xffffffff) {
										_t198 = _t198 - 1;
									}
									_push(_t198);
									_push(8);
									E00404FFF();
								}
								if(_a16 == 0) {
									L75:
									E004011EF(_t301, 0, 0);
									_v36 =  *0x423740;
									_t201 =  *0x42a288;
									_v64 = 0xf030;
									_v24 = 0;
									if( *0x42a28c <= 0) {
										L86:
										if( *0x42a31e == 0x400) {
											InvalidateRect(_v8, 0, 1);
										}
										if( *((intOrPtr*)( *0x42923c + 0x10)) != 0) {
											E00404F3A(0x3ff, 0xfffffffb, E00404F52(5));
										}
										goto L90;
									}
									_t292 = _t201 + 8;
									do {
										_t207 =  *((intOrPtr*)(_v36 + _v24 * 4));
										if(_t207 != 0) {
											_t303 =  *_t292;
											_v72 = _t207;
											_v76 = 8;
											if((_t303 & 0x00000001) != 0) {
												_v76 = 9;
												_v60 =  &(_t292[4]);
												_t292[0] = _t292[0] & 0x000000fe;
											}
											if((_t303 & 0x00000040) == 0) {
												_t211 = (_t303 & 0x00000001) + 1;
												if((_t303 & 0x00000010) != 0) {
													_t211 = _t211 + 3;
												}
											} else {
												_t211 = 3;
											}
											_v68 = (_t211 << 0x0000000b | _t303 & 0x00000008) + (_t211 << 0x0000000b | _t303 & 0x00000008) | _t303 & 0x00000020;
											SendMessageW(_v8, 0x1102, (_t303 >> 0x00000005 & 0x00000001) + 1, _v72);
											SendMessageW(_v8, 0x113f, 0,  &_v76); // executed
										}
										_v24 = _v24 + 1;
										_t292 =  &(_t292[0x206]);
									} while (_v24 <  *0x42a28c);
									goto L86;
								} else {
									_t293 = E004012E2( *0x423740);
									E00401299(_t293);
									_t222 = 0;
									_t301 = 0;
									if(_t293 <= 0) {
										L74:
										SendMessageW(_v12, 0x14e, _t301, 0);
										_a16 = _t293;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v28 + _t222 * 4)) != 0) {
											_t301 = _t301 + 1;
										}
										_t222 = _t222 + 1;
									} while (_t222 < _t293);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L93;
						} else {
							_t232 = SendMessageW(_v12, 0x147, 0, 0);
							if(_t232 == 0xffffffff) {
								goto L93;
							}
							_t294 = SendMessageW(_v12, 0x150, _t232, 0);
							if(_t294 == 0xffffffff ||  *((intOrPtr*)(_v28 + _t294 * 4)) == 0) {
								_t294 = 0x20;
							}
							E00401299(_t294);
							SendMessageW(_a4, 0x420, 0, _t294);
							_a12 = _a12 | 0xffffffff;
							_a16 = 0;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					_v36 = 0;
					_v20 = 2;
					 *0x42a2c0 = _t291;
					 *0x423740 = GlobalAlloc(0x40,  *0x42a28c << 2);
					_t258 = LoadImageW( *0x42a260, 0x6e, 0, 0, 0, 0);
					 *0x423734 =  *0x423734 | 0xffffffff;
					_t297 = _t258;
					 *0x42373c = SetWindowLongW(_v8, 0xfffffffc, E0040563E);
					_t260 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x42372c = _t260;
					ImageList_AddMasked(_t260, _t297, 0xff00ff);
					SendMessageW(_v8, 0x1109, 2,  *0x42372c);
					if(SendMessageW(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageW(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_t297);
					_t298 = 0;
					do {
						_t266 =  *((intOrPtr*)(_v28 + _t298 * 4));
						if( *((intOrPtr*)(_v28 + _t298 * 4)) != 0) {
							if(_t298 != 0x20) {
								_v20 = 0;
							}
							_t288 = SendMessageW(_v12, 0x143, 0, E004066A5(_t298, 0, _t326, 0, _t266)); // executed
							SendMessageW(_v12, 0x151, _t288, _t298);
						}
						_t298 = _t298 + 1;
					} while (_t298 < 0x21);
					_t299 = _a16;
					_push( *((intOrPtr*)(_t299 + 0x30 + _v20 * 4)));
					_push(0x15);
					E004045C4(_a4);
					_push( *((intOrPtr*)(_t299 + 0x34 + _v20 * 4)));
					_push(0x16);
					E004045C4(_a4);
					_t300 = 0;
					_v16 = 0;
					if( *0x42a28c <= 0) {
						L19:
						SetWindowLongW(_v8, 0xfffffff0, GetWindowLongW(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t319 = _v24 + 8;
						_v32 = _t319;
						do {
							_t278 =  &(_t319[0x10]);
							if( *_t278 != 0) {
								_v64 = _t278;
								_t279 =  *_t319;
								_v88 = _v16;
								_t311 = 0x20;
								_v84 = 0xffff0002;
								_v80 = 0xd;
								_v68 = _t311;
								_v44 = _t300;
								_v72 = _t279 & _t311;
								if((_t279 & 0x00000002) == 0) {
									if((_t279 & 0x00000004) == 0) {
										_t281 = SendMessageW(_v8, 0x1132, 0,  &_v88); // executed
										 *( *0x423740 + _t300 * 4) = _t281;
									} else {
										_v16 = SendMessageW(_v8, 0x110a, 3, _v16);
									}
								} else {
									_v80 = 0x4d;
									_v48 = 1;
									_t284 = SendMessageW(_v8, 0x1132, 0,  &_v88); // executed
									_v36 = 1;
									 *( *0x423740 + _t300 * 4) = _t284;
									_v16 =  *( *0x423740 + _t300 * 4);
								}
							}
							_t300 = _t300 + 1;
							_t319 =  &(_v32[0x818]);
							_v32 = _t319;
						} while (_t300 <  *0x42a28c);
						if(_v36 != 0) {
							L20:
							if(_v20 != 0) {
								E004045F9(_v8);
								goto L23;
							} else {
								ShowWindow(_v12, 5); // executed
								E004045F9(_v12);
								L93:
								return E0040462B(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}




























































                                                                                                                              0x00405038
                                                                                                                              0x00405051
                                                                                                                              0x00405056
                                                                                                                              0x0040505e
                                                                                                                              0x00405064
                                                                                                                              0x0040507a
                                                                                                                              0x0040507d
                                                                                                                              0x004052a8
                                                                                                                              0x004052af
                                                                                                                              0x004052c3
                                                                                                                              0x004052b1
                                                                                                                              0x004052b3
                                                                                                                              0x004052b6
                                                                                                                              0x004052b7
                                                                                                                              0x004052be
                                                                                                                              0x004052be
                                                                                                                              0x004052cf
                                                                                                                              0x004052dd
                                                                                                                              0x004052e0
                                                                                                                              0x004052f6
                                                                                                                              0x0040536b
                                                                                                                              0x0040536e
                                                                                                                              0x00405370
                                                                                                                              0x0040537a
                                                                                                                              0x00405388
                                                                                                                              0x00405388
                                                                                                                              0x0040538a
                                                                                                                              0x00405394
                                                                                                                              0x0040539a
                                                                                                                              0x0040539d
                                                                                                                              0x004053a0
                                                                                                                              0x004053bb
                                                                                                                              0x004053a2
                                                                                                                              0x004053ac
                                                                                                                              0x004053ac
                                                                                                                              0x004053a0
                                                                                                                              0x00405394
                                                                                                                              0x00000000
                                                                                                                              0x0040536e
                                                                                                                              0x004052fb
                                                                                                                              0x00405306
                                                                                                                              0x0040530b
                                                                                                                              0x00405312
                                                                                                                              0x00405317
                                                                                                                              0x0040531b
                                                                                                                              0x00405326
                                                                                                                              0x00405326
                                                                                                                              0x0040532a
                                                                                                                              0x0040532e
                                                                                                                              0x00405332
                                                                                                                              0x00405345
                                                                                                                              0x00405334
                                                                                                                              0x00405334
                                                                                                                              0x0040533b
                                                                                                                              0x00405341
                                                                                                                              0x0040533d
                                                                                                                              0x0040533d
                                                                                                                              0x0040533d
                                                                                                                              0x0040533b
                                                                                                                              0x00405349
                                                                                                                              0x0040534b
                                                                                                                              0x0040535e
                                                                                                                              0x00405361
                                                                                                                              0x00405364
                                                                                                                              0x00405364
                                                                                                                              0x0040532e
                                                                                                                              0x00000000
                                                                                                                              0x0040531b
                                                                                                                              0x004052fd
                                                                                                                              0x00405304
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004053be
                                                                                                                              0x004053be
                                                                                                                              0x004053c5
                                                                                                                              0x00405436
                                                                                                                              0x0040543e
                                                                                                                              0x00405446
                                                                                                                              0x00405446
                                                                                                                              0x0040544f
                                                                                                                              0x00405451
                                                                                                                              0x00405458
                                                                                                                              0x0040545b
                                                                                                                              0x0040545b
                                                                                                                              0x00405461
                                                                                                                              0x00405468
                                                                                                                              0x0040546b
                                                                                                                              0x0040546b
                                                                                                                              0x00405471
                                                                                                                              0x00405477
                                                                                                                              0x0040547d
                                                                                                                              0x0040547d
                                                                                                                              0x0040548a
                                                                                                                              0x004055eb
                                                                                                                              0x004055f2
                                                                                                                              0x0040560f
                                                                                                                              0x00405615
                                                                                                                              0x00405627
                                                                                                                              0x00405627
                                                                                                                              0x00000000
                                                                                                                              0x00405490
                                                                                                                              0x00405492
                                                                                                                              0x00405497
                                                                                                                              0x0040549c
                                                                                                                              0x004054a1
                                                                                                                              0x004054a3
                                                                                                                              0x004054a3
                                                                                                                              0x004054a4
                                                                                                                              0x004054a5
                                                                                                                              0x004054a7
                                                                                                                              0x004054a7
                                                                                                                              0x004054af
                                                                                                                              0x004054f0
                                                                                                                              0x004054f2
                                                                                                                              0x00405502
                                                                                                                              0x00405505
                                                                                                                              0x0040550a
                                                                                                                              0x00405511
                                                                                                                              0x00405514
                                                                                                                              0x004055b6
                                                                                                                              0x004055bf
                                                                                                                              0x004055c7
                                                                                                                              0x004055c7
                                                                                                                              0x004055d5
                                                                                                                              0x004055e6
                                                                                                                              0x004055e6
                                                                                                                              0x00000000
                                                                                                                              0x004055d5
                                                                                                                              0x0040551a
                                                                                                                              0x0040551d
                                                                                                                              0x00405523
                                                                                                                              0x00405528
                                                                                                                              0x0040552a
                                                                                                                              0x0040552c
                                                                                                                              0x00405532
                                                                                                                              0x00405539
                                                                                                                              0x0040553e
                                                                                                                              0x00405545
                                                                                                                              0x00405548
                                                                                                                              0x00405548
                                                                                                                              0x0040554f
                                                                                                                              0x0040555b
                                                                                                                              0x0040555f
                                                                                                                              0x00405561
                                                                                                                              0x00405561
                                                                                                                              0x00405551
                                                                                                                              0x00405553
                                                                                                                              0x00405553
                                                                                                                              0x00405581
                                                                                                                              0x0040558d
                                                                                                                              0x0040559c
                                                                                                                              0x0040559c
                                                                                                                              0x0040559e
                                                                                                                              0x004055a1
                                                                                                                              0x004055aa
                                                                                                                              0x00000000
                                                                                                                              0x004054b1
                                                                                                                              0x004054bc
                                                                                                                              0x004054bf
                                                                                                                              0x004054c4
                                                                                                                              0x004054c6
                                                                                                                              0x004054ca
                                                                                                                              0x004054da
                                                                                                                              0x004054e4
                                                                                                                              0x004054e6
                                                                                                                              0x004054e9
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004054cc
                                                                                                                              0x004054cc
                                                                                                                              0x004054d2
                                                                                                                              0x004054d4
                                                                                                                              0x004054d4
                                                                                                                              0x004054d5
                                                                                                                              0x004054d6
                                                                                                                              0x00000000
                                                                                                                              0x004054cc
                                                                                                                              0x004054af
                                                                                                                              0x0040548a
                                                                                                                              0x004053cd
                                                                                                                              0x00000000
                                                                                                                              0x004053e3
                                                                                                                              0x004053ed
                                                                                                                              0x004053f2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405404
                                                                                                                              0x00405409
                                                                                                                              0x00405415
                                                                                                                              0x00405415
                                                                                                                              0x00405417
                                                                                                                              0x00405426
                                                                                                                              0x00405428
                                                                                                                              0x0040542c
                                                                                                                              0x0040542f
                                                                                                                              0x00000000
                                                                                                                              0x0040542f
                                                                                                                              0x004053cd
                                                                                                                              0x00405083
                                                                                                                              0x00405088
                                                                                                                              0x00405091
                                                                                                                              0x00405098
                                                                                                                              0x004050aa
                                                                                                                              0x004050b5
                                                                                                                              0x004050bb
                                                                                                                              0x004050c9
                                                                                                                              0x004050dd
                                                                                                                              0x004050e2
                                                                                                                              0x004050ef
                                                                                                                              0x004050f4
                                                                                                                              0x0040510a
                                                                                                                              0x0040511b
                                                                                                                              0x00405128
                                                                                                                              0x00405128
                                                                                                                              0x0040512b
                                                                                                                              0x00405131
                                                                                                                              0x00405133
                                                                                                                              0x00405136
                                                                                                                              0x0040513b
                                                                                                                              0x00405140
                                                                                                                              0x00405142
                                                                                                                              0x00405142
                                                                                                                              0x00405156
                                                                                                                              0x00405162
                                                                                                                              0x00405162
                                                                                                                              0x00405164
                                                                                                                              0x00405165
                                                                                                                              0x0040516a
                                                                                                                              0x00405170
                                                                                                                              0x00405174
                                                                                                                              0x00405179
                                                                                                                              0x00405181
                                                                                                                              0x00405185
                                                                                                                              0x0040518a
                                                                                                                              0x0040518f
                                                                                                                              0x00405197
                                                                                                                              0x0040519a
                                                                                                                              0x0040526a
                                                                                                                              0x0040527d
                                                                                                                              0x00000000
                                                                                                                              0x004051a0
                                                                                                                              0x004051a3
                                                                                                                              0x004051a6
                                                                                                                              0x004051a9
                                                                                                                              0x004051a9
                                                                                                                              0x004051af
                                                                                                                              0x004051b8
                                                                                                                              0x004051bb
                                                                                                                              0x004051bf
                                                                                                                              0x004051c2
                                                                                                                              0x004051c5
                                                                                                                              0x004051ce
                                                                                                                              0x004051d7
                                                                                                                              0x004051da
                                                                                                                              0x004051dd
                                                                                                                              0x004051e0
                                                                                                                              0x0040521e
                                                                                                                              0x00405241
                                                                                                                              0x00405249
                                                                                                                              0x00405220
                                                                                                                              0x0040522f
                                                                                                                              0x0040522f
                                                                                                                              0x004051e2
                                                                                                                              0x004051e5
                                                                                                                              0x004051f3
                                                                                                                              0x004051fd
                                                                                                                              0x00405205
                                                                                                                              0x0040520c
                                                                                                                              0x00405217
                                                                                                                              0x00405217
                                                                                                                              0x004051e0
                                                                                                                              0x0040524f
                                                                                                                              0x00405250
                                                                                                                              0x0040525c
                                                                                                                              0x0040525c
                                                                                                                              0x00405268
                                                                                                                              0x00405283
                                                                                                                              0x00405286
                                                                                                                              0x004052a3
                                                                                                                              0x00000000
                                                                                                                              0x00405288
                                                                                                                              0x0040528d
                                                                                                                              0x00405296
                                                                                                                              0x00405629
                                                                                                                              0x0040563b
                                                                                                                              0x0040563b
                                                                                                                              0x00405286
                                                                                                                              0x00000000
                                                                                                                              0x00405268
                                                                                                                              0x0040519a

                                                                                                                              APIs
                                                                                                                              • GetDlgItem.USER32 ref: 00405049
                                                                                                                              • GetDlgItem.USER32 ref: 00405054
                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?), ref: 0040509E
                                                                                                                              • LoadImageW.USER32 ref: 004050B5
                                                                                                                              • SetWindowLongW.USER32 ref: 004050CE
                                                                                                                              • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 004050E2
                                                                                                                              • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 004050F4
                                                                                                                              • SendMessageW.USER32(?,00001109,00000002), ref: 0040510A
                                                                                                                              • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00405116
                                                                                                                              • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00405128
                                                                                                                              • DeleteObject.GDI32(00000000), ref: 0040512B
                                                                                                                              • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00405156
                                                                                                                              • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405162
                                                                                                                              • SendMessageW.USER32(?,00001132,00000000,?), ref: 004051FD
                                                                                                                              • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 0040522D
                                                                                                                                • Part of subcall function 004045F9: SendMessageW.USER32(00000028,?,00000001,00404424), ref: 00404607
                                                                                                                              • SendMessageW.USER32(?,00001132,00000000,?), ref: 00405241
                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 0040526F
                                                                                                                              • SetWindowLongW.USER32 ref: 0040527D
                                                                                                                              • ShowWindow.USER32(?,00000005), ref: 0040528D
                                                                                                                              • SendMessageW.USER32(?,00000419,00000000,?), ref: 00405388
                                                                                                                              • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004053ED
                                                                                                                              • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00405402
                                                                                                                              • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405426
                                                                                                                              • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00405446
                                                                                                                              • ImageList_Destroy.COMCTL32(?), ref: 0040545B
                                                                                                                              • GlobalFree.KERNEL32 ref: 0040546B
                                                                                                                              • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004054E4
                                                                                                                              • SendMessageW.USER32(?,00001102,?,?), ref: 0040558D
                                                                                                                              • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 0040559C
                                                                                                                              • InvalidateRect.USER32(?,00000000,00000001), ref: 004055C7
                                                                                                                              • ShowWindow.USER32(?,00000000), ref: 00405615
                                                                                                                              • GetDlgItem.USER32 ref: 00405620
                                                                                                                              • ShowWindow.USER32(00000000), ref: 00405627
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                              • String ID: $M$N
                                                                                                                              • API String ID: 2564846305-813528018
                                                                                                                              • Opcode ID: 950969970af6d10ef62121ad67a768569704eb6391eae900e1ce4f9d1827afee
                                                                                                                              • Instruction ID: a1eb65f7683e17450fca8d4cb4c1055b074660be5b1b810df034ff690b7f681c
                                                                                                                              • Opcode Fuzzy Hash: 950969970af6d10ef62121ad67a768569704eb6391eae900e1ce4f9d1827afee
                                                                                                                              • Instruction Fuzzy Hash: 2A025CB0900609EFDF20DF65CD45AAE7BB5FB44315F10817AEA10BA2E1D7798A52CF18
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004040C5 Relevance: 63.4, APIs: 34, Strings: 2, Instructions: 357windowstringCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 407 4040c5-4040d7 408 4040dd-4040e3 407->408 409 40423e-40424d 407->409 408->409 410 4040e9-4040f2 408->410 411 40429c-4042b1 409->411 412 40424f-40428a GetDlgItem * 2 call 4045c4 KiUserCallbackDispatcher call 40140b 409->412 413 4040f4-404101 SetWindowPos 410->413 414 404107-40410e 410->414 416 4042f1-4042f6 call 404610 411->416 417 4042b3-4042b6 411->417 438 40428f-404297 412->438 413->414 419 404110-40412a ShowWindow 414->419 420 404152-404158 414->420 425 4042fb-404316 416->425 422 4042b8-4042c3 call 401389 417->422 423 4042e9-4042eb 417->423 426 404130-404143 GetWindowLongW 419->426 427 40422b-404239 call 40462b 419->427 428 404171-404174 420->428 429 40415a-40416c DestroyWindow 420->429 422->423 448 4042c5-4042e4 SendMessageW 422->448 423->416 424 404591 423->424 436 404593-40459a 424->436 433 404318-40431a call 40140b 425->433 434 40431f-404325 425->434 426->427 435 404149-40414c ShowWindow 426->435 427->436 439 404176-404182 SetWindowLongW 428->439 440 404187-40418d 428->440 437 40456e-404574 429->437 433->434 445 40432b-404336 434->445 446 40454f-404568 DestroyWindow EndDialog 434->446 435->420 437->424 444 404576-40457c 437->444 438->411 439->436 440->427 447 404193-4041a2 GetDlgItem 440->447 444->424 449 40457e-404587 ShowWindow 444->449 445->446 450 40433c-404389 call 4066a5 call 4045c4 * 3 GetDlgItem 445->450 446->437 451 4041c1-4041c4 447->451 452 4041a4-4041bb SendMessageW IsWindowEnabled 447->452 448->436 449->424 479 404393-4043cf ShowWindow KiUserCallbackDispatcher call 4045e6 KiUserCallbackDispatcher 450->479 480 40438b-404390 450->480 454 4041c6-4041c7 451->454 455 4041c9-4041cc 451->455 452->424 452->451 459 4041f7-4041fc call 40459d 454->459 456 4041da-4041df 455->456 457 4041ce-4041d4 455->457 460 404215-404225 SendMessageW 456->460 462 4041e1-4041e7 456->462 457->460 461 4041d6-4041d8 457->461 459->427 460->427 461->459 465 4041e9-4041ef call 40140b 462->465 466 4041fe-404207 call 40140b 462->466 475 4041f5 465->475 466->427 476 404209-404213 466->476 475->459 476->475 483 4043d1-4043d2 479->483 484 4043d4 479->484 480->479 485 4043d6-404404 GetSystemMenu EnableMenuItem SendMessageW 483->485 484->485 486 404406-404417 SendMessageW 485->486 487 404419 485->487 488 40441f-40445e call 4045f9 call 4040a6 call 406668 lstrlenW call 4066a5 SetWindowTextW call 401389 486->488 487->488 488->425 499 404464-404466 488->499 499->425 500 40446c-404470 499->500 501 404472-404478 500->501 502 40448f-4044a3 DestroyWindow 500->502 501->424 503 40447e-404484 501->503 502->437 504 4044a9-4044d6 CreateDialogParamW 502->504 503->425 505 40448a 503->505 504->437 506 4044dc-404533 call 4045c4 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 504->506 505->424 506->424 511 404535-404548 ShowWindow call 404610 506->511 513 40454d 511->513 513->437
                                                                                                                              C-Code - Quality: 86%
                                                                                                                              			E004040C5(struct HWND__* _a4, intOrPtr _a8, int _a12, long _a16) {
				struct HWND__* _v28;
				void* _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t34;
				signed int _t36;
				signed int _t38;
				struct HWND__* _t48;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t117;
				int _t118;
				int _t122;
				signed int _t124;
				struct HWND__* _t127;
				struct HWND__* _t128;
				int _t129;
				intOrPtr _t130;
				long _t133;
				int _t135;
				int _t136;
				void* _t137;
				void* _t145;

				_t130 = _a8;
				if(_t130 == 0x110 || _t130 == 0x408) {
					_t34 = _a12;
					_t127 = _a4;
					__eflags = _t130 - 0x110;
					 *0x423730 = _t34;
					if(_t130 == 0x110) {
						 *0x42a268 = _t127;
						 *0x423744 = GetDlgItem(_t127, 1);
						_t91 = GetDlgItem(_t127, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x421710 = _t91;
						E004045C4(_t127);
						SetClassLongW(_t127, 0xfffffff2,  *0x429248); // executed
						 *0x42922c = E0040140B(4);
						_t34 = 1;
						__eflags = 1;
						 *0x423730 = 1;
					}
					_t124 =  *0x40a39c; // 0x5
					_t136 = 0;
					_t133 = (_t124 << 6) +  *0x42a280;
					__eflags = _t124;
					if(_t124 < 0) {
						L36:
						E00404610(0x40b);
						while(1) {
							_t36 =  *0x423730;
							 *0x40a39c =  *0x40a39c + _t36;
							_t133 = _t133 + (_t36 << 6);
							_t38 =  *0x40a39c; // 0x5
							__eflags = _t38 -  *0x42a284;
							if(_t38 ==  *0x42a284) {
								E0040140B(1);
							}
							__eflags =  *0x42922c - _t136;
							if( *0x42922c != _t136) {
								break;
							}
							__eflags =  *0x40a39c -  *0x42a284; // 0x5
							if(__eflags >= 0) {
								break;
							}
							_t117 =  *(_t133 + 0x14);
							E004066A5(_t117, _t127, _t133, L"Click Next to continue.",  *((intOrPtr*)(_t133 + 0x24)));
							_push( *((intOrPtr*)(_t133 + 0x20)));
							_push(0xfffffc19);
							E004045C4(_t127);
							_push( *((intOrPtr*)(_t133 + 0x1c)));
							_push(0xfffffc1b);
							E004045C4(_t127);
							_push( *((intOrPtr*)(_t133 + 0x28)));
							_push(0xfffffc1a);
							E004045C4(_t127);
							_t48 = GetDlgItem(_t127, 3);
							__eflags =  *0x42a2ec - _t136;
							_v28 = _t48;
							if( *0x42a2ec != _t136) {
								_t117 = _t117 & 0x0000fefd | 0x00000004;
								__eflags = _t117;
							}
							ShowWindow(_t48, _t117 & 0x00000008); // executed
							EnableWindow( *(_t137 + 0x34), _t117 & 0x00000100); // executed
							E004045E6(_t117 & 0x00000002);
							_t118 = _t117 & 0x00000004;
							EnableWindow( *0x421710, _t118); // executed
							__eflags = _t118 - _t136;
							if(_t118 == _t136) {
								_push(1);
							} else {
								_push(_t136);
							}
							EnableMenuItem(GetSystemMenu(_t127, _t136), 0xf060, ??);
							SendMessageW( *(_t137 + 0x3c), 0xf4, _t136, 1);
							__eflags =  *0x42a2ec - _t136;
							if( *0x42a2ec == _t136) {
								_push( *0x423744);
							} else {
								SendMessageW(_t127, 0x401, 2, _t136);
								_push( *0x421710);
							}
							E004045F9();
							E00406668(0x423748, E004040A6());
							E004066A5(0x423748, _t127, _t133,  &(0x423748[lstrlenW(0x423748)]),  *((intOrPtr*)(_t133 + 0x18)));
							SetWindowTextW(_t127, 0x423748); // executed
							_t67 = E00401389( *((intOrPtr*)(_t133 + 8)), _t136);
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t133 - _t136;
								if( *_t133 == _t136) {
									continue;
								}
								__eflags =  *(_t133 + 4) - 5;
								if( *(_t133 + 4) != 5) {
									DestroyWindow( *0x429238); // executed
									 *0x422720 = _t133;
									__eflags =  *_t133 - _t136;
									if( *_t133 <= _t136) {
										goto L60;
									}
									_t73 = CreateDialogParamW( *0x42a260,  *_t133 +  *0x429240 & 0x0000ffff, _t127,  *(0x40a3a0 +  *(_t133 + 4) * 4), _t133); // executed
									__eflags = _t73 - _t136;
									 *0x429238 = _t73;
									if(_t73 == _t136) {
										goto L60;
									}
									_push( *((intOrPtr*)(_t133 + 0x2c)));
									_push(6);
									E004045C4(_t73);
									GetWindowRect(GetDlgItem(_t127, 0x3fa), _t137 + 0x10);
									ScreenToClient(_t127, _t137 + 0x10);
									SetWindowPos( *0x429238, _t136,  *(_t137 + 0x20),  *(_t137 + 0x20), _t136, _t136, 0x15);
									E00401389( *((intOrPtr*)(_t133 + 0xc)), _t136);
									__eflags =  *0x42922c - _t136;
									if( *0x42922c != _t136) {
										goto L63;
									}
									ShowWindow( *0x429238, 8); // executed
									E00404610(0x405);
									goto L60;
								}
								__eflags =  *0x42a2ec - _t136;
								if( *0x42a2ec != _t136) {
									goto L63;
								}
								__eflags =  *0x42a2e0 - _t136;
								if( *0x42a2e0 != _t136) {
									continue;
								}
								goto L63;
							}
						}
						DestroyWindow( *0x429238);
						 *0x42a268 = _t136;
						EndDialog(_t127,  *0x421f18);
						goto L60;
					} else {
						__eflags = _t34 - 1;
						if(_t34 != 1) {
							L35:
							__eflags =  *_t133 - _t136;
							if( *_t133 == _t136) {
								goto L63;
							}
							goto L36;
						}
						_t86 = E00401389( *((intOrPtr*)(_t133 + 0x10)), 0);
						__eflags = _t86;
						if(_t86 == 0) {
							goto L35;
						}
						SendMessageW( *0x429238, 0x40f, 0, 1);
						__eflags =  *0x42922c;
						return 0 |  *0x42922c == 0x00000000;
					}
				} else {
					_t127 = _a4;
					_t136 = 0;
					if(_t130 == 0x47) {
						SetWindowPos( *0x423728, _t127, 0, 0, 0, 0, 0x13);
					}
					_t122 = _a12;
					if(_t130 != 5) {
						L8:
						if(_t130 != 0x40d) {
							__eflags = _t130 - 0x11;
							if(_t130 != 0x11) {
								__eflags = _t130 - 0x111;
								if(_t130 != 0x111) {
									goto L28;
								}
								_t135 = _t122 & 0x0000ffff;
								_t128 = GetDlgItem(_t127, _t135);
								__eflags = _t128 - _t136;
								if(_t128 == _t136) {
									L15:
									__eflags = _t135 - 1;
									if(_t135 != 1) {
										__eflags = _t135 - 3;
										if(_t135 != 3) {
											_t129 = 2;
											__eflags = _t135 - _t129;
											if(_t135 != _t129) {
												L27:
												SendMessageW( *0x429238, 0x111, _t122, _a16);
												goto L28;
											}
											__eflags =  *0x42a2ec - _t136;
											if( *0x42a2ec == _t136) {
												_t99 = E0040140B(3);
												__eflags = _t99;
												if(_t99 != 0) {
													goto L28;
												}
												 *0x421f18 = 1;
												L23:
												_push(0x78);
												L24:
												E0040459D();
												goto L28;
											}
											E0040140B(_t129);
											 *0x421f18 = _t129;
											goto L23;
										}
										__eflags =  *0x40a39c - _t136; // 0x5
										if(__eflags <= 0) {
											goto L27;
										}
										_push(0xffffffff);
										goto L24;
									}
									_push(_t135);
									goto L24;
								}
								SendMessageW(_t128, 0xf3, _t136, _t136);
								_t103 = IsWindowEnabled(_t128);
								__eflags = _t103;
								if(_t103 == 0) {
									L63:
									return 0;
								}
								goto L15;
							}
							SetWindowLongW(_t127, _t136, _t136);
							return 1;
						}
						DestroyWindow( *0x429238); // executed
						 *0x429238 = _t122;
						L60:
						_t145 =  *0x425748 - _t136; // 0x1
						if(_t145 == 0 &&  *0x429238 != _t136) {
							ShowWindow(_t127, 0xa); // executed
							 *0x425748 = 1;
						}
						goto L63;
					} else {
						asm("sbb eax, eax");
						ShowWindow( *0x423728,  ~(_t122 - 1) & 0x00000005);
						if(_t122 != 2 || (GetWindowLongW(_t127, 0xfffffff0) & 0x21010000) != 0x1000000) {
							L28:
							return E0040462B(_a8, _t122, _a16);
						} else {
							ShowWindow(_t127, 4);
							goto L8;
						}
					}
				}
			}
































                                                                                                                              0x004040d0
                                                                                                                              0x004040d7
                                                                                                                              0x0040423e
                                                                                                                              0x00404242
                                                                                                                              0x00404246
                                                                                                                              0x00404248
                                                                                                                              0x0040424d
                                                                                                                              0x00404258
                                                                                                                              0x00404263
                                                                                                                              0x00404268
                                                                                                                              0x0040426a
                                                                                                                              0x0040426c
                                                                                                                              0x0040426f
                                                                                                                              0x00404274
                                                                                                                              0x00404282
                                                                                                                              0x0040428f
                                                                                                                              0x00404296
                                                                                                                              0x00404296
                                                                                                                              0x00404297
                                                                                                                              0x00404297
                                                                                                                              0x0040429c
                                                                                                                              0x004042a2
                                                                                                                              0x004042a9
                                                                                                                              0x004042af
                                                                                                                              0x004042b1
                                                                                                                              0x004042f1
                                                                                                                              0x004042f6
                                                                                                                              0x004042fb
                                                                                                                              0x004042fb
                                                                                                                              0x00404300
                                                                                                                              0x00404309
                                                                                                                              0x0040430b
                                                                                                                              0x00404310
                                                                                                                              0x00404316
                                                                                                                              0x0040431a
                                                                                                                              0x0040431a
                                                                                                                              0x0040431f
                                                                                                                              0x00404325
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00404330
                                                                                                                              0x00404336
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040433f
                                                                                                                              0x00404347
                                                                                                                              0x0040434c
                                                                                                                              0x0040434f
                                                                                                                              0x00404355
                                                                                                                              0x0040435a
                                                                                                                              0x0040435d
                                                                                                                              0x00404363
                                                                                                                              0x00404368
                                                                                                                              0x0040436b
                                                                                                                              0x00404371
                                                                                                                              0x00404379
                                                                                                                              0x0040437f
                                                                                                                              0x00404385
                                                                                                                              0x00404389
                                                                                                                              0x00404390
                                                                                                                              0x00404390
                                                                                                                              0x00404390
                                                                                                                              0x0040439a
                                                                                                                              0x004043ac
                                                                                                                              0x004043b8
                                                                                                                              0x004043bd
                                                                                                                              0x004043c7
                                                                                                                              0x004043cd
                                                                                                                              0x004043cf
                                                                                                                              0x004043d4
                                                                                                                              0x004043d1
                                                                                                                              0x004043d1
                                                                                                                              0x004043d1
                                                                                                                              0x004043e4
                                                                                                                              0x004043fc
                                                                                                                              0x004043fe
                                                                                                                              0x00404404
                                                                                                                              0x00404419
                                                                                                                              0x00404406
                                                                                                                              0x0040440f
                                                                                                                              0x00404411
                                                                                                                              0x00404411
                                                                                                                              0x0040441f
                                                                                                                              0x00404430
                                                                                                                              0x00404446
                                                                                                                              0x0040444d
                                                                                                                              0x00404457
                                                                                                                              0x0040445c
                                                                                                                              0x0040445e
                                                                                                                              0x00000000
                                                                                                                              0x00404464
                                                                                                                              0x00404464
                                                                                                                              0x00404466
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040446c
                                                                                                                              0x00404470
                                                                                                                              0x00404495
                                                                                                                              0x0040449b
                                                                                                                              0x004044a1
                                                                                                                              0x004044a3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004044c9
                                                                                                                              0x004044cf
                                                                                                                              0x004044d1
                                                                                                                              0x004044d6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004044dc
                                                                                                                              0x004044df
                                                                                                                              0x004044e2
                                                                                                                              0x004044f9
                                                                                                                              0x00404505
                                                                                                                              0x0040451e
                                                                                                                              0x00404528
                                                                                                                              0x0040452d
                                                                                                                              0x00404533
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040453d
                                                                                                                              0x00404548
                                                                                                                              0x00000000
                                                                                                                              0x00404548
                                                                                                                              0x00404472
                                                                                                                              0x00404478
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040447e
                                                                                                                              0x00404484
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040448a
                                                                                                                              0x0040445e
                                                                                                                              0x00404555
                                                                                                                              0x00404561
                                                                                                                              0x00404568
                                                                                                                              0x00000000
                                                                                                                              0x004042b3
                                                                                                                              0x004042b3
                                                                                                                              0x004042b6
                                                                                                                              0x004042e9
                                                                                                                              0x004042e9
                                                                                                                              0x004042eb
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004042eb
                                                                                                                              0x004042bc
                                                                                                                              0x004042c1
                                                                                                                              0x004042c3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004042d3
                                                                                                                              0x004042db
                                                                                                                              0x00000000
                                                                                                                              0x004042e1
                                                                                                                              0x004040e9
                                                                                                                              0x004040e9
                                                                                                                              0x004040ed
                                                                                                                              0x004040f2
                                                                                                                              0x00404101
                                                                                                                              0x00404101
                                                                                                                              0x00404107
                                                                                                                              0x0040410e
                                                                                                                              0x00404152
                                                                                                                              0x00404158
                                                                                                                              0x00404171
                                                                                                                              0x00404174
                                                                                                                              0x00404187
                                                                                                                              0x0040418d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00404193
                                                                                                                              0x0040419e
                                                                                                                              0x004041a0
                                                                                                                              0x004041a2
                                                                                                                              0x004041c1
                                                                                                                              0x004041c1
                                                                                                                              0x004041c4
                                                                                                                              0x004041c9
                                                                                                                              0x004041cc
                                                                                                                              0x004041dc
                                                                                                                              0x004041dd
                                                                                                                              0x004041df
                                                                                                                              0x00404215
                                                                                                                              0x00404225
                                                                                                                              0x00000000
                                                                                                                              0x00404225
                                                                                                                              0x004041e1
                                                                                                                              0x004041e7
                                                                                                                              0x00404200
                                                                                                                              0x00404205
                                                                                                                              0x00404207
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00404209
                                                                                                                              0x004041f5
                                                                                                                              0x004041f5
                                                                                                                              0x004041f7
                                                                                                                              0x004041f7
                                                                                                                              0x00000000
                                                                                                                              0x004041f7
                                                                                                                              0x004041ea
                                                                                                                              0x004041ef
                                                                                                                              0x00000000
                                                                                                                              0x004041ef
                                                                                                                              0x004041ce
                                                                                                                              0x004041d4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004041d6
                                                                                                                              0x00000000
                                                                                                                              0x004041d6
                                                                                                                              0x004041c6
                                                                                                                              0x00000000
                                                                                                                              0x004041c6
                                                                                                                              0x004041ac
                                                                                                                              0x004041b3
                                                                                                                              0x004041b9
                                                                                                                              0x004041bb
                                                                                                                              0x00404591
                                                                                                                              0x00000000
                                                                                                                              0x00404591
                                                                                                                              0x00000000
                                                                                                                              0x004041bb
                                                                                                                              0x00404179
                                                                                                                              0x00000000
                                                                                                                              0x00404181
                                                                                                                              0x00404160
                                                                                                                              0x00404166
                                                                                                                              0x0040456e
                                                                                                                              0x0040456e
                                                                                                                              0x00404574
                                                                                                                              0x00404581
                                                                                                                              0x00404587
                                                                                                                              0x00404587
                                                                                                                              0x00000000
                                                                                                                              0x00404110
                                                                                                                              0x00404115
                                                                                                                              0x00404121
                                                                                                                              0x0040412a
                                                                                                                              0x0040422b
                                                                                                                              0x00000000
                                                                                                                              0x00404149
                                                                                                                              0x0040414c
                                                                                                                              0x00000000
                                                                                                                              0x0040414c
                                                                                                                              0x0040412a
                                                                                                                              0x0040410e

                                                                                                                              APIs
                                                                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00404101
                                                                                                                              • ShowWindow.USER32(?), ref: 00404121
                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00404133
                                                                                                                              • ShowWindow.USER32(?,00000004), ref: 0040414C
                                                                                                                              • DestroyWindow.USER32 ref: 00404160
                                                                                                                              • SetWindowLongW.USER32 ref: 00404179
                                                                                                                              • GetDlgItem.USER32 ref: 00404198
                                                                                                                              • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 004041AC
                                                                                                                              • IsWindowEnabled.USER32(00000000), ref: 004041B3
                                                                                                                              • GetDlgItem.USER32 ref: 0040425E
                                                                                                                              • GetDlgItem.USER32 ref: 00404268
                                                                                                                              • KiUserCallbackDispatcher.NTDLL(?,000000F2,?), ref: 00404282
                                                                                                                              • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 004042D3
                                                                                                                              • GetDlgItem.USER32 ref: 00404379
                                                                                                                              • ShowWindow.USER32(00000000,?), ref: 0040439A
                                                                                                                              • KiUserCallbackDispatcher.NTDLL(?,?), ref: 004043AC
                                                                                                                              • KiUserCallbackDispatcher.NTDLL(?,?), ref: 004043C7
                                                                                                                              • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004043DD
                                                                                                                              • EnableMenuItem.USER32 ref: 004043E4
                                                                                                                              • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004043FC
                                                                                                                              • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040440F
                                                                                                                              • lstrlenW.KERNEL32(00423748,?,00423748,00000000), ref: 00404439
                                                                                                                              • SetWindowTextW.USER32(?,00423748), ref: 0040444D
                                                                                                                              • ShowWindow.USER32(?,0000000A), ref: 00404581
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Window$Item$MessageSendShow$CallbackDispatcherUser$LongMenu$DestroyEnableEnabledSystemTextlstrlen
                                                                                                                              • String ID: Click Next to continue.$H7B
                                                                                                                              • API String ID: 435344536-1248288568
                                                                                                                              • Opcode ID: 2f4dad2f818047668635e16f952da299a81014d83ff1599baf972819d0fbfd0c
                                                                                                                              • Instruction ID: 1d4a55fced449df2e2a9dfc159c1061f424388fbea236c5341ec002980a30b6c
                                                                                                                              • Opcode Fuzzy Hash: 2f4dad2f818047668635e16f952da299a81014d83ff1599baf972819d0fbfd0c
                                                                                                                              • Instruction Fuzzy Hash: C0C1C2B1600604FBDB216F61EE85E2A3B78EB85745F40097EF781B51F0CB3958529B2E
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 6F3A18C9 Relevance: 54.5, APIs: 21, Strings: 10, Instructions: 215memoryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              C-Code - Quality: 91%
                                                                                                                              			E6F3A18C9() {
				signed int _v8;
				long _v12;
				long _v16;
				int _v20;
				int _v24;
				int _v28;
				int _v32;
				WCHAR* _v36;
				void* _v40;
				WCHAR* _v44;
				WCHAR* _t63;
				void* _t67;
				int _t76;
				signed int _t77;
				signed int _t78;
				void* _t81;
				int _t82;
				int _t83;
				int _t84;
				int _t85;
				int _t86;
				int _t87;
				int _t88;
				int _t89;
				void* _t90;
				int _t95;
				struct HWND__* _t98;
				void* _t103;
				WCHAR* _t114;
				struct HWND__* _t115;
				signed int _t122;

				_t63 = RtlAllocateHeap(GetProcessHeap(), 8,  *0x6f3a615c << 2); // executed
				_t114 = _t63;
				_t117 =  &(_t114[ *0x6f3a615c]);
				_v44 = _t114;
				_v36 =  &(_t114[ *0x6f3a615c]);
				if(_t114 == 0) {
					return E6F3A1E9C(L"error");
				}
				__eflags = E6F3A1E4E(_t114, 0);
				if(__eflags != 0) {
					L4:
					E6F3A1E9C(L"error");
					_push(_t114);
					_push(0);
					_t67 = GetProcessHeap();
					goto L27;
				} else {
					_v12 = E6F3A2083(__eflags);
					_v16 = E6F3A2083(__eflags);
					E6F3A125B(__eflags,  &_v32,  &_v28,  &_v24,  &_v20);
					_t76 = E6F3A1E4E(_t117, 0);
					__eflags = _t76;
					if(_t76 == 0) {
						_t77 =  *0x6f3a6154;
						_v8 = _t77;
						_t78 = _t77 + 1;
						_v40 = _t78;
						 *0x6f3a6154 = _t78;
						_t81 = RtlReAllocateHeap(GetProcessHeap(), 8,  *0x6f3a6158, _t78 * 0x818); // executed
						 *0x6f3a6158 = _t81;
						_t82 = lstrcmpiW(_t114, L"BUTTON");
						__eflags = _t82;
						if(_t82 != 0) {
							_t83 = lstrcmpiW(_t114, L"EDIT");
							__eflags = _t83;
							if(_t83 != 0) {
								_t84 = lstrcmpiW(_t114, L"COMBOBOX");
								__eflags = _t84;
								if(_t84 != 0) {
									_t85 = lstrcmpiW(_t114, L"LISTBOX");
									__eflags = _t85;
									if(_t85 != 0) {
										_t86 = lstrcmpiW(_t114, L"RichEdit");
										__eflags = _t86;
										if(_t86 != 0) {
											_t87 = lstrcmpiW(_t114, L"RICHEDIT_CLASS");
											__eflags = _t87;
											if(_t87 != 0) {
												_t88 = lstrcmpiW(_t114, L"STATIC");
												__eflags = _t88;
												if(_t88 != 0) {
													_t89 = lstrcmpiW(_t114, L"LINK");
													_t122 = _v8 * 0x818;
													__eflags = _t89;
													_t90 =  *0x6f3a6158;
													if(_t89 != 0) {
														_t37 = _t122 + _t90 + 4;
														 *_t37 =  *(_t122 + _t90 + 4) & 0x00000000;
														__eflags =  *_t37;
													} else {
														 *(_t122 + _t90 + 4) = 8;
													}
												} else {
													_t122 = _v8 * 0x818;
													 *(_t122 +  *0x6f3a6158 + 4) = 7;
												}
											} else {
												_t122 = _v8 * 0x818;
												 *(_t122 +  *0x6f3a6158 + 4) = 6;
											}
										} else {
											_t122 = _v8 * 0x818;
											 *(_t122 +  *0x6f3a6158 + 4) = 5;
										}
									} else {
										_t122 = _v8 * 0x818;
										 *(_t122 +  *0x6f3a6158 + 4) = 4;
									}
								} else {
									_t122 = _v8 * 0x818;
									 *(_t122 +  *0x6f3a6158 + 4) = 3;
								}
							} else {
								_t122 = _v8 * 0x818;
								 *(_t122 +  *0x6f3a6158 + 4) = 2;
							}
						} else {
							_t122 = _v8 * 0x818;
							 *(_t122 +  *0x6f3a6158 + 4) = 1;
						}
						E6F3A1D81( *(_t122 +  *0x6f3a6158 + 4),  &_v12,  &_v16);
						_t95 = lstrcmpiW(_t114, L"LINK");
						__eflags = _t95;
						if(_t95 == 0) {
							_t114 = L"BUTTON";
						}
						_t98 = CreateWindowExW(_v16, _t114, _v36, _v12, _v32, _v28, _v24, _v20,  *0x6f3a6140, _v8 + 0x4b0,  *0x6f3a612c, 0); // executed
						_t115 = _t98;
						 *( *0x6f3a6158 + _t122) = _t115;
						SetPropW(_t115, L"NSIS: nsControl pointer property", _v40); // executed
						SendMessageW(_t115, 0x30, SendMessageW( *0x6f3a6144, 0x31, 0, 0), 1);
						_t103 =  *0x6f3a6158;
						__eflags =  *((intOrPtr*)(_t122 + _t103 + 4)) - 8;
						if( *((intOrPtr*)(_t122 + _t103 + 4)) == 8) {
							 *((intOrPtr*)(_t122 +  *0x6f3a6158 + 0x814)) = SetWindowLongW(_t115, 0xfffffffc, E6F3A148C);
						}
						E6F3A20B3(_t115);
						_push(_v44);
						_push(0);
						_t67 = GetProcessHeap();
						L27:
						return HeapFree(_t67, ??, ??);
					}
					goto L4;
				}
			}


































                                                                                                                              0x6f3a18e6
                                                                                                                              0x6f3a18ec
                                                                                                                              0x6f3a18f5
                                                                                                                              0x6f3a18f8
                                                                                                                              0x6f3a18fb
                                                                                                                              0x6f3a18fe
                                                                                                                              0x00000000
                                                                                                                              0x6f3a1905
                                                                                                                              0x6f3a1917
                                                                                                                              0x6f3a1919
                                                                                                                              0x6f3a194c
                                                                                                                              0x6f3a1951
                                                                                                                              0x6f3a1956
                                                                                                                              0x6f3a1957
                                                                                                                              0x6f3a1959
                                                                                                                              0x00000000
                                                                                                                              0x6f3a191b
                                                                                                                              0x6f3a1920
                                                                                                                              0x6f3a1928
                                                                                                                              0x6f3a193b
                                                                                                                              0x6f3a1943
                                                                                                                              0x6f3a1948
                                                                                                                              0x6f3a194a
                                                                                                                              0x6f3a1960
                                                                                                                              0x6f3a1965
                                                                                                                              0x6f3a1968
                                                                                                                              0x6f3a1969
                                                                                                                              0x6f3a196c
                                                                                                                              0x6f3a1983
                                                                                                                              0x6f3a1995
                                                                                                                              0x6f3a199a
                                                                                                                              0x6f3a199c
                                                                                                                              0x6f3a199e
                                                                                                                              0x6f3a19c1
                                                                                                                              0x6f3a19c3
                                                                                                                              0x6f3a19c5
                                                                                                                              0x6f3a19e8
                                                                                                                              0x6f3a19ea
                                                                                                                              0x6f3a19ec
                                                                                                                              0x6f3a1a0f
                                                                                                                              0x6f3a1a11
                                                                                                                              0x6f3a1a13
                                                                                                                              0x6f3a1a36
                                                                                                                              0x6f3a1a38
                                                                                                                              0x6f3a1a3a
                                                                                                                              0x6f3a1a5a
                                                                                                                              0x6f3a1a5c
                                                                                                                              0x6f3a1a5e
                                                                                                                              0x6f3a1a7e
                                                                                                                              0x6f3a1a80
                                                                                                                              0x6f3a1a82
                                                                                                                              0x6f3a1aa2
                                                                                                                              0x6f3a1aa7
                                                                                                                              0x6f3a1aad
                                                                                                                              0x6f3a1aaf
                                                                                                                              0x6f3a1ab4
                                                                                                                              0x6f3a1ac0
                                                                                                                              0x6f3a1ac0
                                                                                                                              0x6f3a1ac0
                                                                                                                              0x6f3a1ab6
                                                                                                                              0x6f3a1ab6
                                                                                                                              0x6f3a1ab6
                                                                                                                              0x6f3a1a84
                                                                                                                              0x6f3a1a8c
                                                                                                                              0x6f3a1a92
                                                                                                                              0x6f3a1a92
                                                                                                                              0x6f3a1a60
                                                                                                                              0x6f3a1a68
                                                                                                                              0x6f3a1a6e
                                                                                                                              0x6f3a1a6e
                                                                                                                              0x6f3a1a3c
                                                                                                                              0x6f3a1a44
                                                                                                                              0x6f3a1a4a
                                                                                                                              0x6f3a1a4a
                                                                                                                              0x6f3a1a15
                                                                                                                              0x6f3a1a1d
                                                                                                                              0x6f3a1a23
                                                                                                                              0x6f3a1a23
                                                                                                                              0x6f3a19ee
                                                                                                                              0x6f3a19f6
                                                                                                                              0x6f3a19fc
                                                                                                                              0x6f3a19fc
                                                                                                                              0x6f3a19c7
                                                                                                                              0x6f3a19cf
                                                                                                                              0x6f3a19d5
                                                                                                                              0x6f3a19d5
                                                                                                                              0x6f3a19a0
                                                                                                                              0x6f3a19a8
                                                                                                                              0x6f3a19ae
                                                                                                                              0x6f3a19ae
                                                                                                                              0x6f3a1ad6
                                                                                                                              0x6f3a1ae1
                                                                                                                              0x6f3a1ae3
                                                                                                                              0x6f3a1ae5
                                                                                                                              0x6f3a1ae7
                                                                                                                              0x6f3a1ae7
                                                                                                                              0x6f3a1b19
                                                                                                                              0x6f3a1b22
                                                                                                                              0x6f3a1b2f
                                                                                                                              0x6f3a1b32
                                                                                                                              0x6f3a1b52
                                                                                                                              0x6f3a1b54
                                                                                                                              0x6f3a1b59
                                                                                                                              0x6f3a1b5e
                                                                                                                              0x6f3a1b74
                                                                                                                              0x6f3a1b74
                                                                                                                              0x6f3a1b7c
                                                                                                                              0x6f3a1b81
                                                                                                                              0x6f3a1b84
                                                                                                                              0x6f3a1b86
                                                                                                                              0x6f3a1b8c
                                                                                                                              0x00000000
                                                                                                                              0x6f3a1b8d
                                                                                                                              0x00000000
                                                                                                                              0x6f3a194a

                                                                                                                              APIs
                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?), ref: 6F3A18E3
                                                                                                                              • RtlAllocateHeap.NTDLL(00000000), ref: 6F3A18E6
                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,error,00000000,00000000), ref: 6F3A1959
                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 6F3A1B8D
                                                                                                                                • Part of subcall function 6F3A1E9C: GlobalAlloc.KERNEL32(00000040,?,?,6F3A10BE,error,?,00000104), ref: 6F3A1EB2
                                                                                                                                • Part of subcall function 6F3A1E9C: lstrcpynW.KERNEL32(00000004,?,?,6F3A10BE,error,?,00000104), ref: 6F3A1EC8
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.699359362.000000006F3A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6F3A0000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.699351571.000000006F3A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699369720.000000006F3A3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699377071.000000006F3A4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699384845.000000006F3A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6f3a0000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Heap$Process$AllocAllocateFreeGloballstrcpyn
                                                                                                                              • String ID: BUTTON$COMBOBOX$EDIT$LINK$LISTBOX$NSIS: nsControl pointer property$RICHEDIT_CLASS$RichEdit$STATIC$error
                                                                                                                              • API String ID: 1292750292-3375361224
                                                                                                                              • Opcode ID: a5a3dddf3cc7e29eaea23de4f4df0ae9caf60b8f3ccae6c947860bef7184cce1
                                                                                                                              • Instruction ID: f98e443ecbb8d62112d490b93ee98dbc159d0adc7ea371191e1eea77b9ae529d
                                                                                                                              • Opcode Fuzzy Hash: a5a3dddf3cc7e29eaea23de4f4df0ae9caf60b8f3ccae6c947860bef7184cce1
                                                                                                                              • Instruction Fuzzy Hash: 2D818272904614EBDB11EBAACD49F9EBBFCFB06314F014019E945B7251DB36A9148FA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 6FED1653 Relevance: 49.2, APIs: 19, Strings: 9, Instructions: 203memorystringthreadCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 561 6fed1653-6fed16c6 GlobalAlloc * 4 call 6fed18c6 564 6fed16cc 561->564 565 6fed1802-6fed180c call 6fed18c6 561->565 567 6fed16d2-6fed16d8 564->567 570 6fed180e-6fed1814 565->570 571 6fed1822-6fed1826 565->571 567->565 569 6fed16de-6fed16e8 lstrcmpiW 567->569 572 6fed16ea-6fed16ed 569->572 573 6fed16f2-6fed16fd lstrcmpiW 569->573 570->571 574 6fed1816-6fed181a 570->574 578 6fed1828-6fed183a call 6fed1947 GetClassNameW 571->578 579 6fed1840-6fed1844 571->579 575 6fed17ec-6fed17fc call 6fed18c6 572->575 576 6fed16ff-6fed1706 573->576 577 6fed170b-6fed1716 lstrcmpiW 573->577 574->571 583 6fed181c-6fed181d call 6fed18c6 574->583 575->565 575->567 576->575 584 6fed1718-6fed171f 577->584 585 6fed1724-6fed172f lstrcmpiW 577->585 578->579 580 6fed1846-6fed184e call 6fed1947 579->580 581 6fed1851-6fed1886 CreateThread wsprintfW call 6fed1901 579->581 580->581 600 6fed1888-6fed18a0 wait 581->600 601 6fed18a1-6fed18b3 581->601 583->571 584->575 591 6fed173d-6fed1748 lstrcmpiW 585->591 592 6fed1731-6fed1738 585->592 594 6fed174a-6fed1751 591->594 595 6fed1756-6fed1761 lstrcmpiW 591->595 592->575 594->575 598 6fed17a3-6fed17b2 call 6fed1000 595->598 599 6fed1763-6fed176d 595->599 607 6fed17ea 598->607 608 6fed17b4-6fed17c7 lstrcmpiW 598->608 599->575 602 6fed176f-6fed1781 FindWindowExW 599->602 602->575 604 6fed1783-6fed17a1 GetDlgItem wsprintfW 602->604 604->575 607->575 609 6fed17c9-6fed17d2 call 6fed1947 608->609 610 6fed17d4-6fed17df lstrcmpiW 608->610 609->607 610->607 612 6fed17e1-6fed17e7 call 6fed1947 610->612 612->607
                                                                                                                              C-Code - Quality: 89%
                                                                                                                              			E6FED1653(void* __eflags, struct HWND__* _a4, int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				struct HWND__* _v8;
				long _v12;
				short _v44;
				long _t49;
				WCHAR* _t52;
				void* _t56;
				void* _t63;
				struct HWND__* _t65;
				WCHAR* _t69;
				int _t71;
				int _t72;
				int _t73;
				int _t74;
				int _t75;
				int _t80;
				int _t81;
				struct HWND__* _t84;
				int _t88;
				struct HWND__* _t89;
				int _t91;
				void* _t92;
				void* _t103;
				void* _t105;

				_push(0x24);
				_t88 = 0x40;
				_v8 = 1;
				_t103 = GlobalAlloc(_t88, ??);
				 *0x6fed3004 = _a20;
				_t49 = _a8;
				 *0x6fed3008 = _a16;
				 *0x6fed300c = _t49;
				 *0x6fed3010 = _a12;
				 *_t103 = GlobalAlloc(_t88, _t49);
				 *((intOrPtr*)(_t103 + 4)) = GlobalAlloc(_t88, _a8);
				_t52 = GlobalAlloc(_t88, _a8);
				 *(_t103 + 0x20) =  *(_t103 + 0x20) | 0xffffffff;
				_t89 = 0;
				 *(_t103 + 0x10) = _t52;
				 *((intOrPtr*)(_t103 + 0x14)) = 0xffffff;
				 *((intOrPtr*)(_t103 + 0xc)) = 0;
				if(E6FED18C6( *_t103) != 0) {
					L24:
					if(E6FED18C6( *((intOrPtr*)(_t103 + 4))) == 0) {
						_t67 =  *(_t103 + 0x10);
						if( *( *(_t103 + 0x10)) == _t89 &&  *((intOrPtr*)(_t103 + 8)) != 1) {
							E6FED18C6(_t67);
						}
					}
					if( *((intOrPtr*)(_t103 + 8)) == 2) {
						_t65 = E6FED1947( *(_t103 + 0x10));
						 *(_t103 + 0x18) = _t65;
						GetClassNameW(_t65,  *(_t103 + 0x10), _a8);
					}
					if( *((intOrPtr*)(_t103 + 8)) == 3) {
						 *((intOrPtr*)(_t103 + 0x1c)) = E6FED1947( *(_t103 + 0x10));
					}
					_t56 = CreateThread(_t89, _t89, E6FED101D, _t103, _t89,  &_v12); // executed
					wsprintfW( &_v44, L"%u", _t56);
					E6FED1901( &_v44);
					_t118 = _v8 - _t89;
					if(_v8 == _t89) {
						return  *((intOrPtr*)(_a20 + 0xc))( *0x6fed3000, E6FED15A9);
					} else {
						_push(_a20);
						_push(_a16);
						_push(_a12);
						_push(_a8);
						_push(_a4);
						_t63 = E6FED15AC(_t118); // executed
						return _t63;
					}
				} else {
					while(1) {
						_t69 =  *_t103;
						if( *_t69 != 0x2f) {
							goto L24;
						} else {
							if(lstrcmpiW(_t69, L"/ASYNC") != 0) {
								_t71 = lstrcmpiW( *_t103, L"/DISABLEFSR");
								__eflags = _t71;
								if(_t71 != 0) {
									_t72 = lstrcmpiW( *_t103, L"/TOSTACK");
									__eflags = _t72;
									if(_t72 != 0) {
										_t73 = lstrcmpiW( *_t103, L"/TOWINDOW");
										__eflags = _t73;
										if(_t73 != 0) {
											_t74 = lstrcmpiW( *_t103, L"/TOFUNC");
											__eflags = _t74;
											if(_t74 != 0) {
												_t75 = lstrcmpiW( *_t103, L"/DETAILED");
												__eflags = _t75;
												if(_t75 != 0) {
													_t91 = E6FED1000( *_t103, 0x3d);
													__eflags = _t91;
													if(_t91 != 0) {
														 *_t91 = 0;
														_t92 = _t91 + 2;
														_t80 = lstrcmpiW( *_t103, L"/TIMEOUT");
														__eflags = _t80;
														if(_t80 != 0) {
															_t81 = lstrcmpiW( *_t103, L"/ENDFUNC");
															__eflags = _t81;
															if(_t81 == 0) {
																 *(_t103 + 0x20) = E6FED1947(_t92);
															}
														} else {
															 *((intOrPtr*)(_t103 + 0x14)) = E6FED1947(_t92);
														}
													}
													_t89 = 0;
													__eflags = 0;
												} else {
													 *((intOrPtr*)(_t103 + 8)) = 2;
													__eflags = _a4 - _t89;
													if(_a4 != _t89) {
														_t84 = FindWindowExW(_a4, _t89, L"#32770", _t89);
														__eflags = _t84 - _t89;
														if(_t84 != _t89) {
															wsprintfW( *(_t103 + 0x10), L"%d", GetDlgItem(_t84, 0x3f8));
															_t105 = _t105 + 0xc;
														}
													}
												}
											} else {
												 *((intOrPtr*)(_t103 + 8)) = 3;
											}
										} else {
											 *((intOrPtr*)(_t103 + 8)) = 2;
										}
									} else {
										 *((intOrPtr*)(_t103 + 8)) = 1;
									}
								} else {
									 *((intOrPtr*)(_t103 + 0xc)) = 1;
								}
							} else {
								_v8 = _t89;
							}
						}
						 *( *_t103) = 0;
						if(E6FED18C6( *_t103) == 0) {
							continue;
						}
						goto L24;
					}
					goto L24;
				}
			}


























                                                                                                                              0x6fed1662
                                                                                                                              0x6fed1666
                                                                                                                              0x6fed1668
                                                                                                                              0x6fed1674
                                                                                                                              0x6fed1679
                                                                                                                              0x6fed167e
                                                                                                                              0x6fed1681
                                                                                                                              0x6fed168c
                                                                                                                              0x6fed1691
                                                                                                                              0x6fed169c
                                                                                                                              0x6fed16a4
                                                                                                                              0x6fed16a8
                                                                                                                              0x6fed16ac
                                                                                                                              0x6fed16b0
                                                                                                                              0x6fed16b2
                                                                                                                              0x6fed16b5
                                                                                                                              0x6fed16bc
                                                                                                                              0x6fed16c6
                                                                                                                              0x6fed1802
                                                                                                                              0x6fed180c
                                                                                                                              0x6fed180e
                                                                                                                              0x6fed1814
                                                                                                                              0x6fed181d
                                                                                                                              0x6fed181d
                                                                                                                              0x6fed1814
                                                                                                                              0x6fed1826
                                                                                                                              0x6fed182b
                                                                                                                              0x6fed1833
                                                                                                                              0x6fed183a
                                                                                                                              0x6fed183a
                                                                                                                              0x6fed1844
                                                                                                                              0x6fed184e
                                                                                                                              0x6fed184e
                                                                                                                              0x6fed185e
                                                                                                                              0x6fed186e
                                                                                                                              0x6fed187b
                                                                                                                              0x6fed1880
                                                                                                                              0x6fed1886
                                                                                                                              0x6fed18b3
                                                                                                                              0x6fed1888
                                                                                                                              0x6fed1888
                                                                                                                              0x6fed188b
                                                                                                                              0x6fed188e
                                                                                                                              0x6fed1891
                                                                                                                              0x6fed1894
                                                                                                                              0x6fed1897
                                                                                                                              0x6fed18a0
                                                                                                                              0x6fed18a0
                                                                                                                              0x6fed16cc
                                                                                                                              0x6fed16d2
                                                                                                                              0x6fed16d2
                                                                                                                              0x6fed16d8
                                                                                                                              0x00000000
                                                                                                                              0x6fed16de
                                                                                                                              0x6fed16e8
                                                                                                                              0x6fed16f9
                                                                                                                              0x6fed16fb
                                                                                                                              0x6fed16fd
                                                                                                                              0x6fed1712
                                                                                                                              0x6fed1714
                                                                                                                              0x6fed1716
                                                                                                                              0x6fed172b
                                                                                                                              0x6fed172d
                                                                                                                              0x6fed172f
                                                                                                                              0x6fed1744
                                                                                                                              0x6fed1746
                                                                                                                              0x6fed1748
                                                                                                                              0x6fed175d
                                                                                                                              0x6fed175f
                                                                                                                              0x6fed1761
                                                                                                                              0x6fed17ac
                                                                                                                              0x6fed17b0
                                                                                                                              0x6fed17b2
                                                                                                                              0x6fed17b6
                                                                                                                              0x6fed17c0
                                                                                                                              0x6fed17c3
                                                                                                                              0x6fed17c5
                                                                                                                              0x6fed17c7
                                                                                                                              0x6fed17db
                                                                                                                              0x6fed17dd
                                                                                                                              0x6fed17df
                                                                                                                              0x6fed17e7
                                                                                                                              0x6fed17e7
                                                                                                                              0x6fed17c9
                                                                                                                              0x6fed17cf
                                                                                                                              0x6fed17cf
                                                                                                                              0x6fed17c7
                                                                                                                              0x6fed17ea
                                                                                                                              0x6fed17ea
                                                                                                                              0x6fed1763
                                                                                                                              0x6fed1763
                                                                                                                              0x6fed176a
                                                                                                                              0x6fed176d
                                                                                                                              0x6fed1779
                                                                                                                              0x6fed177f
                                                                                                                              0x6fed1781
                                                                                                                              0x6fed1798
                                                                                                                              0x6fed179e
                                                                                                                              0x6fed179e
                                                                                                                              0x6fed1781
                                                                                                                              0x6fed176d
                                                                                                                              0x6fed174a
                                                                                                                              0x6fed174a
                                                                                                                              0x6fed174a
                                                                                                                              0x6fed1731
                                                                                                                              0x6fed1731
                                                                                                                              0x6fed1731
                                                                                                                              0x6fed1718
                                                                                                                              0x6fed1718
                                                                                                                              0x6fed1718
                                                                                                                              0x6fed16ff
                                                                                                                              0x6fed16ff
                                                                                                                              0x6fed16ff
                                                                                                                              0x6fed16ea
                                                                                                                              0x6fed16ea
                                                                                                                              0x6fed16ea
                                                                                                                              0x6fed16e8
                                                                                                                              0x6fed17f0
                                                                                                                              0x6fed17fc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6fed17fc
                                                                                                                              0x00000000
                                                                                                                              0x6fed16d2

                                                                                                                              APIs
                                                                                                                              • GlobalAlloc.KERNEL32(00000040,00000024), ref: 6FED166F
                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?), ref: 6FED1697
                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?), ref: 6FED169F
                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?), ref: 6FED16A8
                                                                                                                                • Part of subcall function 6FED18C6: lstrcpyW.KERNEL32 ref: 6FED18DF
                                                                                                                                • Part of subcall function 6FED18C6: GlobalFree.KERNEL32 ref: 6FED18F0
                                                                                                                              • lstrcmpiW.KERNEL32(00000000,/ASYNC,00000000), ref: 6FED16E4
                                                                                                                              • lstrcmpiW.KERNEL32(00000000,/DISABLEFSR), ref: 6FED16F9
                                                                                                                              • GetClassNameW.USER32 ref: 6FED183A
                                                                                                                              • CreateThread.KERNELBASE ref: 6FED185E
                                                                                                                              • wsprintfW.USER32 ref: 6FED186E
                                                                                                                              • wait.EXECDOS(00000003,?,?,00FFFFFF,?), ref: 6FED1897
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.699472199.000000006FED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FED0000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.699464369.000000006FED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699480141.000000006FED2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699488485.000000006FED4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6fed0000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Global$Alloc$lstrcmpi$ClassCreateFreeNameThreadlstrcpywaitwsprintf
                                                                                                                              • String ID: #32770$/ASYNC$/DETAILED$/DISABLEFSR$/ENDFUNC$/TIMEOUT$/TOFUNC$/TOSTACK$/TOWINDOW
                                                                                                                              • API String ID: 157665186-167157925
                                                                                                                              • Opcode ID: 5d68c6b50501e2ae8a911614610b1457b1dfd6072cf803e3474ef23eaedf211a
                                                                                                                              • Instruction ID: c91323ed5362febdf8cd0631c97905c748d73c6365166a2eacd2d2b624d47db9
                                                                                                                              • Opcode Fuzzy Hash: 5d68c6b50501e2ae8a911614610b1457b1dfd6072cf803e3474ef23eaedf211a
                                                                                                                              • Instruction Fuzzy Hash: AD619CB4404305EFEB20AFB4DC84D4ABFFAFF06358B208529F59596A61D739E852CB50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00403D17 Relevance: 45.7, APIs: 13, Strings: 13, Instructions: 215stringregistryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 616 403d17-403d2f call 406a35 619 403d31-403d41 call 4065af 616->619 620 403d43-403d7a call 406536 616->620 629 403d9d-403dc6 call 403fed call 40603f 619->629 625 403d92-403d98 lstrcatW 620->625 626 403d7c-403d8d call 406536 620->626 625->629 626->625 634 403e58-403e60 call 40603f 629->634 635 403dcc-403dd1 629->635 641 403e62-403e69 call 4066a5 634->641 642 403e6e-403e93 LoadImageW 634->642 635->634 636 403dd7-403df1 call 406536 635->636 640 403df6-403dff 636->640 640->634 643 403e01-403e05 640->643 641->642 645 403f14-403f1c call 40140b 642->645 646 403e95-403ec5 RegisterClassW 642->646 647 403e17-403e23 lstrlenW 643->647 648 403e07-403e14 call 405f64 643->648 657 403f26-403f31 call 403fed 645->657 658 403f1e-403f21 645->658 649 403fe3 646->649 650 403ecb-403f0f SystemParametersInfoW CreateWindowExW 646->650 654 403e25-403e33 lstrcmpiW 647->654 655 403e4b-403e53 call 405f37 call 406668 647->655 648->647 653 403fe5-403fec 649->653 650->645 654->655 661 403e35-403e3f GetFileAttributesW 654->661 655->634 669 403f37-403f51 ShowWindow call 4069c5 657->669 670 403fba-403fbb call 40579d 657->670 658->653 664 403e41-403e43 661->664 665 403e45-403e46 call 405f83 661->665 664->655 664->665 665->655 677 403f53-403f58 call 4069c5 669->677 678 403f5d-403f6f GetClassInfoW 669->678 673 403fc0-403fc2 670->673 675 403fc4-403fca 673->675 676 403fdc-403fde call 40140b 673->676 675->658 679 403fd0-403fd7 call 40140b 675->679 676->649 677->678 682 403f71-403f81 GetClassInfoW RegisterClassW 678->682 683 403f87-403faa DialogBoxParamW call 40140b 678->683 679->658 682->683 687 403faf-403fb8 call 403c67 683->687 687->653
                                                                                                                              C-Code - Quality: 96%
                                                                                                                              			E00403D17(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t22;
				void* _t30;
				void* _t32;
				int _t33;
				void* _t36;
				int _t39;
				int _t40;
				int _t44;
				short _t63;
				WCHAR* _t65;
				signed char _t69;
				WCHAR* _t76;
				intOrPtr _t82;
				WCHAR* _t87;

				_t82 =  *0x42a270;
				_t22 = E00406A35(2);
				_t90 = _t22;
				if(_t22 == 0) {
					_t76 = 0x423748;
					L"1033" = 0x30;
					 *0x437002 = 0x78;
					 *0x437004 = 0;
					E00406536(_t78, __eflags, 0x80000001, L"Control Panel\\Desktop\\ResourceLocale", 0, 0x423748, 0);
					__eflags =  *0x423748;
					if(__eflags == 0) {
						E00406536(_t78, __eflags, 0x80000003, L".DEFAULT\\Control Panel\\International",  &M004083D4, 0x423748, 0);
					}
					lstrcatW(L"1033", _t76);
				} else {
					E004065AF(L"1033",  *_t22() & 0x0000ffff);
				}
				E00403FED(_t78, _t90);
				_t86 = L"C:\\Program Files (x86)\\Winamp";
				 *0x42a2e0 =  *0x42a278 & 0x00000020;
				 *0x42a2fc = 0x10000;
				if(E0040603F(_t90, L"C:\\Program Files (x86)\\Winamp") != 0) {
					L16:
					if(E0040603F(_t98, _t86) == 0) {
						E004066A5(_t76, 0, _t82, _t86,  *((intOrPtr*)(_t82 + 0x118))); // executed
					}
					_t30 = LoadImageW( *0x42a260, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x429248 = _t30;
					if( *((intOrPtr*)(_t82 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t32 = E00403FED(_t78, __eflags);
							__eflags =  *0x42a300;
							if( *0x42a300 != 0) {
								_t33 = E0040579D(_t32, 0);
								__eflags = _t33;
								if(_t33 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42922c;
								if( *0x42922c == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x423728, 5); // executed
							_t39 = E004069C5("RichEd20"); // executed
							__eflags = _t39;
							if(_t39 == 0) {
								E004069C5("RichEd32");
							}
							_t87 = L"RichEdit20W";
							_t40 = GetClassInfoW(0, _t87, 0x429200);
							__eflags = _t40;
							if(_t40 == 0) {
								GetClassInfoW(0, L"RichEdit", 0x429200);
								 *0x429224 = _t87;
								RegisterClassW(0x429200);
							}
							_t44 = DialogBoxParamW( *0x42a260,  *0x429240 + 0x00000069 & 0x0000ffff, 0, E004040C5, 0); // executed
							E00403C67(E0040140B(5), 1);
							return _t44;
						}
						L22:
						_t36 = 2;
						return _t36;
					} else {
						_t78 =  *0x42a260;
						 *0x429204 = E00401000;
						 *0x429210 =  *0x42a260;
						 *0x429214 = _t30;
						 *0x429224 = 0x40a3b4;
						if(RegisterClassW(0x429200) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoW(0x30, 0,  &_v16, 0);
						 *0x423728 = CreateWindowExW(0x80, 0x40a3b4, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x42a260, 0);
						goto L21;
					}
				} else {
					_t78 =  *(_t82 + 0x48);
					_t92 = _t78;
					if(_t78 == 0) {
						goto L16;
					}
					_t76 = 0x428200;
					E00406536(_t78, _t92,  *((intOrPtr*)(_t82 + 0x44)),  *0x42a298 + _t78 * 2,  *0x42a298 +  *(_t82 + 0x4c) * 2, 0x428200, 0);
					_t63 =  *0x428200; // 0x43
					if(_t63 == 0) {
						goto L16;
					}
					if(_t63 == 0x22) {
						_t76 = 0x428202;
						 *((short*)(E00405F64(0x428202, 0x22))) = 0;
					}
					_t65 = _t76 + lstrlenW(_t76) * 2 - 8;
					if(_t65 <= _t76 || lstrcmpiW(_t65, L".exe") != 0) {
						L15:
						E00406668(_t86, E00405F37(_t76));
						goto L16;
					} else {
						_t69 = GetFileAttributesW(_t76);
						if(_t69 == 0xffffffff) {
							L14:
							E00405F83(_t76);
							goto L15;
						}
						_t98 = _t69 & 0x00000010;
						if((_t69 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}
























                                                                                                                              0x00403d1d
                                                                                                                              0x00403d26
                                                                                                                              0x00403d2d
                                                                                                                              0x00403d2f
                                                                                                                              0x00403d43
                                                                                                                              0x00403d55
                                                                                                                              0x00403d5e
                                                                                                                              0x00403d67
                                                                                                                              0x00403d6e
                                                                                                                              0x00403d73
                                                                                                                              0x00403d7a
                                                                                                                              0x00403d8d
                                                                                                                              0x00403d8d
                                                                                                                              0x00403d98
                                                                                                                              0x00403d31
                                                                                                                              0x00403d3c
                                                                                                                              0x00403d3c
                                                                                                                              0x00403d9d
                                                                                                                              0x00403da7
                                                                                                                              0x00403db0
                                                                                                                              0x00403db5
                                                                                                                              0x00403dc6
                                                                                                                              0x00403e58
                                                                                                                              0x00403e60
                                                                                                                              0x00403e69
                                                                                                                              0x00403e69
                                                                                                                              0x00403e7f
                                                                                                                              0x00403e85
                                                                                                                              0x00403e93
                                                                                                                              0x00403f14
                                                                                                                              0x00403f1c
                                                                                                                              0x00403f26
                                                                                                                              0x00403f2b
                                                                                                                              0x00403f31
                                                                                                                              0x00403fbb
                                                                                                                              0x00403fc0
                                                                                                                              0x00403fc2
                                                                                                                              0x00403fde
                                                                                                                              0x00000000
                                                                                                                              0x00403fde
                                                                                                                              0x00403fc4
                                                                                                                              0x00403fca
                                                                                                                              0x00403fd2
                                                                                                                              0x00403fd2
                                                                                                                              0x00000000
                                                                                                                              0x00403fca
                                                                                                                              0x00403f3f
                                                                                                                              0x00403f4a
                                                                                                                              0x00403f4f
                                                                                                                              0x00403f51
                                                                                                                              0x00403f58
                                                                                                                              0x00403f58
                                                                                                                              0x00403f63
                                                                                                                              0x00403f6b
                                                                                                                              0x00403f6d
                                                                                                                              0x00403f6f
                                                                                                                              0x00403f78
                                                                                                                              0x00403f7b
                                                                                                                              0x00403f81
                                                                                                                              0x00403f81
                                                                                                                              0x00403fa0
                                                                                                                              0x00403fb1
                                                                                                                              0x00000000
                                                                                                                              0x00403fb6
                                                                                                                              0x00403f1e
                                                                                                                              0x00403f20
                                                                                                                              0x00000000
                                                                                                                              0x00403e95
                                                                                                                              0x00403e95
                                                                                                                              0x00403ea1
                                                                                                                              0x00403eab
                                                                                                                              0x00403eb1
                                                                                                                              0x00403eb6
                                                                                                                              0x00403ec5
                                                                                                                              0x00403fe3
                                                                                                                              0x00403fe3
                                                                                                                              0x00000000
                                                                                                                              0x00403fe3
                                                                                                                              0x00403ed4
                                                                                                                              0x00403f0f
                                                                                                                              0x00000000
                                                                                                                              0x00403f0f
                                                                                                                              0x00403dcc
                                                                                                                              0x00403dcc
                                                                                                                              0x00403dcf
                                                                                                                              0x00403dd1
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403ddf
                                                                                                                              0x00403df1
                                                                                                                              0x00403df6
                                                                                                                              0x00403dff
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403e05
                                                                                                                              0x00403e07
                                                                                                                              0x00403e14
                                                                                                                              0x00403e14
                                                                                                                              0x00403e1d
                                                                                                                              0x00403e23
                                                                                                                              0x00403e4b
                                                                                                                              0x00403e53
                                                                                                                              0x00000000
                                                                                                                              0x00403e35
                                                                                                                              0x00403e36
                                                                                                                              0x00403e3f
                                                                                                                              0x00403e45
                                                                                                                              0x00403e46
                                                                                                                              0x00000000
                                                                                                                              0x00403e46
                                                                                                                              0x00403e41
                                                                                                                              0x00403e43
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403e43
                                                                                                                              0x00403e23

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 00406A35: GetModuleHandleA.KERNEL32(?,00000020,?,00403750,0000000B), ref: 00406A47
                                                                                                                                • Part of subcall function 00406A35: GetProcAddress.KERNEL32(00000000,?), ref: 00406A62
                                                                                                                              • lstrcatW.KERNEL32(1033,00423748), ref: 00403D98
                                                                                                                              • lstrlenW.KERNEL32(C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\xml\xui\titlebar,?,?,?,C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\xml\xui\titlebar,00000000,C:\Program Files (x86)\Winamp,1033,00423748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423748,00000000,00000002,76DDFAA0), ref: 00403E18
                                                                                                                              • lstrcmpiW.KERNEL32(?,.exe,C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\xml\xui\titlebar,?,?,?,C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\xml\xui\titlebar,00000000,C:\Program Files (x86)\Winamp,1033,00423748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423748,00000000), ref: 00403E2B
                                                                                                                              • GetFileAttributesW.KERNEL32(C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\xml\xui\titlebar,?,00000000,?), ref: 00403E36
                                                                                                                              • LoadImageW.USER32 ref: 00403E7F
                                                                                                                                • Part of subcall function 004065AF: wsprintfW.USER32 ref: 004065BC
                                                                                                                              • RegisterClassW.USER32 ref: 00403EBC
                                                                                                                              • SystemParametersInfoW.USER32 ref: 00403ED4
                                                                                                                              • CreateWindowExW.USER32 ref: 00403F09
                                                                                                                              • ShowWindow.USER32(00000005,00000000,?,00000000,?), ref: 00403F3F
                                                                                                                              • GetClassInfoW.USER32 ref: 00403F6B
                                                                                                                              • GetClassInfoW.USER32 ref: 00403F78
                                                                                                                              • RegisterClassW.USER32 ref: 00403F81
                                                                                                                              • DialogBoxParamW.USER32 ref: 00403FA0
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                              • String ID: .DEFAULT\Control Panel\International$.exe$1033$C:\Program Files (x86)\Winamp$C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\xml\xui\titlebar$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$H7B$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                                                              • API String ID: 1975747703-3514631714
                                                                                                                              • Opcode ID: 78a63079156de9a95659751e2075cee6996798d0e51b0c114acce594fd97feca
                                                                                                                              • Instruction ID: e235badc60aeba35c86cf297cd954ec43a22164425911800af60bc979c7621a1
                                                                                                                              • Opcode Fuzzy Hash: 78a63079156de9a95659751e2075cee6996798d0e51b0c114acce594fd97feca
                                                                                                                              • Instruction Fuzzy Hash: E661D570640201BAD730AF66AD45E2B3A7CEB84B49F40457FF945B22E1DB3D5911CA3D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00404783 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 690 404783-404795 691 4048b5-4048c2 690->691 692 40479b-4047a3 690->692 693 4048c4-4048cd 691->693 694 40491f-404923 691->694 695 4047a5-4047b4 692->695 696 4047b6-4047da 692->696 701 4048d3-4048d9 693->701 702 4049f8 693->702 699 4049e9-4049f0 694->699 700 404929-404941 GetDlgItem 694->700 695->696 697 4047e3-40485e call 4045c4 * 2 CheckDlgButton call 4045e6 GetDlgItem call 4045f9 SendMessageW 696->697 698 4047dc 696->698 732 404860-404863 GetSysColor 697->732 733 404869-4048b0 SendMessageW * 2 lstrlenW SendMessageW * 2 697->733 698->697 699->702 705 4049f2 699->705 707 404943-40494a 700->707 708 4049aa-4049b1 700->708 701->702 703 4048df-4048ea 701->703 706 4049fb-404a02 call 40462b 702->706 703->702 709 4048f0-40491a GetDlgItem SendMessageW call 4045e6 call 404a0e 703->709 705->702 716 404a07-404a0b 706->716 707->708 712 40494c-404967 707->712 708->706 713 4049b3-4049ba 708->713 709->694 712->708 717 404969-4049a7 SendMessageW LoadCursorW SetCursor call 404a32 LoadCursorW SetCursor 712->717 713->706 718 4049bc-4049c0 713->718 717->708 722 4049d2-4049d6 718->722 723 4049c2-4049d0 SendMessageW 718->723 724 4049e4-4049e7 722->724 725 4049d8-4049e2 SendMessageW 722->725 723->722 724->716 725->724 732->733 733->716
                                                                                                                              C-Code - Quality: 91%
                                                                                                                              			E00404783(struct HWND__* _a4, int _a8, unsigned int _a12, WCHAR* _a16) {
				intOrPtr _v8;
				int _v12;
				void* _v16;
				struct HWND__* _t56;
				intOrPtr _t69;
				signed int _t75;
				signed short* _t76;
				signed short* _t78;
				long _t92;
				int _t103;
				signed int _t110;
				intOrPtr _t113;
				WCHAR* _t114;
				signed int* _t116;
				WCHAR* _t117;
				struct HWND__* _t118;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L13:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x421714 =  *0x421714 + 1;
							}
							L27:
							_t114 = _a16;
							L28:
							return E0040462B(_a8, _a12, _t114);
						}
						_t56 = GetDlgItem(_a4, 0x3e8);
						_t114 = _a16;
						if( *((intOrPtr*)(_t114 + 8)) == 0x70b &&  *((intOrPtr*)(_t114 + 0xc)) == 0x201) {
							_t103 =  *((intOrPtr*)(_t114 + 0x1c));
							_t113 =  *((intOrPtr*)(_t114 + 0x18));
							_v12 = _t103;
							_v16 = _t113;
							_v8 = 0x428200;
							if(_t103 - _t113 < 0x800) {
								SendMessageW(_t56, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorW(0, 0x7f02));
								_push(1);
								E00404A32(_a4, _v8);
								SetCursor(LoadCursorW(0, 0x7f00));
								_t114 = _a16;
							}
						}
						if( *((intOrPtr*)(_t114 + 8)) != 0x700 ||  *((intOrPtr*)(_t114 + 0xc)) != 0x100) {
							goto L28;
						} else {
							if( *((intOrPtr*)(_t114 + 0x10)) == 0xd) {
								SendMessageW( *0x42a268, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t114 + 0x10)) == 0x1b) {
								SendMessageW( *0x42a268, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x421714 != 0) {
						goto L27;
					} else {
						_t69 =  *0x422720; // 0x54f224
						_t29 = _t69 + 0x14; // 0x54f238
						_t116 = _t29;
						if(( *_t116 & 0x00000020) == 0) {
							goto L27;
						}
						 *_t116 =  *_t116 & 0xfffffffe | SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E004045E6(SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E00404A0E();
						goto L13;
					}
				}
				_t117 = _a16;
				_t75 =  *(_t117 + 0x30);
				if(_t75 < 0) {
					_t75 =  *( *0x42923c - 4 + _t75 * 4);
				}
				_t76 =  *0x42a298 + _t75 * 2;
				_t110 =  *_t76 & 0x0000ffff;
				_a8 = _t110;
				_t78 =  &(_t76[1]);
				_a16 = _t78;
				_v16 = _t78;
				_v12 = 0;
				_v8 = E00404734;
				if(_t110 != 2) {
					_v8 = E004046FA;
				}
				_push( *((intOrPtr*)(_t117 + 0x34)));
				_push(0x22);
				E004045C4(_a4);
				_push( *((intOrPtr*)(_t117 + 0x38)));
				_push(0x23);
				E004045C4(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E004045E6( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001);
				_t118 = GetDlgItem(_a4, 0x3e8);
				E004045F9(_t118);
				SendMessageW(_t118, 0x45b, 1, 0);
				_t92 =  *( *0x42a270 + 0x68);
				if(_t92 < 0) {
					_t92 = GetSysColor( ~_t92);
				}
				SendMessageW(_t118, 0x443, 0, _t92);
				SendMessageW(_t118, 0x445, 0, 0x4010000);
				SendMessageW(_t118, 0x435, 0, lstrlenW(_a16));
				 *0x421714 = 0;
				SendMessageW(_t118, 0x449, _a8,  &_v16); // executed
				 *0x421714 = 0;
				return 0;
			}



















                                                                                                                              0x00404795
                                                                                                                              0x004048c2
                                                                                                                              0x0040491f
                                                                                                                              0x00404923
                                                                                                                              0x004049f0
                                                                                                                              0x004049f2
                                                                                                                              0x004049f2
                                                                                                                              0x004049f8
                                                                                                                              0x004049f8
                                                                                                                              0x004049fb
                                                                                                                              0x00000000
                                                                                                                              0x00404a02
                                                                                                                              0x00404931
                                                                                                                              0x00404937
                                                                                                                              0x00404941
                                                                                                                              0x0040494c
                                                                                                                              0x0040494f
                                                                                                                              0x00404952
                                                                                                                              0x0040495d
                                                                                                                              0x00404960
                                                                                                                              0x00404967
                                                                                                                              0x00404974
                                                                                                                              0x00404985
                                                                                                                              0x0040498b
                                                                                                                              0x00404993
                                                                                                                              0x004049a1
                                                                                                                              0x004049a7
                                                                                                                              0x004049a7
                                                                                                                              0x00404967
                                                                                                                              0x004049b1
                                                                                                                              0x00000000
                                                                                                                              0x004049bc
                                                                                                                              0x004049c0
                                                                                                                              0x004049d0
                                                                                                                              0x004049d0
                                                                                                                              0x004049d6
                                                                                                                              0x004049e2
                                                                                                                              0x004049e2
                                                                                                                              0x00000000
                                                                                                                              0x004049e6
                                                                                                                              0x004049b1
                                                                                                                              0x004048cd
                                                                                                                              0x00000000
                                                                                                                              0x004048df
                                                                                                                              0x004048df
                                                                                                                              0x004048e4
                                                                                                                              0x004048e4
                                                                                                                              0x004048ea
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00404913
                                                                                                                              0x00404915
                                                                                                                              0x0040491a
                                                                                                                              0x00000000
                                                                                                                              0x0040491a
                                                                                                                              0x004048cd
                                                                                                                              0x0040479b
                                                                                                                              0x0040479e
                                                                                                                              0x004047a3
                                                                                                                              0x004047b4
                                                                                                                              0x004047b4
                                                                                                                              0x004047bc
                                                                                                                              0x004047bf
                                                                                                                              0x004047c3
                                                                                                                              0x004047c6
                                                                                                                              0x004047ca
                                                                                                                              0x004047cd
                                                                                                                              0x004047d0
                                                                                                                              0x004047d3
                                                                                                                              0x004047da
                                                                                                                              0x004047dc
                                                                                                                              0x004047dc
                                                                                                                              0x004047e6
                                                                                                                              0x004047f3
                                                                                                                              0x004047fd
                                                                                                                              0x00404802
                                                                                                                              0x00404805
                                                                                                                              0x0040480a
                                                                                                                              0x00404821
                                                                                                                              0x00404828
                                                                                                                              0x0040483b
                                                                                                                              0x0040483e
                                                                                                                              0x00404852
                                                                                                                              0x00404859
                                                                                                                              0x0040485e
                                                                                                                              0x00404863
                                                                                                                              0x00404863
                                                                                                                              0x00404871
                                                                                                                              0x0040487f
                                                                                                                              0x00404891
                                                                                                                              0x00404896
                                                                                                                              0x004048a6
                                                                                                                              0x004048a8
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404821
                                                                                                                              • GetDlgItem.USER32 ref: 00404835
                                                                                                                              • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404852
                                                                                                                              • GetSysColor.USER32(?), ref: 00404863
                                                                                                                              • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404871
                                                                                                                              • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 0040487F
                                                                                                                              • lstrlenW.KERNEL32(?), ref: 00404884
                                                                                                                              • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404891
                                                                                                                              • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004048A6
                                                                                                                              • GetDlgItem.USER32 ref: 004048FF
                                                                                                                              • SendMessageW.USER32(00000000), ref: 00404906
                                                                                                                              • GetDlgItem.USER32 ref: 00404931
                                                                                                                              • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404974
                                                                                                                              • LoadCursorW.USER32(00000000,00007F02), ref: 00404982
                                                                                                                              • SetCursor.USER32(00000000), ref: 00404985
                                                                                                                              • LoadCursorW.USER32(00000000,00007F00), ref: 0040499E
                                                                                                                              • SetCursor.USER32(00000000), ref: 004049A1
                                                                                                                              • SendMessageW.USER32(00000111,00000001,00000000), ref: 004049D0
                                                                                                                              • SendMessageW.USER32(00000010,00000000,00000000), ref: 004049E2
                                                                                                                              Strings
                                                                                                                              • N, xrefs: 0040491F
                                                                                                                              • C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\xml\xui\titlebar, xrefs: 00404960
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                                                              • String ID: C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\xml\xui\titlebar$N
                                                                                                                              • API String ID: 3103080414-1879993328
                                                                                                                              • Opcode ID: 7b7ce6e7f04c0852b245e81234b58653da2c4cab9b10fb98097c13f3cf17b06e
                                                                                                                              • Instruction ID: 690b4d321b533a2a97605fa3f7bb2423a24794fe1ec6c961d913f822d5f12d1b
                                                                                                                              • Opcode Fuzzy Hash: 7b7ce6e7f04c0852b245e81234b58653da2c4cab9b10fb98097c13f3cf17b06e
                                                                                                                              • Instruction Fuzzy Hash: AB6181F1900209FFDB109F61CD85A6A7B69FB84304F00813AF705B62E0C7799951DFA9
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004030D0 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 204memoryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 837 4030d0-40311e GetTickCount GetModuleFileNameW call 406158 840 403120-403125 837->840 841 40312a-403158 call 406668 call 405f83 call 406668 GetFileSize 837->841 842 40336a-40336e 840->842 849 403243-403251 call 40302e 841->849 850 40315e 841->850 856 403322-403327 849->856 857 403257-40325a 849->857 852 403163-40317a 850->852 854 40317c 852->854 855 40317e-403187 call 4035e2 852->855 854->855 863 40318d-403194 855->863 864 4032de-4032e6 call 40302e 855->864 856->842 859 403286-4032d2 GlobalAlloc call 406b90 call 406187 CreateFileW 857->859 860 40325c-403274 call 4035f8 call 4035e2 857->860 885 4032d4-4032d9 859->885 886 4032e8-403318 call 4035f8 call 403371 859->886 860->856 888 40327a-403280 860->888 869 403210-403214 863->869 870 403196-4031aa call 406113 863->870 864->856 874 403216-40321d call 40302e 869->874 875 40321e-403224 869->875 870->875 884 4031ac-4031b3 870->884 874->875 881 403233-40323b 875->881 882 403226-403230 call 406b22 875->882 881->852 887 403241 881->887 882->881 884->875 891 4031b5-4031bc 884->891 885->842 898 40331d-403320 886->898 887->849 888->856 888->859 891->875 893 4031be-4031c5 891->893 893->875 895 4031c7-4031ce 893->895 895->875 897 4031d0-4031f0 895->897 897->856 899 4031f6-4031fa 897->899 898->856 900 403329-40333a 898->900 901 403202-40320a 899->901 902 4031fc-403200 899->902 903 403342-403347 900->903 904 40333c 900->904 901->875 906 40320c-40320e 901->906 902->887 902->901 905 403348-40334e 903->905 904->903 905->905 907 403350-403368 call 406113 905->907 906->875 907->842
                                                                                                                              C-Code - Quality: 99%
                                                                                                                              			E004030D0(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				short _v560;
				signed int _t54;
				void* _t57;
				void* _t62;
				intOrPtr _t65;
				void* _t68;
				intOrPtr* _t70;
				intOrPtr _t71;
				signed int _t77;
				signed int _t82;
				signed int _t83;
				signed int _t89;
				intOrPtr _t92;
				long _t94;
				signed int _t102;
				signed int _t104;
				void* _t106;
				signed int _t107;
				signed int _t110;
				void* _t111;

				_t94 = 0;
				_v8 = 0;
				_v12 = 0;
				 *0x42a26c = GetTickCount() + 0x3e8;
				GetModuleFileNameW(0, L"C:\\Users\\alfons\\Desktop\\winamp59_9999_rc1_full_en-us.exe", 0x400);
				_t106 = E00406158(L"C:\\Users\\alfons\\Desktop\\winamp59_9999_rc1_full_en-us.exe", 0x80000000, 3);
				 *0x40a018 = _t106;
				if(_t106 == 0xffffffff) {
					return L"Error launching installer";
				}
				E00406668(L"C:\\Users\\alfons\\Desktop", L"C:\\Users\\alfons\\Desktop\\winamp59_9999_rc1_full_en-us.exe");
				E00406668(0x439000, E00405F83(L"C:\\Users\\alfons\\Desktop"));
				_t54 = GetFileSize(_t106, 0);
				__eflags = _t54;
				 *0x420f00 = _t54;
				_t110 = _t54;
				if(_t54 <= 0) {
					L24:
					E0040302E(1);
					__eflags =  *0x42a274 - _t94;
					if( *0x42a274 == _t94) {
						goto L32;
					}
					__eflags = _v12 - _t94;
					if(_v12 == _t94) {
						L28:
						_t57 = GlobalAlloc(0x40, _v20); // executed
						_t111 = _t57;
						E00406B90(0x40ce68);
						E00406187(0x40ce68,  &_v560, L"C:\\Users\\alfons\\AppData\\Local\\Temp\\"); // executed
						_t62 = CreateFileW( &_v560, 0xc0000000, _t94, _t94, 2, 0x4000100, _t94); // executed
						__eflags = _t62 - 0xffffffff;
						 *0x40a01c = _t62;
						if(_t62 != 0xffffffff) {
							_t65 = E004035F8( *0x42a274 + 0x1c);
							 *0x420f04 = _t65;
							 *0x420ef8 = _t65 - ( !_v40 & 0x00000004) + _v16 - 0x1c; // executed
							_t68 = E00403371(_v16, 0xffffffff, _t94, _t111, _v20); // executed
							__eflags = _t68 - _v20;
							if(_t68 == _v20) {
								__eflags = _v40 & 0x00000001;
								 *0x42a270 = _t111;
								 *0x42a278 =  *_t111;
								if((_v40 & 0x00000001) != 0) {
									 *0x42a27c =  *0x42a27c + 1;
									__eflags =  *0x42a27c;
								}
								_t45 = _t111 + 0x44; // 0x44
								_t70 = _t45;
								_t102 = 8;
								do {
									_t70 = _t70 - 8;
									 *_t70 =  *_t70 + _t111;
									_t102 = _t102 - 1;
									__eflags = _t102;
								} while (_t102 != 0);
								_t71 =  *0x420ef4; // 0x2147f57
								 *((intOrPtr*)(_t111 + 0x3c)) = _t71;
								E00406113(0x42a280, _t111 + 4, 0x40);
								__eflags = 0;
								return 0;
							}
							goto L32;
						}
						return L"Error writing temporary file. Make sure your temp folder is valid.";
					}
					E004035F8( *0x420ef0);
					_t77 = E004035E2( &_a4, 4);
					__eflags = _t77;
					if(_t77 == 0) {
						goto L32;
					}
					__eflags = _v8 - _a4;
					if(_v8 != _a4) {
						goto L32;
					}
					goto L28;
				} else {
					do {
						_t107 = _t110;
						asm("sbb eax, eax");
						_t82 = ( ~( *0x42a274) & 0x00007e00) + 0x200;
						__eflags = _t110 - _t82;
						if(_t110 >= _t82) {
							_t107 = _t82;
						}
						_t83 = E004035E2(0x418ef0, _t107);
						__eflags = _t83;
						if(_t83 == 0) {
							E0040302E(1);
							L32:
							return L"Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x42a274;
						if( *0x42a274 != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E0040302E(0);
							}
							goto L20;
						}
						E00406113( &_v40, 0x418ef0, 0x1c);
						_t89 = _v40;
						__eflags = _t89 & 0xfffffff0;
						if((_t89 & 0xfffffff0) != 0) {
							goto L20;
						}
						__eflags = _v36 - 0xdeadbeef;
						if(_v36 != 0xdeadbeef) {
							goto L20;
						}
						__eflags = _v24 - 0x74736e49;
						if(_v24 != 0x74736e49) {
							goto L20;
						}
						__eflags = _v28 - 0x74666f73;
						if(_v28 != 0x74666f73) {
							goto L20;
						}
						__eflags = _v32 - 0x6c6c754e;
						if(_v32 != 0x6c6c754e) {
							goto L20;
						}
						_a4 = _a4 | _t89;
						_t104 =  *0x420ef0; // 0x10000
						 *0x42a300 =  *0x42a300 | _a4 & 0x00000002;
						_t92 = _v16;
						__eflags = _t92 - _t110;
						 *0x42a274 = _t104;
						if(_t92 > _t110) {
							goto L32;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L16:
							_v12 = _v12 + 1;
							_t110 = _t92 - 4;
							__eflags = _t107 - _t110;
							if(_t107 > _t110) {
								_t107 = _t110;
							}
							goto L20;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							break;
						}
						goto L16;
						L20:
						__eflags = _t110 -  *0x420f00; // 0xd340
						if(__eflags < 0) {
							_v8 = E00406B22(_v8, 0x418ef0, _t107);
						}
						 *0x420ef0 =  *0x420ef0 + _t107;
						_t110 = _t110 - _t107;
						__eflags = _t110;
					} while (_t110 != 0);
					_t94 = 0;
					__eflags = 0;
					goto L24;
				}
			}
































                                                                                                                              0x004030db
                                                                                                                              0x004030de
                                                                                                                              0x004030e1
                                                                                                                              0x004030fb
                                                                                                                              0x00403100
                                                                                                                              0x00403113
                                                                                                                              0x00403118
                                                                                                                              0x0040311e
                                                                                                                              0x00000000
                                                                                                                              0x00403120
                                                                                                                              0x00403131
                                                                                                                              0x00403142
                                                                                                                              0x00403149
                                                                                                                              0x0040314f
                                                                                                                              0x00403151
                                                                                                                              0x00403156
                                                                                                                              0x00403158
                                                                                                                              0x00403243
                                                                                                                              0x00403245
                                                                                                                              0x0040324a
                                                                                                                              0x00403251
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403257
                                                                                                                              0x0040325a
                                                                                                                              0x00403286
                                                                                                                              0x0040328b
                                                                                                                              0x00403296
                                                                                                                              0x00403298
                                                                                                                              0x004032a9
                                                                                                                              0x004032c4
                                                                                                                              0x004032ca
                                                                                                                              0x004032cd
                                                                                                                              0x004032d2
                                                                                                                              0x004032f1
                                                                                                                              0x00403301
                                                                                                                              0x00403313
                                                                                                                              0x00403318
                                                                                                                              0x0040331d
                                                                                                                              0x00403320
                                                                                                                              0x00403329
                                                                                                                              0x0040332d
                                                                                                                              0x00403335
                                                                                                                              0x0040333a
                                                                                                                              0x0040333c
                                                                                                                              0x0040333c
                                                                                                                              0x0040333c
                                                                                                                              0x00403344
                                                                                                                              0x00403344
                                                                                                                              0x00403347
                                                                                                                              0x00403348
                                                                                                                              0x00403348
                                                                                                                              0x0040334b
                                                                                                                              0x0040334d
                                                                                                                              0x0040334d
                                                                                                                              0x0040334d
                                                                                                                              0x00403350
                                                                                                                              0x00403357
                                                                                                                              0x00403363
                                                                                                                              0x00403368
                                                                                                                              0x00000000
                                                                                                                              0x00403368
                                                                                                                              0x00000000
                                                                                                                              0x00403320
                                                                                                                              0x00000000
                                                                                                                              0x004032d4
                                                                                                                              0x00403262
                                                                                                                              0x0040326d
                                                                                                                              0x00403272
                                                                                                                              0x00403274
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040327d
                                                                                                                              0x00403280
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040315e
                                                                                                                              0x00403163
                                                                                                                              0x00403168
                                                                                                                              0x0040316c
                                                                                                                              0x00403173
                                                                                                                              0x00403178
                                                                                                                              0x0040317a
                                                                                                                              0x0040317c
                                                                                                                              0x0040317c
                                                                                                                              0x00403180
                                                                                                                              0x00403185
                                                                                                                              0x00403187
                                                                                                                              0x004032e0
                                                                                                                              0x00403322
                                                                                                                              0x00000000
                                                                                                                              0x00403322
                                                                                                                              0x0040318d
                                                                                                                              0x00403194
                                                                                                                              0x00403210
                                                                                                                              0x00403214
                                                                                                                              0x00403218
                                                                                                                              0x0040321d
                                                                                                                              0x00000000
                                                                                                                              0x00403214
                                                                                                                              0x0040319d
                                                                                                                              0x004031a2
                                                                                                                              0x004031a5
                                                                                                                              0x004031aa
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004031ac
                                                                                                                              0x004031b3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004031b5
                                                                                                                              0x004031bc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004031be
                                                                                                                              0x004031c5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004031c7
                                                                                                                              0x004031ce
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004031d0
                                                                                                                              0x004031d6
                                                                                                                              0x004031df
                                                                                                                              0x004031e5
                                                                                                                              0x004031e8
                                                                                                                              0x004031ea
                                                                                                                              0x004031f0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004031f6
                                                                                                                              0x004031fa
                                                                                                                              0x00403202
                                                                                                                              0x00403202
                                                                                                                              0x00403205
                                                                                                                              0x00403208
                                                                                                                              0x0040320a
                                                                                                                              0x0040320c
                                                                                                                              0x0040320c
                                                                                                                              0x00000000
                                                                                                                              0x0040320a
                                                                                                                              0x004031fc
                                                                                                                              0x00403200
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040321e
                                                                                                                              0x0040321e
                                                                                                                              0x00403224
                                                                                                                              0x00403230
                                                                                                                              0x00403230
                                                                                                                              0x00403233
                                                                                                                              0x00403239
                                                                                                                              0x00403239
                                                                                                                              0x00403239
                                                                                                                              0x00403241
                                                                                                                              0x00403241
                                                                                                                              0x00000000
                                                                                                                              0x00403241

                                                                                                                              APIs
                                                                                                                              • GetTickCount.KERNEL32 ref: 004030E4
                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe,00000400), ref: 00403100
                                                                                                                                • Part of subcall function 00406158: GetFileAttributesW.KERNELBASE(00000003,00403113,C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe,80000000,00000003), ref: 0040615C
                                                                                                                                • Part of subcall function 00406158: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,00439000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe,C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe,80000000,00000003), ref: 00403149
                                                                                                                              • GlobalAlloc.KERNELBASE(00000040,?), ref: 0040328B
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                              • API String ID: 2803837635-1681575022
                                                                                                                              • Opcode ID: ebd1f9b8c3f310d2cfdf08737281b49134967767c5aa842370ee9cb501117e27
                                                                                                                              • Instruction ID: 6a7077609e6cbe8902eef3654a796be60faa9129f620d49927b75729aeb44cd1
                                                                                                                              • Opcode Fuzzy Hash: ebd1f9b8c3f310d2cfdf08737281b49134967767c5aa842370ee9cb501117e27
                                                                                                                              • Instruction Fuzzy Hash: 74710271A40204ABDB20DFB5DD85B9E3AACAB04315F21457FF901B72D2CB789E418B6D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004066A5 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 196stringCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 910 4066a5-4066b0 911 4066b2-4066c1 910->911 912 4066c3-4066d9 910->912 911->912 913 4066f1-4066fa 912->913 914 4066db-4066e8 912->914 916 406700 913->916 917 4068d5-4068e0 913->917 914->913 915 4066ea-4066ed 914->915 915->913 918 406705-406712 916->918 919 4068e2-4068e6 call 406668 917->919 920 4068eb-4068ec 917->920 918->917 921 406718-406721 918->921 919->920 923 4068b3 921->923 924 406727-406764 921->924 927 4068c1-4068c4 923->927 928 4068b5-4068bf 923->928 925 406857-40685c 924->925 926 40676a-406771 924->926 932 40685e-406864 925->932 933 40688f-406894 925->933 929 406773-406775 926->929 930 406776-406778 926->930 931 4068c6-4068cf 927->931 928->931 929->930 934 4067b5-4067b8 930->934 935 40677a-406798 call 406536 930->935 931->917 938 406702 931->938 939 406874-406880 call 406668 932->939 940 406866-406872 call 4065af 932->940 936 4068a3-4068b1 lstrlenW 933->936 937 406896-40689e call 4066a5 933->937 945 4067c8-4067cb 934->945 946 4067ba-4067c6 GetSystemDirectoryW 934->946 949 40679d-4067a1 935->949 936->931 937->936 938->918 948 406885-40688b 939->948 940->948 951 406834-406836 945->951 952 4067cd-4067db GetWindowsDirectoryW 945->952 950 406838-40683c 946->950 948->936 953 40688d 948->953 955 4067a7-4067b0 call 4066a5 949->955 956 40683e-406842 949->956 950->956 957 40684f-406855 call 4068ef 950->957 951->950 954 4067dd-4067e5 951->954 952->951 953->957 958 4067e7-4067f0 954->958 959 4067fc-406812 SHGetSpecialFolderLocation 954->959 955->950 956->957 961 406844-40684a lstrcatW 956->961 957->936 967 4067f8-4067fa 958->967 963 406830 959->963 964 406814-40682e SHGetPathFromIDListW CoTaskMemFree 959->964 961->957 963->951 964->950 964->963 967->950 967->959
                                                                                                                              C-Code - Quality: 72%
                                                                                                                              			E004066A5(void* __ebx, void* __edi, void* __esi, signed int _a4, short _a8) {
				struct _ITEMIDLIST* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t44;
				WCHAR* _t45;
				signed char _t47;
				signed int _t48;
				short _t59;
				short _t61;
				short _t63;
				void* _t71;
				signed int _t77;
				signed int _t78;
				short _t81;
				short _t82;
				signed char _t84;
				signed int _t85;
				void* _t98;
				void* _t104;
				intOrPtr* _t105;
				void* _t107;
				WCHAR* _t108;
				void* _t110;

				_t107 = __esi;
				_t104 = __edi;
				_t71 = __ebx;
				_t44 = _a8;
				if(_t44 < 0) {
					_t44 =  *( *0x42923c - 4 + _t44 * 4);
				}
				_push(_t71);
				_push(_t107);
				_push(_t104);
				_t105 =  *0x42a298 + _t44 * 2;
				_t45 = 0x428200;
				_t108 = 0x428200;
				if(_a4 >= 0x428200 && _a4 - 0x428200 >> 1 < 0x800) {
					_t108 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				_t81 =  *_t105;
				_a8 = _t81;
				if(_t81 == 0) {
					L43:
					 *_t108 =  *_t108 & 0x00000000;
					if(_a4 == 0) {
						return _t45;
					}
					return E00406668(_a4, _t45);
				} else {
					while((_t108 - _t45 & 0xfffffffe) < 0x800) {
						_t98 = 2;
						_t105 = _t105 + _t98;
						if(_t81 >= 4) {
							if(__eflags != 0) {
								 *_t108 = _t81;
								_t108 = _t108 + _t98;
								__eflags = _t108;
							} else {
								 *_t108 =  *_t105;
								_t108 = _t108 + _t98;
								_t105 = _t105 + _t98;
							}
							L42:
							_t82 =  *_t105;
							_a8 = _t82;
							if(_t82 != 0) {
								_t81 = _a8;
								continue;
							}
							goto L43;
						}
						_t84 =  *((intOrPtr*)(_t105 + 1));
						_t47 =  *_t105;
						_t48 = _t47 & 0x000000ff;
						_v12 = (_t84 & 0x0000007f) << 0x00000007 | _t47 & 0x0000007f;
						_t85 = _t84 & 0x000000ff;
						_v28 = _t48 | 0x00008000;
						_t77 = 2;
						_v16 = _t85;
						_t105 = _t105 + _t77;
						_v24 = _t48;
						_v20 = _t85 | 0x00008000;
						if(_a8 != _t77) {
							__eflags = _a8 - 3;
							if(_a8 != 3) {
								__eflags = _a8 - 1;
								if(__eflags == 0) {
									__eflags = (_t48 | 0xffffffff) - _v12;
									E004066A5(_t77, _t105, _t108, _t108, (_t48 | 0xffffffff) - _v12);
								}
								L38:
								_t108 =  &(_t108[lstrlenW(_t108)]);
								_t45 = 0x428200;
								goto L42;
							}
							_t78 = _v12;
							__eflags = _t78 - 0x1d;
							if(_t78 != 0x1d) {
								__eflags = L"C:\\Users\\alfons\\AppData\\Roaming\\Winamp\\Plugins\\ml\\ml_online.ini" + (_t78 << 0xb);
								E00406668(_t108, L"C:\\Users\\alfons\\AppData\\Roaming\\Winamp\\Plugins\\ml\\ml_online.ini" + (_t78 << 0xb));
							} else {
								E004065AF(_t108,  *0x42a268);
							}
							__eflags = _t78 + 0xffffffeb - 7;
							if(__eflags < 0) {
								L29:
								E004068EF(_t108);
							}
							goto L38;
						}
						if( *0x42a2e4 != 0) {
							_t77 = 4;
						}
						_t121 = _t48;
						if(_t48 >= 0) {
							__eflags = _t48 - 0x25;
							if(_t48 != 0x25) {
								__eflags = _t48 - 0x24;
								if(_t48 == 0x24) {
									GetWindowsDirectoryW(_t108, 0x400);
									_t77 = 0;
								}
								while(1) {
									__eflags = _t77;
									if(_t77 == 0) {
										goto L26;
									}
									_t59 =  *0x42a264;
									_t77 = _t77 - 1;
									__eflags = _t59;
									if(_t59 == 0) {
										L22:
										_t61 = SHGetSpecialFolderLocation( *0x42a268,  *(_t110 + _t77 * 4 - 0x18),  &_v8);
										__eflags = _t61;
										if(_t61 != 0) {
											L24:
											 *_t108 =  *_t108 & 0x00000000;
											__eflags =  *_t108;
											continue;
										}
										__imp__SHGetPathFromIDListW(_v8, _t108);
										_a8 = _t61;
										__imp__CoTaskMemFree(_v8);
										__eflags = _a8;
										if(_a8 != 0) {
											goto L26;
										}
										goto L24;
									}
									_t63 =  *_t59( *0x42a268,  *(_t110 + _t77 * 4 - 0x18), 0, 0, _t108); // executed
									__eflags = _t63;
									if(_t63 == 0) {
										goto L26;
									}
									goto L22;
								}
								goto L26;
							}
							GetSystemDirectoryW(_t108, 0x400);
							goto L26;
						} else {
							E00406536( *0x42a298, _t121, 0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion",  *0x42a298 + (_t48 & 0x0000003f) * 2, _t108, _t48 & 0x00000040); // executed
							if( *_t108 != 0) {
								L27:
								if(_v16 == 0x1a) {
									lstrcatW(_t108, L"\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L29;
							}
							E004066A5(_t77, _t105, _t108, _t108, _v16);
							L26:
							if( *_t108 == 0) {
								goto L29;
							}
							goto L27;
						}
					}
					goto L43;
				}
			}





























                                                                                                                              0x004066a5
                                                                                                                              0x004066a5
                                                                                                                              0x004066a5
                                                                                                                              0x004066ab
                                                                                                                              0x004066b0
                                                                                                                              0x004066c1
                                                                                                                              0x004066c1
                                                                                                                              0x004066c9
                                                                                                                              0x004066ca
                                                                                                                              0x004066cb
                                                                                                                              0x004066cc
                                                                                                                              0x004066cf
                                                                                                                              0x004066d7
                                                                                                                              0x004066d9
                                                                                                                              0x004066ea
                                                                                                                              0x004066ed
                                                                                                                              0x004066ed
                                                                                                                              0x004066f1
                                                                                                                              0x004066f7
                                                                                                                              0x004066fa
                                                                                                                              0x004068d5
                                                                                                                              0x004068d5
                                                                                                                              0x004068e0
                                                                                                                              0x004068ec
                                                                                                                              0x004068ec
                                                                                                                              0x00000000
                                                                                                                              0x00406700
                                                                                                                              0x00406705
                                                                                                                              0x0040671a
                                                                                                                              0x0040671b
                                                                                                                              0x00406721
                                                                                                                              0x004068b3
                                                                                                                              0x004068c1
                                                                                                                              0x004068c4
                                                                                                                              0x004068c4
                                                                                                                              0x004068b5
                                                                                                                              0x004068b8
                                                                                                                              0x004068bb
                                                                                                                              0x004068bd
                                                                                                                              0x004068bd
                                                                                                                              0x004068c6
                                                                                                                              0x004068c6
                                                                                                                              0x004068cc
                                                                                                                              0x004068cf
                                                                                                                              0x00406702
                                                                                                                              0x00000000
                                                                                                                              0x00406702
                                                                                                                              0x00000000
                                                                                                                              0x004068cf
                                                                                                                              0x00406727
                                                                                                                              0x0040672a
                                                                                                                              0x00406739
                                                                                                                              0x00406740
                                                                                                                              0x0040674c
                                                                                                                              0x0040674f
                                                                                                                              0x00406752
                                                                                                                              0x00406753
                                                                                                                              0x00406758
                                                                                                                              0x0040675e
                                                                                                                              0x00406761
                                                                                                                              0x00406764
                                                                                                                              0x00406857
                                                                                                                              0x0040685c
                                                                                                                              0x0040688f
                                                                                                                              0x00406894
                                                                                                                              0x00406899
                                                                                                                              0x0040689e
                                                                                                                              0x0040689e
                                                                                                                              0x004068a3
                                                                                                                              0x004068a9
                                                                                                                              0x004068ac
                                                                                                                              0x00000000
                                                                                                                              0x004068ac
                                                                                                                              0x0040685e
                                                                                                                              0x00406861
                                                                                                                              0x00406864
                                                                                                                              0x00406879
                                                                                                                              0x00406880
                                                                                                                              0x00406866
                                                                                                                              0x0040686d
                                                                                                                              0x0040686d
                                                                                                                              0x00406888
                                                                                                                              0x0040688b
                                                                                                                              0x0040684f
                                                                                                                              0x00406850
                                                                                                                              0x00406850
                                                                                                                              0x00000000
                                                                                                                              0x0040688b
                                                                                                                              0x00406771
                                                                                                                              0x00406775
                                                                                                                              0x00406775
                                                                                                                              0x00406776
                                                                                                                              0x00406778
                                                                                                                              0x004067b5
                                                                                                                              0x004067b8
                                                                                                                              0x004067c8
                                                                                                                              0x004067cb
                                                                                                                              0x004067d3
                                                                                                                              0x004067d9
                                                                                                                              0x004067d9
                                                                                                                              0x00406834
                                                                                                                              0x00406834
                                                                                                                              0x00406836
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004067dd
                                                                                                                              0x004067e2
                                                                                                                              0x004067e3
                                                                                                                              0x004067e5
                                                                                                                              0x004067fc
                                                                                                                              0x0040680a
                                                                                                                              0x00406810
                                                                                                                              0x00406812
                                                                                                                              0x00406830
                                                                                                                              0x00406830
                                                                                                                              0x00406830
                                                                                                                              0x00000000
                                                                                                                              0x00406830
                                                                                                                              0x00406818
                                                                                                                              0x00406821
                                                                                                                              0x00406824
                                                                                                                              0x0040682a
                                                                                                                              0x0040682e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040682e
                                                                                                                              0x004067f6
                                                                                                                              0x004067f8
                                                                                                                              0x004067fa
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004067fa
                                                                                                                              0x00000000
                                                                                                                              0x00406834
                                                                                                                              0x004067c0
                                                                                                                              0x00000000
                                                                                                                              0x0040677a
                                                                                                                              0x00406798
                                                                                                                              0x004067a1
                                                                                                                              0x0040683e
                                                                                                                              0x00406842
                                                                                                                              0x0040684a
                                                                                                                              0x0040684a
                                                                                                                              0x00000000
                                                                                                                              0x00406842
                                                                                                                              0x004067ab
                                                                                                                              0x00406838
                                                                                                                              0x0040683c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040683c
                                                                                                                              0x00406778
                                                                                                                              0x00000000
                                                                                                                              0x00406705

                                                                                                                              APIs
                                                                                                                              • GetSystemDirectoryW.KERNEL32(C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\xml\xui\titlebar,00000400), ref: 004067C0
                                                                                                                              • GetWindowsDirectoryW.KERNEL32(C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\xml\xui\titlebar,00000400,00000000,Extract: browser.maki,?,00405701,Extract: browser.maki,00000000,00000000,00000000,00000000), ref: 004067D3
                                                                                                                              • lstrcatW.KERNEL32(C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\xml\xui\titlebar,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                                                                                              • lstrlenW.KERNEL32(C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\xml\xui\titlebar,00000000,Extract: browser.maki,?,00405701,Extract: browser.maki,00000000), ref: 004068A4
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Directory$SystemWindowslstrcatlstrlen
                                                                                                                              • String ID: C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\xml\xui\titlebar$C:\Users\user\AppData\Roaming\Winamp\Plugins\ml\ml_online.ini$Extract: browser.maki$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                              • API String ID: 4260037668-3048957666
                                                                                                                              • Opcode ID: a56a8a4d956183f5ceef7ff9e42496adb417aa599aaeb911d527621cdebcfcc9
                                                                                                                              • Instruction ID: 414c90a3e727c3679fd522760d05a71ccfd37451a898d0680c6fb4b4ce958948
                                                                                                                              • Opcode Fuzzy Hash: a56a8a4d956183f5ceef7ff9e42496adb417aa599aaeb911d527621cdebcfcc9
                                                                                                                              • Instruction Fuzzy Hash: CD61E172A02115EBDB20AF64CD40BAA37A5EF10314F22C13EE946B62D0DB3D49A1CB5D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 6F3A17BE Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 82memoryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E6F3A17BE(void* __eflags, struct HWND__* _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				intOrPtr _v8;
				intOrPtr _v12;
				struct tagPOINT _v20;
				struct HWND__* _t24;
				intOrPtr _t31;
				int _t36;
				struct HWND__* _t37;
				signed int _t38;

				_t31 = _a20;
				_t38 = _a8;
				 *0x6f3a6160 = _a16;
				 *0x6f3a615c = _t38;
				 *0x6f3a6164 = _a12;
				 *((intOrPtr*)(_t31 + 0xc))( *0x6f3a612c, E6F3A18C6);
				_t37 = _a4;
				 *0x6f3a6144 = _t37;
				 *0x6f3a6128 = _t31;
				 *0x6f3a6130 = _t38 * 0x3e + _a12;
				GetWindowRect(GetDlgItem(_t37, E6F3A2053(__eflags)),  &_v20);
				MapWindowPoints(0, _t37,  &_v20, 2);
				_t24 = CreateDialogParamW( *0x6f3a612c, 1, _t37, E6F3A14D6, 0); // executed
				 *0x6f3a6140 = _t24;
				if(_t24 != 0) {
					_t36 = _v12 - _v20.x;
					__eflags = _t36;
					SetWindowPos(_t24, 0, _v20, _v20.y, _t36, _v8 - _v20.y, 0x14);
					 *0x6f3a6148 = SetWindowLongW(_t37, 4, E6F3A1407);
					 *0x6f3a614c = 0;
					 *0x6f3a6154 = 0;
					 *0x6f3a6158 = HeapAlloc(GetProcessHeap(), 8, 0);
					 *0x6f3a6150 = 0;
					return E6F3A20B3( *0x6f3a6140);
				}
				return E6F3A1E9C(L"error");
			}











                                                                                                                              0x6f3a17c8
                                                                                                                              0x6f3a17cc
                                                                                                                              0x6f3a17d5
                                                                                                                              0x6f3a17e3
                                                                                                                              0x6f3a17e9
                                                                                                                              0x6f3a17ee
                                                                                                                              0x6f3a17f7
                                                                                                                              0x6f3a17fa
                                                                                                                              0x6f3a1800
                                                                                                                              0x6f3a1806
                                                                                                                              0x6f3a181e
                                                                                                                              0x6f3a182e
                                                                                                                              0x6f3a1843
                                                                                                                              0x6f3a184b
                                                                                                                              0x6f3a1850
                                                                                                                              0x6f3a186a
                                                                                                                              0x6f3a186a
                                                                                                                              0x6f3a1876
                                                                                                                              0x6f3a188d
                                                                                                                              0x6f3a1892
                                                                                                                              0x6f3a1898
                                                                                                                              0x6f3a18b1
                                                                                                                              0x6f3a18b6
                                                                                                                              0x00000000
                                                                                                                              0x6f3a18bc
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • GetDlgItem.USER32 ref: 6F3A1813
                                                                                                                              • GetWindowRect.USER32 ref: 6F3A181E
                                                                                                                              • MapWindowPoints.USER32 ref: 6F3A182E
                                                                                                                              • CreateDialogParamW.USER32 ref: 6F3A1843
                                                                                                                              • SetWindowPos.USER32(00000000,00000000,?,?,?,?,00000014), ref: 6F3A1876
                                                                                                                              • SetWindowLongW.USER32 ref: 6F3A1884
                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000000), ref: 6F3A189E
                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 6F3A18A5
                                                                                                                                • Part of subcall function 6F3A1E9C: GlobalAlloc.KERNEL32(00000040,?,?,6F3A10BE,error,?,00000104), ref: 6F3A1EB2
                                                                                                                                • Part of subcall function 6F3A1E9C: lstrcpynW.KERNEL32(00000004,?,?,6F3A10BE,error,?,00000104), ref: 6F3A1EC8
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.699359362.000000006F3A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6F3A0000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.699351571.000000006F3A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699369720.000000006F3A3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699377071.000000006F3A4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699384845.000000006F3A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6f3a0000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Window$AllocHeap$CreateDialogGlobalItemLongParamPointsProcessRectlstrcpyn
                                                                                                                              • String ID: @Zxt$error
                                                                                                                              • API String ID: 1928716940-4196193903
                                                                                                                              • Opcode ID: 6d121e1d1b209923f9663767eea56712cfa5e85d89a29eda03d64a785c5b5b45
                                                                                                                              • Instruction ID: 1e21f297909e8b58df7ad845273b6c781ba6f371b7c56d613e9d7caf3cae9344
                                                                                                                              • Opcode Fuzzy Hash: 6d121e1d1b209923f9663767eea56712cfa5e85d89a29eda03d64a785c5b5b45
                                                                                                                              • Instruction Fuzzy Hash: 7231F8B2900A14ABCF11EFABC94999EBFBCFB4B721B00441DF61697241D7365521CFA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040176F Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 1264 40176f-401794 call 402da6 call 405fae 1269 401796-40179c call 406668 1264->1269 1270 40179e-4017b0 call 406668 call 405f37 lstrcatW 1264->1270 1275 4017b5-4017b6 call 4068ef 1269->1275 1270->1275 1279 4017bb-4017bf 1275->1279 1280 4017c1-4017cb call 40699e 1279->1280 1281 4017f2-4017f5 1279->1281 1288 4017dd-4017ef 1280->1288 1289 4017cd-4017db CompareFileTime 1280->1289 1283 4017f7-4017f8 call 406133 1281->1283 1284 4017fd-401819 call 406158 1281->1284 1283->1284 1291 40181b-40181e 1284->1291 1292 40188d-4018b6 call 4056ca call 403371 1284->1292 1288->1281 1289->1288 1294 401820-40185e call 406668 * 2 call 4066a5 call 406668 call 405cc8 1291->1294 1295 40186f-401879 call 4056ca 1291->1295 1306 4018b8-4018bc 1292->1306 1307 4018be-4018ca SetFileTime 1292->1307 1294->1279 1328 401864-401865 1294->1328 1304 401882-401888 1295->1304 1308 402c33 1304->1308 1306->1307 1310 4018d0-4018db FindCloseChangeNotification 1306->1310 1307->1310 1311 402c35-402c39 1308->1311 1313 4018e1-4018e4 1310->1313 1314 402c2a-402c2d 1310->1314 1316 4018e6-4018f7 call 4066a5 lstrcatW 1313->1316 1317 4018f9-4018fc call 4066a5 1313->1317 1314->1308 1323 401901-402398 1316->1323 1317->1323 1326 40239d-4023a2 1323->1326 1327 402398 call 405cc8 1323->1327 1326->1311 1327->1326 1328->1304 1329 401867-401868 1328->1329 1329->1295
                                                                                                                              C-Code - Quality: 77%
                                                                                                                              			E0040176F(FILETIME* __ebx, void* __eflags) {
				void* __esi;
				void* _t35;
				void* _t43;
				void* _t45;
				FILETIME* _t51;
				FILETIME* _t64;
				void* _t66;
				signed int _t72;
				FILETIME* _t73;
				FILETIME* _t77;
				signed int _t79;
				WCHAR* _t81;
				void* _t83;
				void* _t84;
				void* _t86;

				_t77 = __ebx;
				 *(_t86 - 8) = E00402DA6(0x31);
				 *(_t86 + 8) =  *(_t86 - 0x30) & 0x00000007;
				_t35 = E00405FAE( *(_t86 - 8));
				_push( *(_t86 - 8));
				_t81 = L"C:\\PC:\\Users\\alfons\\AppData\\Roaming\\Winamp\\Plugins\\ml\\ml_online.ini";
				if(_t35 == 0) {
					lstrcatW(E00405F37(E00406668(_t81, L"C:\\Program Files (x86)\\Winamp\\Plugins\\freeform\\xml\\winamp\\thinger")), ??);
				} else {
					E00406668();
				}
				E004068EF(_t81);
				while(1) {
					__eflags =  *(_t86 + 8) - 3;
					if( *(_t86 + 8) >= 3) {
						_t66 = E0040699E(_t81);
						_t79 = 0;
						__eflags = _t66 - _t77;
						if(_t66 != _t77) {
							_t73 = _t66 + 0x14;
							__eflags = _t73;
							_t79 = CompareFileTime(_t73, _t86 - 0x24);
						}
						asm("sbb eax, eax");
						_t72 =  ~(( *(_t86 + 8) + 0xfffffffd | 0x80000000) & _t79) + 1;
						__eflags = _t72;
						 *(_t86 + 8) = _t72;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) == _t77) {
						E00406133(_t81);
					}
					__eflags =  *(_t86 + 8) - 1;
					_t43 = E00406158(_t81, 0x40000000, (0 |  *(_t86 + 8) != 0x00000001) + 1);
					__eflags = _t43 - 0xffffffff;
					 *(_t86 - 0x38) = _t43;
					if(_t43 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) != _t77) {
						E004056CA(0xffffffe2,  *(_t86 - 8));
						__eflags =  *(_t86 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t86 - 4)) = 1;
						}
						L31:
						 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t86 - 4));
						__eflags =  *0x42a2e8;
						goto L32;
					} else {
						E00406668("Interactive User", _t83);
						E00406668(_t83, _t81);
						E004066A5(_t77, _t81, _t83, "C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\fonts",  *((intOrPtr*)(_t86 - 0x1c)));
						E00406668(_t83, "Interactive User");
						_t64 = E00405CC8("C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\fonts",  *(_t86 - 0x30) >> 3) - 4;
						__eflags = _t64;
						if(_t64 == 0) {
							continue;
						} else {
							__eflags = _t64 == 1;
							if(_t64 == 1) {
								 *0x42a2e8 =  &( *0x42a2e8->dwLowDateTime);
								L32:
								_t51 = 0;
								__eflags = 0;
							} else {
								_push(_t81);
								_push(0xfffffffa);
								E004056CA();
								L29:
								_t51 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t51;
				}
				E004056CA(0xffffffea,  *(_t86 - 8)); // executed
				 *0x42a314 =  *0x42a314 + 1;
				_t45 = E00403371(_t79,  *((intOrPtr*)(_t86 - 0x28)),  *(_t86 - 0x38), _t77, _t77); // executed
				 *0x42a314 =  *0x42a314 - 1;
				__eflags =  *(_t86 - 0x24) - 0xffffffff;
				_t84 = _t45;
				if( *(_t86 - 0x24) != 0xffffffff) {
					L22:
					SetFileTime( *(_t86 - 0x38), _t86 - 0x24, _t77, _t86 - 0x24); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t86 - 0x20)) - 0xffffffff;
					if( *((intOrPtr*)(_t86 - 0x20)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t86 - 0x38)); // executed
				__eflags = _t84 - _t77;
				if(_t84 >= _t77) {
					goto L31;
				} else {
					__eflags = _t84 - 0xfffffffe;
					if(_t84 != 0xfffffffe) {
						E004066A5(_t77, _t81, _t84, _t81, 0xffffffee);
					} else {
						E004066A5(_t77, _t81, _t84, _t81, 0xffffffe9);
						lstrcatW(_t81,  *(_t86 - 8));
					}
					_push(0x200010);
					_push(_t81);
					E00405CC8();
					goto L29;
				}
				goto L33;
			}


















                                                                                                                              0x0040176f
                                                                                                                              0x00401776
                                                                                                                              0x00401782
                                                                                                                              0x00401785
                                                                                                                              0x0040178a
                                                                                                                              0x0040178d
                                                                                                                              0x00401794
                                                                                                                              0x004017b0
                                                                                                                              0x00401796
                                                                                                                              0x00401797
                                                                                                                              0x00401797
                                                                                                                              0x004017b6
                                                                                                                              0x004017bb
                                                                                                                              0x004017bb
                                                                                                                              0x004017bf
                                                                                                                              0x004017c2
                                                                                                                              0x004017c7
                                                                                                                              0x004017c9
                                                                                                                              0x004017cb
                                                                                                                              0x004017d0
                                                                                                                              0x004017d0
                                                                                                                              0x004017db
                                                                                                                              0x004017db
                                                                                                                              0x004017ec
                                                                                                                              0x004017ee
                                                                                                                              0x004017ee
                                                                                                                              0x004017ef
                                                                                                                              0x004017ef
                                                                                                                              0x004017f2
                                                                                                                              0x004017f5
                                                                                                                              0x004017f8
                                                                                                                              0x004017f8
                                                                                                                              0x004017ff
                                                                                                                              0x0040180e
                                                                                                                              0x00401813
                                                                                                                              0x00401816
                                                                                                                              0x00401819
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040181b
                                                                                                                              0x0040181e
                                                                                                                              0x00401874
                                                                                                                              0x00401879
                                                                                                                              0x004015b6
                                                                                                                              0x0040292e
                                                                                                                              0x0040292e
                                                                                                                              0x00402c2a
                                                                                                                              0x00402c2d
                                                                                                                              0x00402c2d
                                                                                                                              0x00000000
                                                                                                                              0x00401820
                                                                                                                              0x00401826
                                                                                                                              0x0040182d
                                                                                                                              0x0040183a
                                                                                                                              0x00401845
                                                                                                                              0x0040185b
                                                                                                                              0x0040185b
                                                                                                                              0x0040185e
                                                                                                                              0x00000000
                                                                                                                              0x00401864
                                                                                                                              0x00401864
                                                                                                                              0x00401865
                                                                                                                              0x00401882
                                                                                                                              0x00402c33
                                                                                                                              0x00402c33
                                                                                                                              0x00402c33
                                                                                                                              0x00401867
                                                                                                                              0x00401867
                                                                                                                              0x00401868
                                                                                                                              0x00401493
                                                                                                                              0x0040239d
                                                                                                                              0x0040239d
                                                                                                                              0x0040239d
                                                                                                                              0x00401865
                                                                                                                              0x0040185e
                                                                                                                              0x00402c35
                                                                                                                              0x00402c39
                                                                                                                              0x00402c39
                                                                                                                              0x00401892
                                                                                                                              0x00401897
                                                                                                                              0x004018a5
                                                                                                                              0x004018aa
                                                                                                                              0x004018b0
                                                                                                                              0x004018b4
                                                                                                                              0x004018b6
                                                                                                                              0x004018be
                                                                                                                              0x004018ca
                                                                                                                              0x004018b8
                                                                                                                              0x004018b8
                                                                                                                              0x004018bc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004018bc
                                                                                                                              0x004018d3
                                                                                                                              0x004018d9
                                                                                                                              0x004018db
                                                                                                                              0x00000000
                                                                                                                              0x004018e1
                                                                                                                              0x004018e1
                                                                                                                              0x004018e4
                                                                                                                              0x004018fc
                                                                                                                              0x004018e6
                                                                                                                              0x004018e9
                                                                                                                              0x004018f2
                                                                                                                              0x004018f2
                                                                                                                              0x00401901
                                                                                                                              0x00401906
                                                                                                                              0x00402398
                                                                                                                              0x00000000
                                                                                                                              0x00402398
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
                                                                                                                              • CompareFileTime.KERNEL32(-00000014,?,C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\fonts\button-font-normal.png,C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\fonts\button-font-normal.png,00000000,00000000,C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\fonts\button-font-normal.png,C:\Program Files (x86)\Winamp\Plugins\freeform\xml\winamp\thinger,?,?,00000031), ref: 004017D5
                                                                                                                                • Part of subcall function 00406668: lstrcpynW.KERNEL32(?,?,00000400,004037B0,00429260,NSIS Error), ref: 00406675
                                                                                                                                • Part of subcall function 004056CA: lstrlenW.KERNEL32(Extract: browser.maki,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                                                                                • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,Extract: browser.maki,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                                                                                • Part of subcall function 004056CA: lstrcatW.KERNEL32(Extract: browser.maki,004030A8), ref: 00405725
                                                                                                                                • Part of subcall function 004056CA: SetWindowTextW.USER32(Extract: browser.maki,Extract: browser.maki), ref: 00405737
                                                                                                                                • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                                                                • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                                                                                • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                              • String ID: C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\fonts$C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\fonts\button-font-normal.png$C:\Program Files (x86)\Winamp\Plugins\freeform\xml\winamp\thinger$Interactive User
                                                                                                                              • API String ID: 1941528284-3860267049
                                                                                                                              • Opcode ID: f15c8198a6df89e73f827ceadb4c73dab8f562a39fed638654e43d91f01e6988
                                                                                                                              • Instruction ID: 87dd38174d63fc88252c3cacf76d35d2aef1a13c6195c1d88e2760da23471212
                                                                                                                              • Opcode Fuzzy Hash: f15c8198a6df89e73f827ceadb4c73dab8f562a39fed638654e43d91f01e6988
                                                                                                                              • Instruction Fuzzy Hash: DE41B771500205BACF10BBB5CD85DAE7A75EF45328B20473FF422B21E1D63D89619A2E
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004056CA Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004056CA(signed int _a4, WCHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				WCHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				WCHAR* _t27;
				signed int _t28;
				long _t29;
				signed int _t37;
				signed int _t38;

				_t27 =  *0x429244;
				_v8 = _t27;
				if(_t27 != 0) {
					_t37 =  *0x42a314;
					_v12 = _t37;
					_t38 = _t37 & 0x00000001;
					if(_t38 == 0) {
						E004066A5(_t38, 0, 0x422728, 0x422728, _a4);
					}
					_t27 = lstrlenW(0x422728);
					_a4 = _t27;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t27 = SetWindowTextW( *0x429228, 0x422728); // executed
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x422728;
							_v52 = 1;
							_t29 = SendMessageW(_v8, 0x1004, 0, 0); // executed
							_v44 = 0;
							_v48 = _t29 - _t38;
							SendMessageW(_v8, 0x104d - _t38, 0,  &_v52); // executed
							_t27 = SendMessageW(_v8, 0x1013, _v48, 0); // executed
						}
						if(_t38 != 0) {
							_t28 = _a4;
							0x422728[_t28] = 0;
							return _t28;
						}
					} else {
						_t27 = lstrlenW(_a8) + _a4;
						if(_t27 < 0x1000) {
							_t27 = lstrcatW(0x422728, _a8);
							goto L6;
						}
					}
				}
				return _t27;
			}

















                                                                                                                              0x004056d0
                                                                                                                              0x004056da
                                                                                                                              0x004056df
                                                                                                                              0x004056e5
                                                                                                                              0x004056f0
                                                                                                                              0x004056f3
                                                                                                                              0x004056f6
                                                                                                                              0x004056fc
                                                                                                                              0x004056fc
                                                                                                                              0x00405702
                                                                                                                              0x0040570a
                                                                                                                              0x0040570d
                                                                                                                              0x0040572a
                                                                                                                              0x0040572e
                                                                                                                              0x00405737
                                                                                                                              0x00405737
                                                                                                                              0x00405741
                                                                                                                              0x0040574a
                                                                                                                              0x00405756
                                                                                                                              0x0040575d
                                                                                                                              0x00405761
                                                                                                                              0x00405764
                                                                                                                              0x00405777
                                                                                                                              0x00405785
                                                                                                                              0x00405785
                                                                                                                              0x00405789
                                                                                                                              0x0040578b
                                                                                                                              0x0040578e
                                                                                                                              0x00000000
                                                                                                                              0x0040578e
                                                                                                                              0x0040570f
                                                                                                                              0x00405717
                                                                                                                              0x0040571f
                                                                                                                              0x00405725
                                                                                                                              0x00000000
                                                                                                                              0x00405725
                                                                                                                              0x0040571f
                                                                                                                              0x0040570d
                                                                                                                              0x0040579a

                                                                                                                              APIs
                                                                                                                              • lstrlenW.KERNEL32(Extract: browser.maki,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                                                                              • lstrlenW.KERNEL32(004030A8,Extract: browser.maki,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                                                                              • lstrcatW.KERNEL32(Extract: browser.maki,004030A8), ref: 00405725
                                                                                                                              • SetWindowTextW.USER32(Extract: browser.maki,Extract: browser.maki), ref: 00405737
                                                                                                                              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                                                              • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                                                                              • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                                                                • Part of subcall function 004066A5: lstrcatW.KERNEL32(C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\xml\xui\titlebar,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                                                                                                • Part of subcall function 004066A5: lstrlenW.KERNEL32(C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\xml\xui\titlebar,00000000,Extract: browser.maki,?,00405701,Extract: browser.maki,00000000), ref: 004068A4
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSendlstrlen$lstrcat$TextWindow
                                                                                                                              • String ID: Extract: browser.maki
                                                                                                                              • API String ID: 1495540970-2999835492
                                                                                                                              • Opcode ID: da0887550f177a20a5adca650a80eb3065253b4758cf57a6ba66e38fd01475e6
                                                                                                                              • Instruction ID: 7f52a71d89202be05388d2ae90ba5930d13dcc1e6093ad3ff4eaa481a322a782
                                                                                                                              • Opcode Fuzzy Hash: da0887550f177a20a5adca650a80eb3065253b4758cf57a6ba66e38fd01475e6
                                                                                                                              • Instruction Fuzzy Hash: C6217A71900518FACB119FA5DD84A8EBFB8EB45360F10857AF904B62A0D67A4A509F68
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 6F3A1CCE Relevance: 12.1, APIs: 8, Instructions: 51windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E6F3A1CCE(struct HWND__* _a4) {
				struct tagMSG _v32;
				int _t14;

				SendMessageW(_a4, 0x40d,  *0x6f3a6140, 0);
				ShowWindow( *0x6f3a6140, 8); // executed
				if( *0x6f3a6140 != 0) {
					do {
						GetMessageW( &_v32, 0, 0, 0); // executed
						_t14 = IsDialogMessageW( *0x6f3a6140,  &_v32); // executed
						if(_t14 == 0 && IsDialogMessageW( *0x6f3a6144,  &_v32) == 0) {
							TranslateMessage( &_v32);
							DispatchMessageW( &_v32); // executed
						}
					} while ( *0x6f3a6140 != 0);
				}
				return SetWindowLongW(_a4, 4,  *0x6f3a6148);
			}





                                                                                                                              0x6f3a1ce6
                                                                                                                              0x6f3a1cf4
                                                                                                                              0x6f3a1d00
                                                                                                                              0x6f3a1d09
                                                                                                                              0x6f3a1d10
                                                                                                                              0x6f3a1d20
                                                                                                                              0x6f3a1d24
                                                                                                                              0x6f3a1d3a
                                                                                                                              0x6f3a1d44
                                                                                                                              0x6f3a1d44
                                                                                                                              0x6f3a1d4a
                                                                                                                              0x6f3a1d52
                                                                                                                              0x6f3a1d66

                                                                                                                              APIs
                                                                                                                              • SendMessageW.USER32(?,0000040D,00000000), ref: 6F3A1CE6
                                                                                                                              • ShowWindow.USER32(00000008), ref: 6F3A1CF4
                                                                                                                              • KiUserCallbackDispatcher.NTDLL(?,00000000,00000000,00000000), ref: 6F3A1D10
                                                                                                                              • IsDialogMessageW.USER32(?), ref: 6F3A1D20
                                                                                                                              • IsDialogMessageW.USER32(?), ref: 6F3A1D30
                                                                                                                              • TranslateMessage.USER32(?), ref: 6F3A1D3A
                                                                                                                              • DispatchMessageW.USER32 ref: 6F3A1D44
                                                                                                                              • SetWindowLongW.USER32 ref: 6F3A1D5E
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.699359362.000000006F3A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6F3A0000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.699351571.000000006F3A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699369720.000000006F3A3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699377071.000000006F3A4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699384845.000000006F3A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6f3a0000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Message$DialogWindow$CallbackDispatchDispatcherLongSendShowTranslateUser
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 4159918924-0
                                                                                                                              • Opcode ID: 3a9f246d4c8ba9efb965b0a73057efe0382d5c5c38afde731cc2ff9d72e7e8d3
                                                                                                                              • Instruction ID: e273fb77d14bfee6964399ee741fb8bd608ff640d32ad1d71c64c0adbb695b6a
                                                                                                                              • Opcode Fuzzy Hash: 3a9f246d4c8ba9efb965b0a73057efe0382d5c5c38afde731cc2ff9d72e7e8d3
                                                                                                                              • Instruction Fuzzy Hash: 3F110972800909BBCF12ABA7DC0ED9F7F7DFB56726B004019F62296051D7329475CB60
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040302E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E0040302E(intOrPtr _a4) {
				short _v132;
				long _t6;
				struct HWND__* _t7;
				void* _t13;
				struct HWND__* _t15;

				if(_a4 != 0) {
					_t15 =  *0x420efc; // 0x0
					if(_t15 != 0) {
						_t15 = DestroyWindow(_t15);
					}
					 *0x420efc = 0;
					return _t15;
				}
				__eflags =  *0x420efc; // 0x0
				if(__eflags != 0) {
					return E00406A71(0);
				}
				_t6 = GetTickCount();
				__eflags = _t6 -  *0x42a26c;
				if(_t6 >  *0x42a26c) {
					__eflags =  *0x42a268;
					if( *0x42a268 == 0) {
						_t7 = CreateDialogParamW( *0x42a260, 0x6f, 0, E00402F93, 0);
						 *0x420efc = _t7;
						return ShowWindow(_t7, 5);
					}
					__eflags =  *0x42a314 & 0x00000001;
					if(( *0x42a314 & 0x00000001) != 0) {
						wsprintfW( &_v132, L"... %d%%", E00403012());
						_t13 = E004056CA(0,  &_v132); // executed
						return _t13;
					}
				}
				return _t6;
			}








                                                                                                                              0x0040303d
                                                                                                                              0x0040303f
                                                                                                                              0x00403046
                                                                                                                              0x00403049
                                                                                                                              0x00403049
                                                                                                                              0x0040304f
                                                                                                                              0x00000000
                                                                                                                              0x0040304f
                                                                                                                              0x00403057
                                                                                                                              0x0040305d
                                                                                                                              0x00000000
                                                                                                                              0x00403060
                                                                                                                              0x00403067
                                                                                                                              0x0040306d
                                                                                                                              0x00403073
                                                                                                                              0x00403075
                                                                                                                              0x0040307b
                                                                                                                              0x004030b9
                                                                                                                              0x004030c2
                                                                                                                              0x00000000
                                                                                                                              0x004030c7
                                                                                                                              0x0040307d
                                                                                                                              0x00403084
                                                                                                                              0x00403095
                                                                                                                              0x004030a3
                                                                                                                              0x00000000
                                                                                                                              0x004030a3
                                                                                                                              0x00403084
                                                                                                                              0x004030cf

                                                                                                                              APIs
                                                                                                                              • DestroyWindow.USER32(00000000,00000000), ref: 00403049
                                                                                                                              • GetTickCount.KERNEL32 ref: 00403067
                                                                                                                              • wsprintfW.USER32 ref: 00403095
                                                                                                                                • Part of subcall function 004056CA: lstrlenW.KERNEL32(Extract: browser.maki,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                                                                                • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,Extract: browser.maki,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                                                                                • Part of subcall function 004056CA: lstrcatW.KERNEL32(Extract: browser.maki,004030A8), ref: 00405725
                                                                                                                                • Part of subcall function 004056CA: SetWindowTextW.USER32(Extract: browser.maki,Extract: browser.maki), ref: 00405737
                                                                                                                                • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                                                                • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                                                                                • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                                                              • CreateDialogParamW.USER32 ref: 004030B9
                                                                                                                              • ShowWindow.USER32(00000000,00000005), ref: 004030C7
                                                                                                                                • Part of subcall function 00403012: MulDiv.KERNEL32(00010000,00000064,0000D340), ref: 00403027
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                                                                                              • String ID: ... %d%%
                                                                                                                              • API String ID: 722711167-2449383134
                                                                                                                              • Opcode ID: a65563718f57099a27635650194dd277da09fbe66beefc8d93bb4be83c5e7891
                                                                                                                              • Instruction ID: 5af6bf9b0b70cf9307c1258d0e5a667b07be53d22b58a3258066d7aee54b172b
                                                                                                                              • Opcode Fuzzy Hash: a65563718f57099a27635650194dd277da09fbe66beefc8d93bb4be83c5e7891
                                                                                                                              • Instruction Fuzzy Hash: E8018E70553614DBC7317F60AE08A5A3EACAB00F06F54457AF841B21E9DAB84645CBAE
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004069C5 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004069C5(intOrPtr _a4) {
				short _v576;
				signed int _t13;
				struct HINSTANCE__* _t17;
				signed int _t19;
				void* _t24;

				_t13 = GetSystemDirectoryW( &_v576, 0x104);
				if(_t13 > 0x104) {
					_t13 = 0;
				}
				if(_t13 == 0 ||  *((short*)(_t24 + _t13 * 2 - 0x23e)) == 0x5c) {
					_t19 = 1;
				} else {
					_t19 = 0;
				}
				wsprintfW(_t24 + _t13 * 2 - 0x23c, L"%s%S.dll", 0x40a014 + _t19 * 2, _a4);
				_t17 = LoadLibraryExW( &_v576, 0, 8); // executed
				return _t17;
			}








                                                                                                                              0x004069dc
                                                                                                                              0x004069e5
                                                                                                                              0x004069e7
                                                                                                                              0x004069e7
                                                                                                                              0x004069eb
                                                                                                                              0x004069fe
                                                                                                                              0x004069f8
                                                                                                                              0x004069f8
                                                                                                                              0x004069f8
                                                                                                                              0x00406a17
                                                                                                                              0x00406a2b
                                                                                                                              0x00406a32

                                                                                                                              APIs
                                                                                                                              • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004069DC
                                                                                                                              • wsprintfW.USER32 ref: 00406A17
                                                                                                                              • LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406A2B
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                              • String ID: %s%S.dll$UXTHEME$\
                                                                                                                              • API String ID: 2200240437-1946221925
                                                                                                                              • Opcode ID: 63130bafcb32548bd4340548baa3f8658423137b3882cd96386db367ad08b740
                                                                                                                              • Instruction ID: e2ac2e7087162e0187f8b4d6776822ec24d6e31928394cf94a41c199a4feb156
                                                                                                                              • Opcode Fuzzy Hash: 63130bafcb32548bd4340548baa3f8658423137b3882cd96386db367ad08b740
                                                                                                                              • Instruction Fuzzy Hash: 3AF096B154121DA7DB14AB68DD0EF9B366CAB00705F11447EA646F20E0EB7CDA68CB98
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00404E71 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 78%
                                                                                                                              			E00404E71(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v68;
				char _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				signed int _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				int _t38;
				void* _t44;
				signed int _t46;
				signed int _t50;
				signed int _t52;
				signed int _t53;
				signed int _t55;

				_t23 = _a16;
				_t53 = _a12;
				_t44 = 0xffffffdc;
				if(_t23 == 0) {
					_push(0x14);
					_pop(0);
					_t24 = _t53;
					if(_t53 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t44 = 0xffffffdd;
					}
					if(_t53 < 0x400) {
						_t44 = 0xffffffde;
					}
					if(_t53 < 0xffff3333) {
						_t52 = 0x14;
						asm("cdq");
						_t24 = 1 / _t52 + _t53;
					}
					_t25 = _t24 & 0x00ffffff;
					_t55 = _t24 >> 0;
					_t46 = 0xa;
					_t50 = ((_t24 & 0x00ffffff) + _t25 * 4 + (_t24 & 0x00ffffff) + _t25 * 4 >> 0) % _t46;
				} else {
					_t55 = (_t23 << 0x00000020 | _t53) >> 0x14;
					_t50 = 0;
				}
				_t31 = E004066A5(_t44, _t50, _t55,  &_v68, 0xffffffdf);
				_t33 = E004066A5(_t44, _t50, _t55,  &_v132, _t44);
				_t34 = E004066A5(_t44, _t50, 0x423748, 0x423748, _a8);
				wsprintfW(_t34 + lstrlenW(0x423748) * 2, L"%u.%u%s%s", _t55, _t50, _t33, _t31);
				_t38 = SetDlgItemTextW( *0x429238, _a4, 0x423748); // executed
				return _t38;
			}




















                                                                                                                              0x00404e7a
                                                                                                                              0x00404e7f
                                                                                                                              0x00404e87
                                                                                                                              0x00404e88
                                                                                                                              0x00404e95
                                                                                                                              0x00404e9d
                                                                                                                              0x00404e9e
                                                                                                                              0x00404ea0
                                                                                                                              0x00404ea2
                                                                                                                              0x00404ea4
                                                                                                                              0x00404ea7
                                                                                                                              0x00404ea7
                                                                                                                              0x00404eae
                                                                                                                              0x00404eb4
                                                                                                                              0x00404eb4
                                                                                                                              0x00404ebb
                                                                                                                              0x00404ec2
                                                                                                                              0x00404ec5
                                                                                                                              0x00404ec8
                                                                                                                              0x00404ec8
                                                                                                                              0x00404ecc
                                                                                                                              0x00404edc
                                                                                                                              0x00404ede
                                                                                                                              0x00404ee1
                                                                                                                              0x00404e8a
                                                                                                                              0x00404e8a
                                                                                                                              0x00404e91
                                                                                                                              0x00404e91
                                                                                                                              0x00404ee9
                                                                                                                              0x00404ef4
                                                                                                                              0x00404f0a
                                                                                                                              0x00404f1b
                                                                                                                              0x00404f2e
                                                                                                                              0x00404f37

                                                                                                                              APIs
                                                                                                                              • lstrlenW.KERNEL32(00423748,00423748,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404F12
                                                                                                                              • wsprintfW.USER32 ref: 00404F1B
                                                                                                                              • SetDlgItemTextW.USER32 ref: 00404F2E
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ItemTextlstrlenwsprintf
                                                                                                                              • String ID: %u.%u%s%s$H7B
                                                                                                                              • API String ID: 3540041739-107966168
                                                                                                                              • Opcode ID: 2edccdcb36c72f9bdce7a586f7ca7ee262dfb9f9a49697097ea36a1117f17e36
                                                                                                                              • Instruction ID: 20619224473e8c08b4fba53027c62ddcf1c3fef784a2ba69f514aa474de30786
                                                                                                                              • Opcode Fuzzy Hash: 2edccdcb36c72f9bdce7a586f7ca7ee262dfb9f9a49697097ea36a1117f17e36
                                                                                                                              • Instruction Fuzzy Hash: 1A11D8736041283BDB00A5ADDC45E9F3298AB81338F150637FA26F61D1EA79882182E8
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405B99 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00405B99(WCHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x4083f8;
				_v36.Group = 0x4083f8;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x4083e8;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryW(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityW(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                                                                                                              0x00405ba4
                                                                                                                              0x00405ba8
                                                                                                                              0x00405bab
                                                                                                                              0x00405bb1
                                                                                                                              0x00405bb5
                                                                                                                              0x00405bb9
                                                                                                                              0x00405bc1
                                                                                                                              0x00405bc8
                                                                                                                              0x00405bce
                                                                                                                              0x00405bd5
                                                                                                                              0x00405bdc
                                                                                                                              0x00405be4
                                                                                                                              0x00405be6
                                                                                                                              0x00000000
                                                                                                                              0x00405be6
                                                                                                                              0x00405bf0
                                                                                                                              0x00405bf7
                                                                                                                              0x00405c0d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405c0f
                                                                                                                              0x00405c13

                                                                                                                              APIs
                                                                                                                              • CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405BDC
                                                                                                                              • GetLastError.KERNEL32 ref: 00405BF0
                                                                                                                              • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405C05
                                                                                                                              • GetLastError.KERNEL32 ref: 00405C0F
                                                                                                                              Strings
                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00405BBF
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                              • API String ID: 3449924974-823278215
                                                                                                                              • Opcode ID: 4d8c721838b8a92ea27708fe49d100345a2f80ebd1be40878b53e15a1b169c58
                                                                                                                              • Instruction ID: 886f74eda6482ab63e8fe18d08a652fea41827dc0a526659a7d7b5e138c44e4e
                                                                                                                              • Opcode Fuzzy Hash: 4d8c721838b8a92ea27708fe49d100345a2f80ebd1be40878b53e15a1b169c58
                                                                                                                              • Instruction Fuzzy Hash: 95010871D04219EAEF009FA1CD44BEFBBB8EF14314F04403ADA44B6180E7789648CB99
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00401D81 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 77%
                                                                                                                              			E00401D81(void* __ebx, void* __edx) {
				struct HWND__* _t30;
				WCHAR* _t38;
				long _t47;
				void* _t48;
				void* _t53;
				signed int _t55;
				signed int _t60;
				long _t63;
				void* _t65;

				_t53 = __ebx;
				if(( *(_t65 - 0x23) & 0x00000001) == 0) {
					_t30 = GetDlgItem( *(_t65 - 8),  *(_t65 - 0x28));
				} else {
					E00402D84(2);
					 *((intOrPtr*)(__ebp - 0x10)) = __edx;
				}
				_t55 =  *(_t65 - 0x24);
				 *(_t65 + 8) = _t30;
				_t60 = _t55 & 0x00000004;
				 *(_t65 - 0x38) = _t55 & 0x00000003;
				 *(_t65 - 0x18) = _t55 >> 0x1f;
				 *(_t65 - 0x40) = _t55 >> 0x0000001e & 0x00000001;
				if((_t55 & 0x00010000) == 0) {
					_t38 =  *(_t65 - 0x2c) & 0x0000ffff;
				} else {
					_t38 = E00402DA6(0x11);
				}
				 *(_t65 - 0x44) = _t38;
				GetClientRect( *(_t65 + 8), _t65 - 0x60);
				asm("sbb esi, esi");
				_t47 = LoadImageW( ~_t60 &  *0x42a260,  *(_t65 - 0x44),  *(_t65 - 0x38),  *(_t65 - 0x58) *  *(_t65 - 0x18),  *(_t65 - 0x54) *  *(_t65 - 0x40),  *(_t65 - 0x24) & 0x0000fef0); // executed
				_t63 = _t47;
				_t48 = SendMessageW( *(_t65 + 8), 0x172,  *(_t65 - 0x38), _t63); // executed
				if(_t48 != _t53 &&  *(_t65 - 0x38) == _t53) {
					DeleteObject(_t48);
				}
				if( *((intOrPtr*)(_t65 - 0x30)) >= _t53) {
					_push(_t63);
					E004065AF();
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t65 - 4));
				return 0;
			}












                                                                                                                              0x00401d81
                                                                                                                              0x00401d85
                                                                                                                              0x00401d9a
                                                                                                                              0x00401d87
                                                                                                                              0x00401d89
                                                                                                                              0x00401d8f
                                                                                                                              0x00401d8f
                                                                                                                              0x00401da0
                                                                                                                              0x00401da3
                                                                                                                              0x00401dad
                                                                                                                              0x00401db0
                                                                                                                              0x00401db8
                                                                                                                              0x00401dc9
                                                                                                                              0x00401dcc
                                                                                                                              0x00401dd7
                                                                                                                              0x00401dce
                                                                                                                              0x00401dd0
                                                                                                                              0x00401dd0
                                                                                                                              0x00401ddb
                                                                                                                              0x00401de5
                                                                                                                              0x00401e0c
                                                                                                                              0x00401e15
                                                                                                                              0x00401e1b
                                                                                                                              0x00401e29
                                                                                                                              0x00401e31
                                                                                                                              0x00401e39
                                                                                                                              0x00401e39
                                                                                                                              0x00401e42
                                                                                                                              0x00401e48
                                                                                                                              0x00402ba4
                                                                                                                              0x00402ba4
                                                                                                                              0x00402c2d
                                                                                                                              0x00402c39

                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1849352358-0
                                                                                                                              • Opcode ID: 100b3177012869429c2005611ce111630833f28d1ab152a2d5a2575cfc39775b
                                                                                                                              • Instruction ID: 4d725fdcf847a80329c23b38d7164c003567f542edd6fcacfb34c9ebeef40da9
                                                                                                                              • Opcode Fuzzy Hash: 100b3177012869429c2005611ce111630833f28d1ab152a2d5a2575cfc39775b
                                                                                                                              • Instruction Fuzzy Hash: 67212672904119AFCB05CBA4DE45AEEBBB5EF08304F14003AF945F62A0CB389951DB98
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 6F561817 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 88%
                                                                                                                              			E6F561817(void* __edx, void* __edi, void* __esi, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void _v36;
				char _v136;
				struct HINSTANCE__* _t37;
				intOrPtr _t42;
				void* _t48;
				void* _t49;
				void* _t50;
				void* _t54;
				intOrPtr _t57;
				signed int _t61;
				signed int _t63;
				void* _t67;
				void* _t68;
				void* _t72;
				void* _t76;

				_t76 = __esi;
				_t68 = __edi;
				_t67 = __edx;
				 *0x6f56506c = _a8;
				 *0x6f565070 = _a16;
				 *0x6f565074 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x6f565048, E6F561651);
				_push(1); // executed
				_t37 = E6F561BFF(); // executed
				_t54 = _t37;
				if(_t54 == 0) {
					L28:
					return _t37;
				} else {
					if( *((intOrPtr*)(_t54 + 4)) != 1) {
						E6F56243E(_t54);
					}
					_push(_t54);
					E6F562480(_t67);
					_t57 =  *((intOrPtr*)(_t54 + 4));
					if(_t57 == 0xffffffff) {
						L14:
						if(( *(_t54 + 0x1010) & 0x00000004) == 0) {
							if( *((intOrPtr*)(_t54 + 4)) == 0) {
								_push(_t54);
								_t37 = E6F562655();
							} else {
								_push(_t76);
								_push(_t68);
								_t61 = 8;
								_t13 = _t54 + 0x1018; // 0x1018
								memcpy( &_v36, _t13, _t61 << 2);
								_t42 = E6F561666(_t54,  &_v136);
								 *(_t54 + 0x1034) =  *(_t54 + 0x1034) & 0x00000000;
								_t18 = _t54 + 0x1018; // 0x1018
								_t72 = _t18;
								_push(_t54);
								 *((intOrPtr*)(_t54 + 0x1020)) = _t42;
								 *_t72 = 4;
								E6F562655();
								_t63 = 8;
								_t37 = memcpy(_t72,  &_v36, _t63 << 2);
							}
						} else {
							_push(_t54);
							E6F562655();
							_t37 = GlobalFree(E6F561312(E6F561654(_t54)));
						}
						if( *((intOrPtr*)(_t54 + 4)) != 1) {
							_t37 = E6F562618(_t54);
							if(( *(_t54 + 0x1010) & 0x00000040) != 0 &&  *_t54 == 1) {
								_t37 =  *(_t54 + 0x1008);
								if(_t37 != 0) {
									_t37 = FreeLibrary(_t37);
								}
							}
							if(( *(_t54 + 0x1010) & 0x00000020) != 0) {
								_t37 = E6F5615DD( *0x6f565068);
							}
						}
						if(( *(_t54 + 0x1010) & 0x00000002) != 0) {
							goto L28;
						} else {
							return GlobalFree(_t54);
						}
					}
					_t48 =  *_t54;
					if(_t48 == 0) {
						if(_t57 != 1) {
							goto L14;
						}
						E6F562E23(_t54);
						L12:
						_t54 = _t48;
						L13:
						goto L14;
					}
					_t49 = _t48 - 1;
					if(_t49 == 0) {
						L8:
						_t48 = E6F562B98(_t57, _t54); // executed
						goto L12;
					}
					_t50 = _t49 - 1;
					if(_t50 == 0) {
						E6F562810(_t54);
						goto L13;
					}
					if(_t50 != 1) {
						goto L14;
					}
					goto L8;
				}
			}


















                                                                                                                              0x6f561817
                                                                                                                              0x6f561817
                                                                                                                              0x6f561817
                                                                                                                              0x6f561824
                                                                                                                              0x6f56182c
                                                                                                                              0x6f561839
                                                                                                                              0x6f561847
                                                                                                                              0x6f56184a
                                                                                                                              0x6f56184c
                                                                                                                              0x6f561851
                                                                                                                              0x6f561856
                                                                                                                              0x6f561978
                                                                                                                              0x6f561978
                                                                                                                              0x6f56185c
                                                                                                                              0x6f561860
                                                                                                                              0x6f561863
                                                                                                                              0x6f561868
                                                                                                                              0x6f561869
                                                                                                                              0x6f56186a
                                                                                                                              0x6f561870
                                                                                                                              0x6f561876
                                                                                                                              0x6f5618a6
                                                                                                                              0x6f5618ad
                                                                                                                              0x6f5618d1
                                                                                                                              0x6f56191e
                                                                                                                              0x6f56191f
                                                                                                                              0x6f5618d3
                                                                                                                              0x6f5618d3
                                                                                                                              0x6f5618d4
                                                                                                                              0x6f5618dd
                                                                                                                              0x6f5618de
                                                                                                                              0x6f5618e8
                                                                                                                              0x6f5618eb
                                                                                                                              0x6f5618f0
                                                                                                                              0x6f5618f7
                                                                                                                              0x6f5618f7
                                                                                                                              0x6f5618fd
                                                                                                                              0x6f5618fe
                                                                                                                              0x6f561904
                                                                                                                              0x6f56190a
                                                                                                                              0x6f561917
                                                                                                                              0x6f561918
                                                                                                                              0x6f56191b
                                                                                                                              0x6f5618af
                                                                                                                              0x6f5618af
                                                                                                                              0x6f5618b0
                                                                                                                              0x6f5618c5
                                                                                                                              0x6f5618c5
                                                                                                                              0x6f561929
                                                                                                                              0x6f56192c
                                                                                                                              0x6f561939
                                                                                                                              0x6f561940
                                                                                                                              0x6f561948
                                                                                                                              0x6f56194b
                                                                                                                              0x6f56194b
                                                                                                                              0x6f561948
                                                                                                                              0x6f561958
                                                                                                                              0x6f561960
                                                                                                                              0x6f561965
                                                                                                                              0x6f561958
                                                                                                                              0x6f56196d
                                                                                                                              0x00000000
                                                                                                                              0x6f56196f
                                                                                                                              0x00000000
                                                                                                                              0x6f561970
                                                                                                                              0x6f56196d
                                                                                                                              0x6f56187a
                                                                                                                              0x6f56187d
                                                                                                                              0x6f56189b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f56189e
                                                                                                                              0x6f5618a3
                                                                                                                              0x6f5618a3
                                                                                                                              0x6f5618a5
                                                                                                                              0x00000000
                                                                                                                              0x6f5618a5
                                                                                                                              0x6f56187f
                                                                                                                              0x6f561880
                                                                                                                              0x6f561888
                                                                                                                              0x6f561889
                                                                                                                              0x00000000
                                                                                                                              0x6f561889
                                                                                                                              0x6f561882
                                                                                                                              0x6f561883
                                                                                                                              0x6f561891
                                                                                                                              0x00000000
                                                                                                                              0x6f561891
                                                                                                                              0x6f561886
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f561886

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 6F561BFF: GlobalFree.KERNEL32 ref: 6F561E74
                                                                                                                                • Part of subcall function 6F561BFF: GlobalFree.KERNEL32 ref: 6F561E79
                                                                                                                                • Part of subcall function 6F561BFF: GlobalFree.KERNEL32 ref: 6F561E7E
                                                                                                                              • GlobalFree.KERNEL32 ref: 6F5618C5
                                                                                                                              • FreeLibrary.KERNEL32(?), ref: 6F56194B
                                                                                                                              • GlobalFree.KERNEL32 ref: 6F561970
                                                                                                                                • Part of subcall function 6F56243E: GlobalAlloc.KERNEL32(00000040,?), ref: 6F56246F
                                                                                                                                • Part of subcall function 6F562810: GlobalAlloc.KERNEL32(00000040,00000000,?,?,00000000,?,?,?,6F561896,00000000), ref: 6F5628E0
                                                                                                                                • Part of subcall function 6F561666: wsprintfW.USER32 ref: 6F561694
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.699435220.000000006F561000.00000020.00000001.01000000.00000004.sdmp, Offset: 6F560000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.699425612.000000006F560000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699447140.000000006F564000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699455238.000000006F566000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6f560000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Global$Free$Alloc$Librarywsprintf
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3962662361-3916222277
                                                                                                                              • Opcode ID: f41c38501607713a9df34b7d8b27d2338305285f82a253031c0fd476f254729d
                                                                                                                              • Instruction ID: e5888d6732bcd9c5730500e6cb81b507a36ec8f52a6d84fce75141e7412e3e84
                                                                                                                              • Opcode Fuzzy Hash: f41c38501607713a9df34b7d8b27d2338305285f82a253031c0fd476f254729d
                                                                                                                              • Instruction Fuzzy Hash: FD4180718003459ADF109F38D988BF53BA8AF06768F05457AE975AE0F6DB74EC84C7A0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00401C43 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 59%
                                                                                                                              			E00401C43(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				WCHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t63;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402D84(3);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 - 0x18) = _t29;
				_t30 = E00402D84(4);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x1c) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x18)) = E00402DA6(0x33);
				}
				__eflags =  *(_t64 - 0x1c) & 0x00000002;
				if(( *(_t64 - 0x1c) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402DA6(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x34)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t61 = E00402DA6();
					_t32 = E00402DA6();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t61;
					__eflags = _t35;
					_t36 = FindWindowExW( *(_t64 - 0x18),  *(_t64 + 8), _t35,  ~( *_t32) & _t32); // executed
					goto L10;
				} else {
					_t63 = E00402D84();
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t41 = E00402D84(2);
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t56 =  *(_t64 - 0x1c) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8)); // executed
						L10:
						 *(_t64 - 0x38) = _t36;
					} else {
						_t42 = SendMessageTimeoutW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8), _t46, _t56, _t64 - 0x38);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x30)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x30)) >= _t46) {
					_push( *(_t64 - 0x38));
					E004065AF();
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}















                                                                                                                              0x00401c43
                                                                                                                              0x00401c45
                                                                                                                              0x00401c4c
                                                                                                                              0x00401c4f
                                                                                                                              0x00401c52
                                                                                                                              0x00401c5c
                                                                                                                              0x00401c60
                                                                                                                              0x00401c63
                                                                                                                              0x00401c6c
                                                                                                                              0x00401c6c
                                                                                                                              0x00401c6f
                                                                                                                              0x00401c73
                                                                                                                              0x00401c7c
                                                                                                                              0x00401c7c
                                                                                                                              0x00401c7f
                                                                                                                              0x00401c83
                                                                                                                              0x00401c85
                                                                                                                              0x00401cda
                                                                                                                              0x00401cdc
                                                                                                                              0x00401ce7
                                                                                                                              0x00401cf1
                                                                                                                              0x00401cf4
                                                                                                                              0x00401cf4
                                                                                                                              0x00401cfd
                                                                                                                              0x00000000
                                                                                                                              0x00401c87
                                                                                                                              0x00401c8e
                                                                                                                              0x00401c90
                                                                                                                              0x00401c93
                                                                                                                              0x00401c99
                                                                                                                              0x00401ca0
                                                                                                                              0x00401ca3
                                                                                                                              0x00401ccb
                                                                                                                              0x00401d03
                                                                                                                              0x00401d03
                                                                                                                              0x00401ca5
                                                                                                                              0x00401cb3
                                                                                                                              0x00401cbb
                                                                                                                              0x00401cbe
                                                                                                                              0x00401cbe
                                                                                                                              0x00401ca3
                                                                                                                              0x00401d06
                                                                                                                              0x00401d09
                                                                                                                              0x00401d0f
                                                                                                                              0x00402ba4
                                                                                                                              0x00402ba4
                                                                                                                              0x00402c2d
                                                                                                                              0x00402c39

                                                                                                                              APIs
                                                                                                                              • SendMessageTimeoutW.USER32 ref: 00401CB3
                                                                                                                              • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CCB
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSend$Timeout
                                                                                                                              • String ID: !
                                                                                                                              • API String ID: 1777923405-2657877971
                                                                                                                              • Opcode ID: b183ccb6ab3284ced798d12f720e161a9248df31e23c89b80f307d5b894ef539
                                                                                                                              • Instruction ID: e1c20d37316975b9b94706f7b3abd8da4b7b3b5136eece5bd2aa3cbae88a6c19
                                                                                                                              • Opcode Fuzzy Hash: b183ccb6ab3284ced798d12f720e161a9248df31e23c89b80f307d5b894ef539
                                                                                                                              • Instruction Fuzzy Hash: 28219E7190420AEFEF05AFA4D94AAAE7BB4FF44304F14453EF601B61D0D7B88941CB98
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040248A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 85%
                                                                                                                              			E0040248A(void* __eax, int __ebx, intOrPtr __edx, void* __eflags) {
				void* _t20;
				void* _t21;
				int _t24;
				long _t25;
				char _t27;
				int _t30;
				void* _t32;
				intOrPtr _t33;
				void* _t34;
				intOrPtr _t37;
				void* _t39;
				void* _t42;

				_t42 = __eflags;
				_t33 = __edx;
				_t30 = __ebx;
				_t37 =  *((intOrPtr*)(_t39 - 0x20));
				_t34 = __eax;
				 *(_t39 - 0x10) =  *(_t39 - 0x1c);
				 *(_t39 - 0x44) = E00402DA6(2);
				_t20 = E00402DA6(0x11);
				 *(_t39 - 4) = 1;
				_t21 = E00402E36(_t42, _t34, _t20, 2); // executed
				 *(_t39 + 8) = _t21;
				if(_t21 != __ebx) {
					_t24 = 0;
					if(_t37 == 1) {
						E00402DA6(0x23);
						_t24 = lstrlenW(0x40b5f8) + _t29 + 2;
					}
					if(_t37 == 4) {
						_t27 = E00402D84(3);
						_pop(_t32);
						 *0x40b5f8 = _t27;
						 *((intOrPtr*)(_t39 - 0x38)) = _t33;
						_t24 = _t37;
					}
					if(_t37 == 3) {
						_t24 = E00403371(_t32,  *((intOrPtr*)(_t39 - 0x24)), _t30, 0x40b5f8, 0x1800);
					}
					_t25 = RegSetValueExW( *(_t39 + 8),  *(_t39 - 0x44), _t30,  *(_t39 - 0x10), 0x40b5f8, _t24); // executed
					if(_t25 == 0) {
						 *(_t39 - 4) = _t30;
					}
					_push( *(_t39 + 8));
					RegCloseKey(); // executed
				}
				 *0x42a2e8 =  *0x42a2e8 +  *(_t39 - 4);
				return 0;
			}















                                                                                                                              0x0040248a
                                                                                                                              0x0040248a
                                                                                                                              0x0040248a
                                                                                                                              0x0040248a
                                                                                                                              0x0040248d
                                                                                                                              0x00402494
                                                                                                                              0x0040249e
                                                                                                                              0x004024a1
                                                                                                                              0x004024aa
                                                                                                                              0x004024b1
                                                                                                                              0x004024b8
                                                                                                                              0x004024bb
                                                                                                                              0x004024c1
                                                                                                                              0x004024cb
                                                                                                                              0x004024cf
                                                                                                                              0x004024da
                                                                                                                              0x004024da
                                                                                                                              0x004024e1
                                                                                                                              0x004024e5
                                                                                                                              0x004024ea
                                                                                                                              0x004024eb
                                                                                                                              0x004024f1
                                                                                                                              0x004024f4
                                                                                                                              0x004024f4
                                                                                                                              0x004024f8
                                                                                                                              0x00402504
                                                                                                                              0x00402504
                                                                                                                              0x00402515
                                                                                                                              0x0040251d
                                                                                                                              0x0040251f
                                                                                                                              0x0040251f
                                                                                                                              0x00402522
                                                                                                                              0x004025fd
                                                                                                                              0x004025fd
                                                                                                                              0x00402c2d
                                                                                                                              0x00402c39

                                                                                                                              APIs
                                                                                                                              • lstrlenW.KERNEL32(Interactive User,00000023,00000011,00000002), ref: 004024D5
                                                                                                                              • RegSetValueExW.KERNELBASE(?,?,?,?,Interactive User,00000000,00000011,00000002), ref: 00402515
                                                                                                                              • RegCloseKey.KERNELBASE(?,?,?,Interactive User,00000000,00000011,00000002), ref: 004025FD
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseValuelstrlen
                                                                                                                              • String ID: Interactive User
                                                                                                                              • API String ID: 2655323295-1264159178
                                                                                                                              • Opcode ID: ccbced7c383fe36513b27ab0f3831983de96ef15fa0590e398bf5cccbf7e4235
                                                                                                                              • Instruction ID: a516967871aadb8e7373f7254d3c24ec0cdbd982f2b4049ed7d94b0996b6da2b
                                                                                                                              • Opcode Fuzzy Hash: ccbced7c383fe36513b27ab0f3831983de96ef15fa0590e398bf5cccbf7e4235
                                                                                                                              • Instruction Fuzzy Hash: 4011AF71E00108BEEF10AFA1CE49EAEB6B8EB44354F11443AF404B61C1DBB98D409658
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00406187 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00406187(void* __ecx, WCHAR* _a4, WCHAR* _a8) {
				intOrPtr _v8;
				short _v12;
				short _t12;
				intOrPtr _t13;
				signed int _t14;
				WCHAR* _t17;
				signed int _t19;
				signed short _t23;
				WCHAR* _t26;

				_t26 = _a4;
				_t23 = 0x64;
				while(1) {
					_t12 =  *L"nsa"; // 0x73006e
					_t23 = _t23 - 1;
					_v12 = _t12;
					_t13 =  *0x40a5ac; // 0x61
					_v8 = _t13;
					_t14 = GetTickCount();
					_t19 = 0x1a;
					_v8 = _v8 + _t14 % _t19;
					_t17 = GetTempFileNameW(_a8,  &_v12, 0, _t26); // executed
					if(_t17 != 0) {
						break;
					}
					if(_t23 != 0) {
						continue;
					} else {
						 *_t26 =  *_t26 & _t23;
					}
					L4:
					return _t17;
				}
				_t17 = _t26;
				goto L4;
			}












                                                                                                                              0x0040618d
                                                                                                                              0x00406193
                                                                                                                              0x00406194
                                                                                                                              0x00406194
                                                                                                                              0x00406199
                                                                                                                              0x0040619a
                                                                                                                              0x0040619d
                                                                                                                              0x004061a2
                                                                                                                              0x004061a5
                                                                                                                              0x004061af
                                                                                                                              0x004061bc
                                                                                                                              0x004061c0
                                                                                                                              0x004061c8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004061cc
                                                                                                                              0x00000000
                                                                                                                              0x004061ce
                                                                                                                              0x004061ce
                                                                                                                              0x004061ce
                                                                                                                              0x004061d1
                                                                                                                              0x004061d4
                                                                                                                              0x004061d4
                                                                                                                              0x004061d7
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • GetTickCount.KERNEL32 ref: 004061A5
                                                                                                                              • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,?,0040363E,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 004061C0
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CountFileNameTempTick
                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                              • API String ID: 1716503409-44229769
                                                                                                                              • Opcode ID: 6315ab6e6f8253ba2c88c9b6803a176270f8621abb800126aa0f3c3b7b9ef66c
                                                                                                                              • Instruction ID: 21b676f9b33da427d45e0b2d6905a63b6509bf3d89a4e990effff8b21c6fdcbe
                                                                                                                              • Opcode Fuzzy Hash: 6315ab6e6f8253ba2c88c9b6803a176270f8621abb800126aa0f3c3b7b9ef66c
                                                                                                                              • Instruction Fuzzy Hash: C3F09076700214BFEB008F59DD05E9AB7BCEBA1710F11803AEE05EB180E6B0A9648768
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004020D8 Relevance: 6.1, APIs: 4, Instructions: 73libraryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 60%
                                                                                                                              			E004020D8(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t23;
				struct HINSTANCE__* _t31;
				void* _t32;
				WCHAR* _t35;
				intOrPtr* _t36;
				void* _t37;
				void* _t39;

				_t32 = __ebx;
				asm("sbb eax, 0x42a320");
				 *(_t39 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x42a2e8 =  *0x42a2e8 +  *(_t39 - 4);
					return 0;
				}
				_t35 = E00402DA6(0xfffffff0);
				 *((intOrPtr*)(_t39 - 0x44)) = E00402DA6(1);
				if( *((intOrPtr*)(_t39 - 0x20)) == __ebx) {
					L3:
					_t23 = LoadLibraryExW(_t35, _t32, 8); // executed
					_t47 = _t23 - _t32;
					 *(_t39 + 8) = _t23;
					if(_t23 == _t32) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t36 = E00406AA4(_t47,  *(_t39 + 8),  *((intOrPtr*)(_t39 - 0x44)));
					if(_t36 == _t32) {
						E004056CA(0xfffffff7,  *((intOrPtr*)(_t39 - 0x44)));
					} else {
						 *(_t39 - 4) = _t32;
						if( *((intOrPtr*)(_t39 - 0x28)) == _t32) {
							 *_t36( *((intOrPtr*)(_t39 - 8)), 0x400, _t37, 0x40ce58, 0x40a000); // executed
						} else {
							E00401423( *((intOrPtr*)(_t39 - 0x28)));
							if( *_t36() != 0) {
								 *(_t39 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t39 - 0x24)) == _t32 && E00403CB7( *(_t39 + 8)) != 0) {
						FreeLibrary( *(_t39 + 8)); // executed
					}
					goto L16;
				}
				_t31 = GetModuleHandleW(_t35); // executed
				 *(_t39 + 8) = _t31;
				if(_t31 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                                                                                              0x004020d8
                                                                                                                              0x004020d8
                                                                                                                              0x004020dd
                                                                                                                              0x004020e4
                                                                                                                              0x004021a3
                                                                                                                              0x004022f1
                                                                                                                              0x004022f1
                                                                                                                              0x00402c2a
                                                                                                                              0x00402c2d
                                                                                                                              0x00402c39
                                                                                                                              0x00402c39
                                                                                                                              0x004020f3
                                                                                                                              0x004020fd
                                                                                                                              0x00402100
                                                                                                                              0x00402110
                                                                                                                              0x00402114
                                                                                                                              0x0040211a
                                                                                                                              0x0040211c
                                                                                                                              0x0040211f
                                                                                                                              0x0040219c
                                                                                                                              0x00000000
                                                                                                                              0x0040219c
                                                                                                                              0x00402121
                                                                                                                              0x0040212c
                                                                                                                              0x00402130
                                                                                                                              0x00402170
                                                                                                                              0x00402132
                                                                                                                              0x00402135
                                                                                                                              0x00402138
                                                                                                                              0x00402164
                                                                                                                              0x0040213a
                                                                                                                              0x0040213d
                                                                                                                              0x00402146
                                                                                                                              0x00402148
                                                                                                                              0x00402148
                                                                                                                              0x00402146
                                                                                                                              0x00402138
                                                                                                                              0x00402178
                                                                                                                              0x00402191
                                                                                                                              0x00402191
                                                                                                                              0x00000000
                                                                                                                              0x00402178
                                                                                                                              0x00402103
                                                                                                                              0x0040210b
                                                                                                                              0x0040210e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 00402103
                                                                                                                              • LoadLibraryExW.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00402114
                                                                                                                              • KiUserCallbackDispatcher.NTDLL(?,00000400,?,0040CE58,0040A000,?,00000008,00000001,000000F0), ref: 00402164
                                                                                                                                • Part of subcall function 004056CA: lstrlenW.KERNEL32(Extract: browser.maki,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                                                                                • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,Extract: browser.maki,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                                                                                • Part of subcall function 004056CA: lstrcatW.KERNEL32(Extract: browser.maki,004030A8), ref: 00405725
                                                                                                                                • Part of subcall function 004056CA: SetWindowTextW.USER32(Extract: browser.maki,Extract: browser.maki), ref: 00405737
                                                                                                                                • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                                                                • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                                                                                • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                                                              • FreeLibrary.KERNELBASE(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 00402191
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSend$Librarylstrlen$CallbackDispatcherFreeHandleLoadModuleTextUserWindowlstrcat
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 719239633-0
                                                                                                                              • Opcode ID: 52f8d756bd50154f6a3dea7293860066d65bf9effb7e174b318ab9c425843f66
                                                                                                                              • Instruction ID: 1e7e134340f86907485d462c64894228b35b3344cd4f3d252167f9901203d809
                                                                                                                              • Opcode Fuzzy Hash: 52f8d756bd50154f6a3dea7293860066d65bf9effb7e174b318ab9c425843f66
                                                                                                                              • Instruction Fuzzy Hash: C521C231904104FADF11AFA5CF48A9D7A70BF48354F60413BF605B91E0DBBD8A929A5D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 6FED15AC Relevance: 6.0, APIs: 4, Instructions: 35synchronizationthreadCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E6FED15AC(void* __eflags) {
				long _v8;
				short _v40;
				void* _t20;

				_v8 = 0xfffffff9;
				E6FED18C6( &_v40);
				_t20 = E6FED1947( &_v40);
				if(_t20 != 0) {
					WaitForSingleObject(_t20, 0xffffffff);
					GetExitCodeThread(_t20,  &_v8); // executed
					CloseHandle(_t20);
				}
				wsprintfW( &_v40, L"%d", _v8);
				return E6FED1901( &_v40);
			}






                                                                                                                              0x6fed15b7
                                                                                                                              0x6fed15be
                                                                                                                              0x6fed15cc
                                                                                                                              0x6fed15d0
                                                                                                                              0x6fed15d5
                                                                                                                              0x6fed15e0
                                                                                                                              0x6fed15e7
                                                                                                                              0x6fed15e7
                                                                                                                              0x6fed15f9
                                                                                                                              0x6fed160d

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 6FED18C6: lstrcpyW.KERNEL32 ref: 6FED18DF
                                                                                                                                • Part of subcall function 6FED18C6: GlobalFree.KERNEL32 ref: 6FED18F0
                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?), ref: 6FED15D5
                                                                                                                              • GetExitCodeThread.KERNELBASE(00000000,FFFFFFF9), ref: 6FED15E0
                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 6FED15E7
                                                                                                                              • wsprintfW.USER32 ref: 6FED15F9
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.699472199.000000006FED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FED0000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.699464369.000000006FED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699480141.000000006FED2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699488485.000000006FED4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6fed0000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseCodeExitFreeGlobalHandleObjectSingleThreadWaitlstrcpywsprintf
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1240621934-0
                                                                                                                              • Opcode ID: 5caba85c47e0ac1e5e48b433a0b6a5657d92edbcb4669dba896289cce4ba8d3d
                                                                                                                              • Instruction ID: d9119855b82c2400be5e158cc18a463beabaf39e1e4f0b2bd844e38234cf067a
                                                                                                                              • Opcode Fuzzy Hash: 5caba85c47e0ac1e5e48b433a0b6a5657d92edbcb4669dba896289cce4ba8d3d
                                                                                                                              • Instruction Fuzzy Hash: 0EF01DB280151DABCF01EBF49D48CCE7BBDAF0A2287200255F511E2584D739EB16C7A1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 86%
                                                                                                                              			E004015C1(short __ebx, void* __eflags) {
				void* _t17;
				int _t23;
				void* _t25;
				signed char _t26;
				short _t28;
				short _t31;
				short* _t34;
				void* _t36;

				_t28 = __ebx;
				 *(_t36 + 8) = E00402DA6(0xfffffff0);
				_t17 = E00405FE2(_t16);
				_t32 = _t17;
				if(_t17 != __ebx) {
					do {
						_t34 = E00405F64(_t32, 0x5c);
						_t31 =  *_t34;
						 *_t34 = _t28;
						if(_t31 != _t28) {
							L5:
							_t25 = E00405C16( *(_t36 + 8));
						} else {
							_t42 =  *((intOrPtr*)(_t36 - 0x28)) - _t28;
							if( *((intOrPtr*)(_t36 - 0x28)) == _t28 || E00405C33(_t42) == 0) {
								goto L5;
							} else {
								_t25 = E00405B99( *(_t36 + 8)); // executed
							}
						}
						if(_t25 != _t28) {
							if(_t25 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
							} else {
								_t26 = GetFileAttributesW( *(_t36 + 8)); // executed
								if((_t26 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						 *_t34 = _t31;
						_t32 = _t34 + 2;
					} while (_t31 != _t28);
				}
				if( *((intOrPtr*)(_t36 - 0x2c)) == _t28) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00406668(L"C:\\Program Files (x86)\\Winamp\\Plugins\\freeform\\xml\\winamp\\thinger",  *(_t36 + 8));
					_t23 = SetCurrentDirectoryW( *(_t36 + 8)); // executed
					if(_t23 == 0) {
						 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
					}
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t36 - 4));
				return 0;
			}











                                                                                                                              0x004015c1
                                                                                                                              0x004015c9
                                                                                                                              0x004015cc
                                                                                                                              0x004015d1
                                                                                                                              0x004015d5
                                                                                                                              0x004015d7
                                                                                                                              0x004015df
                                                                                                                              0x004015e1
                                                                                                                              0x004015e4
                                                                                                                              0x004015ea
                                                                                                                              0x00401604
                                                                                                                              0x00401607
                                                                                                                              0x004015ec
                                                                                                                              0x004015ec
                                                                                                                              0x004015ef
                                                                                                                              0x00000000
                                                                                                                              0x004015fa
                                                                                                                              0x004015fd
                                                                                                                              0x004015fd
                                                                                                                              0x004015ef
                                                                                                                              0x0040160e
                                                                                                                              0x00401615
                                                                                                                              0x00401624
                                                                                                                              0x00401624
                                                                                                                              0x00401617
                                                                                                                              0x0040161a
                                                                                                                              0x00401622
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00401622
                                                                                                                              0x00401615
                                                                                                                              0x00401627
                                                                                                                              0x0040162b
                                                                                                                              0x0040162c
                                                                                                                              0x004015d7
                                                                                                                              0x00401634
                                                                                                                              0x00401663
                                                                                                                              0x004022f1
                                                                                                                              0x00401636
                                                                                                                              0x00401638
                                                                                                                              0x00401645
                                                                                                                              0x0040164d
                                                                                                                              0x00401655
                                                                                                                              0x0040165b
                                                                                                                              0x0040165b
                                                                                                                              0x00401655
                                                                                                                              0x00402c2d
                                                                                                                              0x00402c39

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 00405FE2: CharNextW.USER32(?,?,00425F50,?,00406056,00425F50,00425F50,76DDFAA0,?,76DDF560,00405D94,?,76DDFAA0,76DDF560,00000000), ref: 00405FF0
                                                                                                                                • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 00405FF5
                                                                                                                                • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 0040600D
                                                                                                                              • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                                                                                • Part of subcall function 00405B99: CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405BDC
                                                                                                                              • SetCurrentDirectoryW.KERNELBASE(?,C:\Program Files (x86)\Winamp\Plugins\freeform\xml\winamp\thinger,?,00000000,000000F0), ref: 0040164D
                                                                                                                              Strings
                                                                                                                              • C:\Program Files (x86)\Winamp\Plugins\freeform\xml\winamp\thinger, xrefs: 00401640
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                              • String ID: C:\Program Files (x86)\Winamp\Plugins\freeform\xml\winamp\thinger
                                                                                                                              • API String ID: 1892508949-2093909717
                                                                                                                              • Opcode ID: ff9909915b16c23767ee925164981e8f632181fd0fe0b495a8c7e415af322c96
                                                                                                                              • Instruction ID: a0118e7b9b939ef3ea3e51add98df8039a5aa70d3b8e99a19be4f9c31e9f39fe
                                                                                                                              • Opcode Fuzzy Hash: ff9909915b16c23767ee925164981e8f632181fd0fe0b495a8c7e415af322c96
                                                                                                                              • Instruction Fuzzy Hash: 04112231508105EBCF30AFA0CD4099E36A0EF15329B28493BF901B22F1DB3E4982DB5E
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040603F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 53%
                                                                                                                              			E0040603F(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				long _t16;
				intOrPtr _t18;
				intOrPtr* _t21;
				signed int _t23;

				E00406668(0x425f50, _a4);
				_t21 = E00405FE2(0x425f50);
				if(_t21 != 0) {
					E004068EF(_t21);
					if(( *0x42a278 & 0x00000080) == 0) {
						L5:
						_t23 = _t21 - 0x425f50 >> 1;
						while(1) {
							_t11 = lstrlenW(0x425f50);
							_push(0x425f50);
							if(_t11 <= _t23) {
								break;
							}
							_t12 = E0040699E();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E00405F83(0x425f50);
								continue;
							} else {
								goto L1;
							}
						}
						E00405F37();
						_t16 = GetFileAttributesW(??); // executed
						return 0 | _t16 != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}









                                                                                                                              0x0040604b
                                                                                                                              0x00406056
                                                                                                                              0x0040605a
                                                                                                                              0x00406061
                                                                                                                              0x0040606d
                                                                                                                              0x0040607d
                                                                                                                              0x0040607f
                                                                                                                              0x00406097
                                                                                                                              0x00406098
                                                                                                                              0x0040609f
                                                                                                                              0x004060a0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406083
                                                                                                                              0x0040608a
                                                                                                                              0x00406092
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040608a
                                                                                                                              0x004060a2
                                                                                                                              0x004060a8
                                                                                                                              0x00000000
                                                                                                                              0x004060b6
                                                                                                                              0x0040606f
                                                                                                                              0x00406075
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406075
                                                                                                                              0x0040605c
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 00406668: lstrcpynW.KERNEL32(?,?,00000400,004037B0,00429260,NSIS Error), ref: 00406675
                                                                                                                                • Part of subcall function 00405FE2: CharNextW.USER32(?,?,00425F50,?,00406056,00425F50,00425F50,76DDFAA0,?,76DDF560,00405D94,?,76DDFAA0,76DDF560,00000000), ref: 00405FF0
                                                                                                                                • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 00405FF5
                                                                                                                                • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 0040600D
                                                                                                                              • lstrlenW.KERNEL32(00425F50,00000000,00425F50,00425F50,76DDFAA0,?,76DDF560,00405D94,?,76DDFAA0,76DDF560,00000000), ref: 00406098
                                                                                                                              • GetFileAttributesW.KERNELBASE(00425F50,00425F50,00425F50,00425F50,00425F50,00425F50,00000000,00425F50,00425F50,76DDFAA0,?,76DDF560,00405D94,?,76DDFAA0,76DDF560), ref: 004060A8
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                              • String ID: P_B
                                                                                                                              • API String ID: 3248276644-906794629
                                                                                                                              • Opcode ID: 900e3a3aedd828ccf636743a116f58552bc6887dcb5d3e9637a901da882d1290
                                                                                                                              • Instruction ID: df110f430b83b9381375b5fd3fa67f6c4419d4890c6468873e0fced3c2676832
                                                                                                                              • Opcode Fuzzy Hash: 900e3a3aedd828ccf636743a116f58552bc6887dcb5d3e9637a901da882d1290
                                                                                                                              • Instruction Fuzzy Hash: 0DF07826144A1216E622B23A0C05BAF05098F82354B07063FFC93B22E1DF3C8973C43E
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040563E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 89%
                                                                                                                              			E0040563E(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				long _t9;
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						if(_t15 == 0x419 &&  *0x423734 != _t16) {
							_push(_t16);
							_push(6);
							 *0x423734 = _t16;
							E00404FFF();
						}
						L11:
						_t9 = CallWindowProcW( *0x42373c, _a4, _t15, _a12, _t16); // executed
						return _t9;
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E00404F7F(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00404610(0x413);
				return 0;
			}






                                                                                                                              0x00405642
                                                                                                                              0x0040564c
                                                                                                                              0x00405668
                                                                                                                              0x0040568a
                                                                                                                              0x0040568d
                                                                                                                              0x00405693
                                                                                                                              0x0040569d
                                                                                                                              0x0040569e
                                                                                                                              0x004056a0
                                                                                                                              0x004056a6
                                                                                                                              0x004056a6
                                                                                                                              0x004056b0
                                                                                                                              0x004056be
                                                                                                                              0x00000000
                                                                                                                              0x004056be
                                                                                                                              0x00405675
                                                                                                                              0x004056ad
                                                                                                                              0x004056ad
                                                                                                                              0x00000000
                                                                                                                              0x004056ad
                                                                                                                              0x00405681
                                                                                                                              0x00405683
                                                                                                                              0x00000000
                                                                                                                              0x00405683
                                                                                                                              0x00405652
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405659
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • IsWindowVisible.USER32(?), ref: 0040566D
                                                                                                                              • CallWindowProcW.USER32(?,?,?,?), ref: 004056BE
                                                                                                                                • Part of subcall function 00404610: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404622
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Window$CallMessageProcSendVisible
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3748168415-3916222277
                                                                                                                              • Opcode ID: a73dc4e993bde12ea44745026bd4b5676165c6f206d332bc9731ab0fc1b08652
                                                                                                                              • Instruction ID: 537e1cae7e4c88fb21f4f8cfd237bdd46b0b38e99f2a5e053ca6ba0093d9a5c8
                                                                                                                              • Opcode Fuzzy Hash: a73dc4e993bde12ea44745026bd4b5676165c6f206d332bc9731ab0fc1b08652
                                                                                                                              • Instruction Fuzzy Hash: 4401B171200608AFEF205F11DD84A6B3A35EB84361F904837FA08752E0D77F8D929E6D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00406536 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 90%
                                                                                                                              			E00406536(void* __ecx, void* __eflags, intOrPtr _a4, int _a8, short* _a12, char* _a16, signed int _a20) {
				int _v8;
				long _t21;
				long _t24;
				char* _t30;

				asm("sbb eax, eax");
				_v8 = 0x800;
				_t21 = E004064D5(__eflags, _a4, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_a20); // executed
				_t30 = _a16;
				if(_t21 != 0) {
					L4:
					 *_t30 =  *_t30 & 0x00000000;
				} else {
					_t24 = RegQueryValueExW(_a20, _a12, 0,  &_a8, _t30,  &_v8); // executed
					_t21 = RegCloseKey(_a20); // executed
					_t30[0x7fe] = _t30[0x7fe] & 0x00000000;
					if(_t24 != 0 || _a8 != 1 && _a8 != 2) {
						goto L4;
					}
				}
				return _t21;
			}







                                                                                                                              0x00406544
                                                                                                                              0x00406546
                                                                                                                              0x0040655e
                                                                                                                              0x00406563
                                                                                                                              0x00406568
                                                                                                                              0x004065a6
                                                                                                                              0x004065a6
                                                                                                                              0x0040656a
                                                                                                                              0x0040657c
                                                                                                                              0x00406587
                                                                                                                              0x0040658d
                                                                                                                              0x00406598
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406598
                                                                                                                              0x004065ac

                                                                                                                              APIs
                                                                                                                              • RegQueryValueExW.KERNELBASE(?,?,00000000,00000000,?,00000800,00000000,?,00000000,?,?,C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\xml\xui\titlebar,?,?,0040679D,80000002), ref: 0040657C
                                                                                                                              • RegCloseKey.KERNELBASE(?,?,0040679D,80000002,Software\Microsoft\Windows\CurrentVersion,C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\xml\xui\titlebar,C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\xml\xui\titlebar,C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\xml\xui\titlebar,00000000,Extract: browser.maki), ref: 00406587
                                                                                                                              Strings
                                                                                                                              • C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\xml\xui\titlebar, xrefs: 0040653D
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseQueryValue
                                                                                                                              • String ID: C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\xml\xui\titlebar
                                                                                                                              • API String ID: 3356406503-2436163922
                                                                                                                              • Opcode ID: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                                                                              • Instruction ID: 52dd0fe420a7c1e2827d1a164217834099ee72e945ce70567094b216899e5676
                                                                                                                              • Opcode Fuzzy Hash: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                                                                              • Instruction Fuzzy Hash: C4017C72500209FADF21CF51DD09EDB3BA8EF54364F01803AFD1AA2190D738D964DBA4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00407194 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 99%
                                                                                                                              			E00407194() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M00407602))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8));
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                                                                                                              0x00407194
                                                                                                                              0x00407194
                                                                                                                              0x00407194
                                                                                                                              0x00407194
                                                                                                                              0x0040719a
                                                                                                                              0x0040719e
                                                                                                                              0x004071a2
                                                                                                                              0x004071ac
                                                                                                                              0x004071ba
                                                                                                                              0x00407490
                                                                                                                              0x00407490
                                                                                                                              0x00407493
                                                                                                                              0x0040749a
                                                                                                                              0x004074c7
                                                                                                                              0x004074c7
                                                                                                                              0x004074cb
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004074cd
                                                                                                                              0x004074d6
                                                                                                                              0x004074dc
                                                                                                                              0x004074df
                                                                                                                              0x004074e2
                                                                                                                              0x004074e5
                                                                                                                              0x004074e8
                                                                                                                              0x004074ee
                                                                                                                              0x00407507
                                                                                                                              0x0040750a
                                                                                                                              0x00407516
                                                                                                                              0x00407517
                                                                                                                              0x0040751a
                                                                                                                              0x004074f0
                                                                                                                              0x004074f0
                                                                                                                              0x004074ff
                                                                                                                              0x00407502
                                                                                                                              0x00407502
                                                                                                                              0x00407524
                                                                                                                              0x004074c4
                                                                                                                              0x004074c4
                                                                                                                              0x004074c4
                                                                                                                              0x004074c7
                                                                                                                              0x004074cb
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407526
                                                                                                                              0x00407526
                                                                                                                              0x0040749f
                                                                                                                              0x004074a3
                                                                                                                              0x004075db
                                                                                                                              0x004075db
                                                                                                                              0x004075e5
                                                                                                                              0x004075ed
                                                                                                                              0x004075f4
                                                                                                                              0x004075f6
                                                                                                                              0x004075fd
                                                                                                                              0x00407601
                                                                                                                              0x00407601
                                                                                                                              0x004074a9
                                                                                                                              0x004074af
                                                                                                                              0x004074b6
                                                                                                                              0x004074be
                                                                                                                              0x004074be
                                                                                                                              0x004074c1
                                                                                                                              0x00000000
                                                                                                                              0x004074c1
                                                                                                                              0x0040752b
                                                                                                                              0x00407538
                                                                                                                              0x0040753b
                                                                                                                              0x00407447
                                                                                                                              0x00407447
                                                                                                                              0x00407447
                                                                                                                              0x00406be3
                                                                                                                              0x00406be3
                                                                                                                              0x00406be3
                                                                                                                              0x00406bec
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406bf2
                                                                                                                              0x00406bf2
                                                                                                                              0x00000000
                                                                                                                              0x00406bf9
                                                                                                                              0x00406bfd
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406c03
                                                                                                                              0x00406c06
                                                                                                                              0x00406c09
                                                                                                                              0x00406c0c
                                                                                                                              0x00406c10
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406c16
                                                                                                                              0x00406c16
                                                                                                                              0x00406c19
                                                                                                                              0x00406c1b
                                                                                                                              0x00406c1c
                                                                                                                              0x00406c1f
                                                                                                                              0x00406c21
                                                                                                                              0x00406c22
                                                                                                                              0x00406c24
                                                                                                                              0x00406c27
                                                                                                                              0x00406c2c
                                                                                                                              0x00406c31
                                                                                                                              0x00406c3a
                                                                                                                              0x00406c4d
                                                                                                                              0x00406c50
                                                                                                                              0x00406c5c
                                                                                                                              0x00406c84
                                                                                                                              0x00406c86
                                                                                                                              0x00406c94
                                                                                                                              0x00406c94
                                                                                                                              0x00406c98
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406c88
                                                                                                                              0x00406c88
                                                                                                                              0x00406c8b
                                                                                                                              0x00406c8c
                                                                                                                              0x00406c8c
                                                                                                                              0x00000000
                                                                                                                              0x00406c88
                                                                                                                              0x00406c5e
                                                                                                                              0x00406c62
                                                                                                                              0x00406c67
                                                                                                                              0x00406c67
                                                                                                                              0x00406c70
                                                                                                                              0x00406c78
                                                                                                                              0x00406c7b
                                                                                                                              0x00000000
                                                                                                                              0x00406c81
                                                                                                                              0x00406c81
                                                                                                                              0x00000000
                                                                                                                              0x00406c81
                                                                                                                              0x00000000
                                                                                                                              0x00406c9e
                                                                                                                              0x00406c9e
                                                                                                                              0x00406ca2
                                                                                                                              0x0040754e
                                                                                                                              0x0040754e
                                                                                                                              0x00000000
                                                                                                                              0x0040754e
                                                                                                                              0x00406ca8
                                                                                                                              0x00406cab
                                                                                                                              0x00406cbb
                                                                                                                              0x00406cbe
                                                                                                                              0x00406cc1
                                                                                                                              0x00406cc1
                                                                                                                              0x00406cc1
                                                                                                                              0x00406cc4
                                                                                                                              0x00406cc8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406cca
                                                                                                                              0x00406cca
                                                                                                                              0x00406cd0
                                                                                                                              0x00406cfa
                                                                                                                              0x00406d00
                                                                                                                              0x00406d07
                                                                                                                              0x00000000
                                                                                                                              0x00406d07
                                                                                                                              0x00406cd2
                                                                                                                              0x00406cd6
                                                                                                                              0x00406cd9
                                                                                                                              0x00406cde
                                                                                                                              0x00406cde
                                                                                                                              0x00406ce9
                                                                                                                              0x00406cf1
                                                                                                                              0x00406cf4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406d39
                                                                                                                              0x00406d3f
                                                                                                                              0x00406d42
                                                                                                                              0x00406d4f
                                                                                                                              0x00406d57
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406d0e
                                                                                                                              0x00406d0e
                                                                                                                              0x00406d12
                                                                                                                              0x0040755d
                                                                                                                              0x0040755d
                                                                                                                              0x00000000
                                                                                                                              0x0040755d
                                                                                                                              0x00406d18
                                                                                                                              0x00406d1e
                                                                                                                              0x00406d29
                                                                                                                              0x00406d29
                                                                                                                              0x00406d29
                                                                                                                              0x00406d2c
                                                                                                                              0x00406d2f
                                                                                                                              0x00406d32
                                                                                                                              0x00406d37
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004073ce
                                                                                                                              0x004073ce
                                                                                                                              0x004073d4
                                                                                                                              0x004073da
                                                                                                                              0x004073e0
                                                                                                                              0x004073fa
                                                                                                                              0x004073fd
                                                                                                                              0x00407403
                                                                                                                              0x0040740e
                                                                                                                              0x0040740e
                                                                                                                              0x00407410
                                                                                                                              0x004073e2
                                                                                                                              0x004073e2
                                                                                                                              0x004073f1
                                                                                                                              0x004073f5
                                                                                                                              0x004073f5
                                                                                                                              0x0040741a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040741c
                                                                                                                              0x00407420
                                                                                                                              0x004075cf
                                                                                                                              0x004075cf
                                                                                                                              0x00000000
                                                                                                                              0x004075cf
                                                                                                                              0x00407426
                                                                                                                              0x0040742c
                                                                                                                              0x00407433
                                                                                                                              0x0040743b
                                                                                                                              0x0040743e
                                                                                                                              0x00407441
                                                                                                                              0x00407441
                                                                                                                              0x00407447
                                                                                                                              0x00407447
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406d5f
                                                                                                                              0x00406d5f
                                                                                                                              0x00406d61
                                                                                                                              0x00406d64
                                                                                                                              0x00406dd5
                                                                                                                              0x00406dd5
                                                                                                                              0x00406dd8
                                                                                                                              0x00406ddb
                                                                                                                              0x00406de2
                                                                                                                              0x00406dec
                                                                                                                              0x00000000
                                                                                                                              0x00406dec
                                                                                                                              0x00406d66
                                                                                                                              0x00406d66
                                                                                                                              0x00406d6a
                                                                                                                              0x00406d6d
                                                                                                                              0x00406d6f
                                                                                                                              0x00406d72
                                                                                                                              0x00406d75
                                                                                                                              0x00406d77
                                                                                                                              0x00406d7a
                                                                                                                              0x00406d7c
                                                                                                                              0x00406d81
                                                                                                                              0x00406d84
                                                                                                                              0x00406d87
                                                                                                                              0x00406d8b
                                                                                                                              0x00406d92
                                                                                                                              0x00406d95
                                                                                                                              0x00406d9c
                                                                                                                              0x00406da0
                                                                                                                              0x00406da8
                                                                                                                              0x00406da8
                                                                                                                              0x00406da8
                                                                                                                              0x00406da2
                                                                                                                              0x00406da2
                                                                                                                              0x00406da2
                                                                                                                              0x00406d97
                                                                                                                              0x00406d97
                                                                                                                              0x00406d97
                                                                                                                              0x00406dac
                                                                                                                              0x00406daf
                                                                                                                              0x00406dcd
                                                                                                                              0x00406dcd
                                                                                                                              0x00406dcf
                                                                                                                              0x00000000
                                                                                                                              0x00406db1
                                                                                                                              0x00406db1
                                                                                                                              0x00406db1
                                                                                                                              0x00406db4
                                                                                                                              0x00406db7
                                                                                                                              0x00406dba
                                                                                                                              0x00406dbc
                                                                                                                              0x00406dbc
                                                                                                                              0x00406dbc
                                                                                                                              0x00406dbf
                                                                                                                              0x00406dc2
                                                                                                                              0x00406dc4
                                                                                                                              0x00406dc5
                                                                                                                              0x00406dc8
                                                                                                                              0x00000000
                                                                                                                              0x00406dc8
                                                                                                                              0x00000000
                                                                                                                              0x00406ffe
                                                                                                                              0x00406ffe
                                                                                                                              0x00407002
                                                                                                                              0x00407020
                                                                                                                              0x00407020
                                                                                                                              0x00407023
                                                                                                                              0x0040702a
                                                                                                                              0x0040702d
                                                                                                                              0x00407030
                                                                                                                              0x00407033
                                                                                                                              0x00407036
                                                                                                                              0x00407039
                                                                                                                              0x0040703b
                                                                                                                              0x00407042
                                                                                                                              0x00407043
                                                                                                                              0x00407045
                                                                                                                              0x00407048
                                                                                                                              0x0040704b
                                                                                                                              0x0040704e
                                                                                                                              0x0040704e
                                                                                                                              0x00407053
                                                                                                                              0x00000000
                                                                                                                              0x00407053
                                                                                                                              0x00407004
                                                                                                                              0x00407004
                                                                                                                              0x00407007
                                                                                                                              0x0040700a
                                                                                                                              0x00407014
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407068
                                                                                                                              0x00407068
                                                                                                                              0x0040706c
                                                                                                                              0x0040708f
                                                                                                                              0x00407092
                                                                                                                              0x00407095
                                                                                                                              0x0040709f
                                                                                                                              0x0040706e
                                                                                                                              0x0040706e
                                                                                                                              0x00407071
                                                                                                                              0x00407074
                                                                                                                              0x00407077
                                                                                                                              0x00407084
                                                                                                                              0x00407087
                                                                                                                              0x00407087
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004070ab
                                                                                                                              0x004070ab
                                                                                                                              0x004070af
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004070b5
                                                                                                                              0x004070b5
                                                                                                                              0x004070b9
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004070bf
                                                                                                                              0x004070bf
                                                                                                                              0x004070c1
                                                                                                                              0x004070c5
                                                                                                                              0x004070c5
                                                                                                                              0x004070c8
                                                                                                                              0x004070cc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040711c
                                                                                                                              0x0040711c
                                                                                                                              0x00407120
                                                                                                                              0x00407127
                                                                                                                              0x00407127
                                                                                                                              0x0040712a
                                                                                                                              0x0040712d
                                                                                                                              0x00407137
                                                                                                                              0x00000000
                                                                                                                              0x00407137
                                                                                                                              0x00407122
                                                                                                                              0x00407122
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407143
                                                                                                                              0x00407143
                                                                                                                              0x00407147
                                                                                                                              0x0040714e
                                                                                                                              0x00407151
                                                                                                                              0x00407154
                                                                                                                              0x00407149
                                                                                                                              0x00407149
                                                                                                                              0x00407149
                                                                                                                              0x00407157
                                                                                                                              0x0040715a
                                                                                                                              0x0040715d
                                                                                                                              0x0040715d
                                                                                                                              0x00407160
                                                                                                                              0x00407163
                                                                                                                              0x00407166
                                                                                                                              0x00407166
                                                                                                                              0x00407169
                                                                                                                              0x00407170
                                                                                                                              0x00407175
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407203
                                                                                                                              0x00407203
                                                                                                                              0x00407207
                                                                                                                              0x004075a5
                                                                                                                              0x004075a5
                                                                                                                              0x00000000
                                                                                                                              0x004075a5
                                                                                                                              0x0040720d
                                                                                                                              0x0040720d
                                                                                                                              0x00407210
                                                                                                                              0x00407213
                                                                                                                              0x00407217
                                                                                                                              0x0040721a
                                                                                                                              0x00407220
                                                                                                                              0x00407222
                                                                                                                              0x00407222
                                                                                                                              0x00407222
                                                                                                                              0x00407225
                                                                                                                              0x00407228
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406df8
                                                                                                                              0x00406df8
                                                                                                                              0x00406dfc
                                                                                                                              0x00407569
                                                                                                                              0x00407569
                                                                                                                              0x00000000
                                                                                                                              0x00407569
                                                                                                                              0x00406e02
                                                                                                                              0x00406e02
                                                                                                                              0x00406e05
                                                                                                                              0x00406e08
                                                                                                                              0x00406e0c
                                                                                                                              0x00406e0f
                                                                                                                              0x00406e15
                                                                                                                              0x00406e17
                                                                                                                              0x00406e17
                                                                                                                              0x00406e17
                                                                                                                              0x00406e1a
                                                                                                                              0x00406e1d
                                                                                                                              0x00406e1d
                                                                                                                              0x00406e20
                                                                                                                              0x00406e23
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406e29
                                                                                                                              0x00406e29
                                                                                                                              0x00406e2f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406e35
                                                                                                                              0x00406e35
                                                                                                                              0x00406e39
                                                                                                                              0x00406e3c
                                                                                                                              0x00406e3f
                                                                                                                              0x00406e42
                                                                                                                              0x00406e45
                                                                                                                              0x00406e46
                                                                                                                              0x00406e49
                                                                                                                              0x00406e4b
                                                                                                                              0x00406e51
                                                                                                                              0x00406e54
                                                                                                                              0x00406e57
                                                                                                                              0x00406e5a
                                                                                                                              0x00406e5d
                                                                                                                              0x00406e60
                                                                                                                              0x00406e63
                                                                                                                              0x00406e7f
                                                                                                                              0x00406e82
                                                                                                                              0x00406e85
                                                                                                                              0x00406e88
                                                                                                                              0x00406e8f
                                                                                                                              0x00406e93
                                                                                                                              0x00406e95
                                                                                                                              0x00406e99
                                                                                                                              0x00406e65
                                                                                                                              0x00406e65
                                                                                                                              0x00406e69
                                                                                                                              0x00406e71
                                                                                                                              0x00406e76
                                                                                                                              0x00406e78
                                                                                                                              0x00406e7a
                                                                                                                              0x00406e7a
                                                                                                                              0x00406e9c
                                                                                                                              0x00406ea3
                                                                                                                              0x00406ea6
                                                                                                                              0x00000000
                                                                                                                              0x00406eac
                                                                                                                              0x00406eac
                                                                                                                              0x00000000
                                                                                                                              0x00406eac
                                                                                                                              0x00000000
                                                                                                                              0x00406eb1
                                                                                                                              0x00406eb1
                                                                                                                              0x00406eb5
                                                                                                                              0x00407575
                                                                                                                              0x00407575
                                                                                                                              0x00000000
                                                                                                                              0x00407575
                                                                                                                              0x00406ebb
                                                                                                                              0x00406ebb
                                                                                                                              0x00406ebe
                                                                                                                              0x00406ec1
                                                                                                                              0x00406ec5
                                                                                                                              0x00406ec8
                                                                                                                              0x00406ece
                                                                                                                              0x00406ed0
                                                                                                                              0x00406ed0
                                                                                                                              0x00406ed0
                                                                                                                              0x00406ed3
                                                                                                                              0x00406ed6
                                                                                                                              0x00406ed6
                                                                                                                              0x00406ed6
                                                                                                                              0x00406edc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406ede
                                                                                                                              0x00406ede
                                                                                                                              0x00406ee1
                                                                                                                              0x00406ee4
                                                                                                                              0x00406ee7
                                                                                                                              0x00406eea
                                                                                                                              0x00406eed
                                                                                                                              0x00406ef0
                                                                                                                              0x00406ef3
                                                                                                                              0x00406ef6
                                                                                                                              0x00406ef9
                                                                                                                              0x00406efc
                                                                                                                              0x00406f14
                                                                                                                              0x00406f17
                                                                                                                              0x00406f1a
                                                                                                                              0x00406f1d
                                                                                                                              0x00406f1d
                                                                                                                              0x00406f20
                                                                                                                              0x00406f24
                                                                                                                              0x00406f26
                                                                                                                              0x00406efe
                                                                                                                              0x00406efe
                                                                                                                              0x00406f06
                                                                                                                              0x00406f0b
                                                                                                                              0x00406f0d
                                                                                                                              0x00406f0f
                                                                                                                              0x00406f0f
                                                                                                                              0x00406f29
                                                                                                                              0x00406f30
                                                                                                                              0x00406f33
                                                                                                                              0x00000000
                                                                                                                              0x00406f35
                                                                                                                              0x00406f35
                                                                                                                              0x00000000
                                                                                                                              0x00406f35
                                                                                                                              0x00406f33
                                                                                                                              0x00406f3a
                                                                                                                              0x00406f3a
                                                                                                                              0x00406f3a
                                                                                                                              0x00406f3a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406f75
                                                                                                                              0x00406f75
                                                                                                                              0x00406f79
                                                                                                                              0x00407581
                                                                                                                              0x00407581
                                                                                                                              0x00000000
                                                                                                                              0x00407581
                                                                                                                              0x00406f7f
                                                                                                                              0x00406f7f
                                                                                                                              0x00406f82
                                                                                                                              0x00406f85
                                                                                                                              0x00406f89
                                                                                                                              0x00406f8c
                                                                                                                              0x00406f92
                                                                                                                              0x00406f94
                                                                                                                              0x00406f94
                                                                                                                              0x00406f94
                                                                                                                              0x00406f97
                                                                                                                              0x00406f9a
                                                                                                                              0x00406f9a
                                                                                                                              0x00406fa0
                                                                                                                              0x00406f3e
                                                                                                                              0x00406f3e
                                                                                                                              0x00406f41
                                                                                                                              0x00000000
                                                                                                                              0x00406f41
                                                                                                                              0x00406fa2
                                                                                                                              0x00406fa2
                                                                                                                              0x00406fa5
                                                                                                                              0x00406fa8
                                                                                                                              0x00406fab
                                                                                                                              0x00406fae
                                                                                                                              0x00406fb1
                                                                                                                              0x00406fb4
                                                                                                                              0x00406fb7
                                                                                                                              0x00406fba
                                                                                                                              0x00406fbd
                                                                                                                              0x00406fc0
                                                                                                                              0x00406fd8
                                                                                                                              0x00406fdb
                                                                                                                              0x00406fde
                                                                                                                              0x00406fe1
                                                                                                                              0x00406fe1
                                                                                                                              0x00406fe4
                                                                                                                              0x00406fe8
                                                                                                                              0x00406fea
                                                                                                                              0x00406fc2
                                                                                                                              0x00406fc2
                                                                                                                              0x00406fca
                                                                                                                              0x00406fcf
                                                                                                                              0x00406fd1
                                                                                                                              0x00406fd3
                                                                                                                              0x00406fd3
                                                                                                                              0x00406fed
                                                                                                                              0x00406ff4
                                                                                                                              0x00406ff7
                                                                                                                              0x00000000
                                                                                                                              0x00406ff9
                                                                                                                              0x00406ff9
                                                                                                                              0x00000000
                                                                                                                              0x00406ff9
                                                                                                                              0x00000000
                                                                                                                              0x00407286
                                                                                                                              0x00407286
                                                                                                                              0x0040728a
                                                                                                                              0x004075b1
                                                                                                                              0x004075b1
                                                                                                                              0x00000000
                                                                                                                              0x004075b1
                                                                                                                              0x00407290
                                                                                                                              0x00407290
                                                                                                                              0x00407293
                                                                                                                              0x00407296
                                                                                                                              0x0040729a
                                                                                                                              0x0040729d
                                                                                                                              0x004072a3
                                                                                                                              0x004072a5
                                                                                                                              0x004072a5
                                                                                                                              0x004072a5
                                                                                                                              0x004072a8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407056
                                                                                                                              0x00407056
                                                                                                                              0x00407059
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407395
                                                                                                                              0x00407395
                                                                                                                              0x00407399
                                                                                                                              0x004073bb
                                                                                                                              0x004073bb
                                                                                                                              0x004073be
                                                                                                                              0x004073c8
                                                                                                                              0x004073cb
                                                                                                                              0x004073cb
                                                                                                                              0x00000000
                                                                                                                              0x004073cb
                                                                                                                              0x0040739b
                                                                                                                              0x0040739b
                                                                                                                              0x0040739e
                                                                                                                              0x004073a2
                                                                                                                              0x004073a5
                                                                                                                              0x004073a5
                                                                                                                              0x004073a8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407452
                                                                                                                              0x00407452
                                                                                                                              0x00407456
                                                                                                                              0x00407474
                                                                                                                              0x00407474
                                                                                                                              0x00407474
                                                                                                                              0x00407474
                                                                                                                              0x0040747b
                                                                                                                              0x00407482
                                                                                                                              0x00407489
                                                                                                                              0x00407489
                                                                                                                              0x00407490
                                                                                                                              0x00407493
                                                                                                                              0x0040749a
                                                                                                                              0x00000000
                                                                                                                              0x0040749d
                                                                                                                              0x00407458
                                                                                                                              0x00407458
                                                                                                                              0x0040745b
                                                                                                                              0x0040745e
                                                                                                                              0x00407461
                                                                                                                              0x00407468
                                                                                                                              0x004073ac
                                                                                                                              0x004073ac
                                                                                                                              0x004073af
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407543
                                                                                                                              0x00407543
                                                                                                                              0x00407546
                                                                                                                              0x00407447
                                                                                                                              0x00407447
                                                                                                                              0x00407447
                                                                                                                              0x00000000
                                                                                                                              0x0040744d
                                                                                                                              0x00000000
                                                                                                                              0x0040717d
                                                                                                                              0x0040717d
                                                                                                                              0x0040717f
                                                                                                                              0x00407186
                                                                                                                              0x00407187
                                                                                                                              0x00407189
                                                                                                                              0x0040718c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407490
                                                                                                                              0x00407490
                                                                                                                              0x00407493
                                                                                                                              0x0040749a
                                                                                                                              0x00000000
                                                                                                                              0x0040749d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004071c2
                                                                                                                              0x004071c2
                                                                                                                              0x004071c5
                                                                                                                              0x004071fb
                                                                                                                              0x004071fb
                                                                                                                              0x0040732b
                                                                                                                              0x0040732b
                                                                                                                              0x0040732b
                                                                                                                              0x0040732b
                                                                                                                              0x0040732e
                                                                                                                              0x0040732e
                                                                                                                              0x00407331
                                                                                                                              0x00407333
                                                                                                                              0x004075bd
                                                                                                                              0x004075bd
                                                                                                                              0x00000000
                                                                                                                              0x004075bd
                                                                                                                              0x00407339
                                                                                                                              0x00407339
                                                                                                                              0x0040733c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407342
                                                                                                                              0x00407342
                                                                                                                              0x00407346
                                                                                                                              0x00407349
                                                                                                                              0x00407349
                                                                                                                              0x00407349
                                                                                                                              0x00000000
                                                                                                                              0x00407349
                                                                                                                              0x004071c7
                                                                                                                              0x004071c7
                                                                                                                              0x004071c9
                                                                                                                              0x004071cb
                                                                                                                              0x004071cd
                                                                                                                              0x004071d0
                                                                                                                              0x004071d1
                                                                                                                              0x004071d3
                                                                                                                              0x004071d5
                                                                                                                              0x004071d8
                                                                                                                              0x004071db
                                                                                                                              0x004071f1
                                                                                                                              0x004071f1
                                                                                                                              0x004071f6
                                                                                                                              0x0040722e
                                                                                                                              0x0040722e
                                                                                                                              0x00407232
                                                                                                                              0x0040725b
                                                                                                                              0x0040725e
                                                                                                                              0x00407260
                                                                                                                              0x00407267
                                                                                                                              0x0040726a
                                                                                                                              0x0040726d
                                                                                                                              0x0040726d
                                                                                                                              0x00407272
                                                                                                                              0x00407272
                                                                                                                              0x00407274
                                                                                                                              0x00407277
                                                                                                                              0x0040727e
                                                                                                                              0x00407281
                                                                                                                              0x004072ae
                                                                                                                              0x004072ae
                                                                                                                              0x004072b1
                                                                                                                              0x004072b4
                                                                                                                              0x00407328
                                                                                                                              0x00407328
                                                                                                                              0x00407328
                                                                                                                              0x00407328
                                                                                                                              0x00000000
                                                                                                                              0x00407328
                                                                                                                              0x004072b6
                                                                                                                              0x004072b6
                                                                                                                              0x004072bc
                                                                                                                              0x004072bf
                                                                                                                              0x004072c2
                                                                                                                              0x004072c5
                                                                                                                              0x004072c8
                                                                                                                              0x004072cb
                                                                                                                              0x004072ce
                                                                                                                              0x004072d1
                                                                                                                              0x004072d4
                                                                                                                              0x004072d7
                                                                                                                              0x004072f0
                                                                                                                              0x004072f2
                                                                                                                              0x004072f5
                                                                                                                              0x004072f6
                                                                                                                              0x004072f9
                                                                                                                              0x004072fb
                                                                                                                              0x004072fe
                                                                                                                              0x00407300
                                                                                                                              0x00407302
                                                                                                                              0x00407305
                                                                                                                              0x00407307
                                                                                                                              0x0040730a
                                                                                                                              0x0040730e
                                                                                                                              0x00407310
                                                                                                                              0x00407310
                                                                                                                              0x00407311
                                                                                                                              0x00407314
                                                                                                                              0x00407317
                                                                                                                              0x004072d9
                                                                                                                              0x004072d9
                                                                                                                              0x004072e1
                                                                                                                              0x004072e6
                                                                                                                              0x004072e8
                                                                                                                              0x004072eb
                                                                                                                              0x004072eb
                                                                                                                              0x0040731a
                                                                                                                              0x00407321
                                                                                                                              0x004072ab
                                                                                                                              0x004072ab
                                                                                                                              0x004072ab
                                                                                                                              0x004072ab
                                                                                                                              0x00000000
                                                                                                                              0x00407323
                                                                                                                              0x00407323
                                                                                                                              0x00000000
                                                                                                                              0x00407323
                                                                                                                              0x00407321
                                                                                                                              0x00407234
                                                                                                                              0x00407234
                                                                                                                              0x00407237
                                                                                                                              0x00407239
                                                                                                                              0x0040723c
                                                                                                                              0x0040723f
                                                                                                                              0x00407242
                                                                                                                              0x00407244
                                                                                                                              0x00407247
                                                                                                                              0x0040724a
                                                                                                                              0x0040724a
                                                                                                                              0x0040724d
                                                                                                                              0x0040724d
                                                                                                                              0x00407250
                                                                                                                              0x00407257
                                                                                                                              0x0040722b
                                                                                                                              0x0040722b
                                                                                                                              0x0040722b
                                                                                                                              0x0040722b
                                                                                                                              0x00000000
                                                                                                                              0x00407259
                                                                                                                              0x00407259
                                                                                                                              0x00000000
                                                                                                                              0x00407259
                                                                                                                              0x00407257
                                                                                                                              0x004071dd
                                                                                                                              0x004071dd
                                                                                                                              0x004071e0
                                                                                                                              0x004071e2
                                                                                                                              0x004071e5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406f44
                                                                                                                              0x00406f44
                                                                                                                              0x00406f48
                                                                                                                              0x0040758d
                                                                                                                              0x0040758d
                                                                                                                              0x00000000
                                                                                                                              0x0040758d
                                                                                                                              0x00406f4e
                                                                                                                              0x00406f4e
                                                                                                                              0x00406f51
                                                                                                                              0x00406f54
                                                                                                                              0x00406f57
                                                                                                                              0x00406f5a
                                                                                                                              0x00406f5d
                                                                                                                              0x00406f60
                                                                                                                              0x00406f62
                                                                                                                              0x00406f65
                                                                                                                              0x00406f68
                                                                                                                              0x00406f6b
                                                                                                                              0x00406f6d
                                                                                                                              0x00406f6d
                                                                                                                              0x00406f6d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004070cf
                                                                                                                              0x004070cf
                                                                                                                              0x004070d3
                                                                                                                              0x00407599
                                                                                                                              0x00407599
                                                                                                                              0x00000000
                                                                                                                              0x00407599
                                                                                                                              0x004070d9
                                                                                                                              0x004070d9
                                                                                                                              0x004070dc
                                                                                                                              0x004070df
                                                                                                                              0x004070e2
                                                                                                                              0x004070e4
                                                                                                                              0x004070e4
                                                                                                                              0x004070e4
                                                                                                                              0x004070e7
                                                                                                                              0x004070ea
                                                                                                                              0x004070ed
                                                                                                                              0x004070f0
                                                                                                                              0x004070f3
                                                                                                                              0x004070f6
                                                                                                                              0x004070f7
                                                                                                                              0x004070f9
                                                                                                                              0x004070f9
                                                                                                                              0x004070f9
                                                                                                                              0x004070fc
                                                                                                                              0x004070ff
                                                                                                                              0x00407102
                                                                                                                              0x00407105
                                                                                                                              0x00407105
                                                                                                                              0x00407105
                                                                                                                              0x00407108
                                                                                                                              0x0040710a
                                                                                                                              0x0040710a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040734c
                                                                                                                              0x0040734c
                                                                                                                              0x0040734c
                                                                                                                              0x00407350
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407356
                                                                                                                              0x00407356
                                                                                                                              0x00407359
                                                                                                                              0x0040735c
                                                                                                                              0x0040735f
                                                                                                                              0x00407361
                                                                                                                              0x00407361
                                                                                                                              0x00407361
                                                                                                                              0x00407364
                                                                                                                              0x00407367
                                                                                                                              0x0040736a
                                                                                                                              0x0040736d
                                                                                                                              0x00407370
                                                                                                                              0x00407373
                                                                                                                              0x00407374
                                                                                                                              0x00407376
                                                                                                                              0x00407376
                                                                                                                              0x00407376
                                                                                                                              0x00407379
                                                                                                                              0x0040737c
                                                                                                                              0x0040737f
                                                                                                                              0x00407382
                                                                                                                              0x00407385
                                                                                                                              0x00407389
                                                                                                                              0x0040738b
                                                                                                                              0x0040738e
                                                                                                                              0x00000000
                                                                                                                              0x00407390
                                                                                                                              0x00407390
                                                                                                                              0x0040710d
                                                                                                                              0x0040710d
                                                                                                                              0x00000000
                                                                                                                              0x0040710d
                                                                                                                              0x0040738e
                                                                                                                              0x004075c3
                                                                                                                              0x004075c3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406bf2
                                                                                                                              0x004075fa
                                                                                                                              0x004075fa
                                                                                                                              0x00000000
                                                                                                                              0x004075fa
                                                                                                                              0x00407447
                                                                                                                              0x004074c7
                                                                                                                              0x00407490

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 9f3cc98df1e3ecd253cf91825a4064c55af45d063240f038e3dc270cc3f81a7c
                                                                                                                              • Instruction ID: 10cc2cc0f2c892254e5285b7a8bac4c216a70fda8fb68dfa7c3680dd08f727d3
                                                                                                                              • Opcode Fuzzy Hash: 9f3cc98df1e3ecd253cf91825a4064c55af45d063240f038e3dc270cc3f81a7c
                                                                                                                              • Instruction Fuzzy Hash: 55A15571E04228DBDF28CFA8C8547ADBBB1FF44305F10842AD856BB281D778A986DF45
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00407395 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 98%
                                                                                                                              			E00407395() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                                                                                                              0x00000000
                                                                                                                              0x00407395
                                                                                                                              0x00407395
                                                                                                                              0x00407399
                                                                                                                              0x004073be
                                                                                                                              0x004073c8
                                                                                                                              0x00000000
                                                                                                                              0x0040739b
                                                                                                                              0x0040739b
                                                                                                                              0x0040739e
                                                                                                                              0x004073a2
                                                                                                                              0x004073a5
                                                                                                                              0x004073a8
                                                                                                                              0x004073ac
                                                                                                                              0x004073ac
                                                                                                                              0x004073af
                                                                                                                              0x00407489
                                                                                                                              0x00407489
                                                                                                                              0x00407490
                                                                                                                              0x00407490
                                                                                                                              0x00407493
                                                                                                                              0x0040749a
                                                                                                                              0x004074c7
                                                                                                                              0x004074cb
                                                                                                                              0x0040752b
                                                                                                                              0x0040752e
                                                                                                                              0x00407533
                                                                                                                              0x00407534
                                                                                                                              0x00407536
                                                                                                                              0x00407538
                                                                                                                              0x0040753b
                                                                                                                              0x00407447
                                                                                                                              0x00407447
                                                                                                                              0x00407447
                                                                                                                              0x00406be3
                                                                                                                              0x00406be3
                                                                                                                              0x00406be3
                                                                                                                              0x00406bec
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406bf2
                                                                                                                              0x00000000
                                                                                                                              0x00406bfd
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406c06
                                                                                                                              0x00406c09
                                                                                                                              0x00406c0c
                                                                                                                              0x00406c10
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406c16
                                                                                                                              0x00406c19
                                                                                                                              0x00406c1b
                                                                                                                              0x00406c1c
                                                                                                                              0x00406c1f
                                                                                                                              0x00406c21
                                                                                                                              0x00406c22
                                                                                                                              0x00406c24
                                                                                                                              0x00406c27
                                                                                                                              0x00406c2c
                                                                                                                              0x00406c31
                                                                                                                              0x00406c3a
                                                                                                                              0x00406c4d
                                                                                                                              0x00406c50
                                                                                                                              0x00406c5c
                                                                                                                              0x00406c84
                                                                                                                              0x00406c86
                                                                                                                              0x00406c94
                                                                                                                              0x00406c94
                                                                                                                              0x00406c98
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406c88
                                                                                                                              0x00406c88
                                                                                                                              0x00406c8b
                                                                                                                              0x00406c8c
                                                                                                                              0x00406c8c
                                                                                                                              0x00000000
                                                                                                                              0x00406c88
                                                                                                                              0x00406c62
                                                                                                                              0x00406c67
                                                                                                                              0x00406c67
                                                                                                                              0x00406c70
                                                                                                                              0x00406c78
                                                                                                                              0x00406c7b
                                                                                                                              0x00000000
                                                                                                                              0x00406c81
                                                                                                                              0x00406c81
                                                                                                                              0x00000000
                                                                                                                              0x00406c81
                                                                                                                              0x00000000
                                                                                                                              0x00406c9e
                                                                                                                              0x00406c9e
                                                                                                                              0x00406ca2
                                                                                                                              0x0040754e
                                                                                                                              0x00000000
                                                                                                                              0x0040754e
                                                                                                                              0x00406cab
                                                                                                                              0x00406cbb
                                                                                                                              0x00406cbe
                                                                                                                              0x00406cc1
                                                                                                                              0x00406cc1
                                                                                                                              0x00406cc1
                                                                                                                              0x00406cc4
                                                                                                                              0x00406cc8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406cca
                                                                                                                              0x00406cd0
                                                                                                                              0x00406cfa
                                                                                                                              0x00406d00
                                                                                                                              0x00406d07
                                                                                                                              0x00000000
                                                                                                                              0x00406d07
                                                                                                                              0x00406cd6
                                                                                                                              0x00406cd9
                                                                                                                              0x00406cde
                                                                                                                              0x00406cde
                                                                                                                              0x00406ce9
                                                                                                                              0x00406cf1
                                                                                                                              0x00406cf4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406d39
                                                                                                                              0x00406d3f
                                                                                                                              0x00406d42
                                                                                                                              0x00406d4f
                                                                                                                              0x00406d57
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406d0e
                                                                                                                              0x00406d0e
                                                                                                                              0x00406d12
                                                                                                                              0x0040755d
                                                                                                                              0x00000000
                                                                                                                              0x0040755d
                                                                                                                              0x00406d1e
                                                                                                                              0x00406d29
                                                                                                                              0x00406d29
                                                                                                                              0x00406d29
                                                                                                                              0x00406d2c
                                                                                                                              0x00406d2f
                                                                                                                              0x00406d32
                                                                                                                              0x00406d37
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004073ce
                                                                                                                              0x004073ce
                                                                                                                              0x004073d4
                                                                                                                              0x004073da
                                                                                                                              0x004073e0
                                                                                                                              0x004073fa
                                                                                                                              0x004073fd
                                                                                                                              0x00407403
                                                                                                                              0x0040740e
                                                                                                                              0x0040740e
                                                                                                                              0x00407410
                                                                                                                              0x004073e2
                                                                                                                              0x004073e2
                                                                                                                              0x004073f1
                                                                                                                              0x004073f5
                                                                                                                              0x004073f5
                                                                                                                              0x0040741a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040741c
                                                                                                                              0x00407420
                                                                                                                              0x004075cf
                                                                                                                              0x00000000
                                                                                                                              0x004075cf
                                                                                                                              0x0040742c
                                                                                                                              0x00407433
                                                                                                                              0x0040743b
                                                                                                                              0x0040743e
                                                                                                                              0x00407441
                                                                                                                              0x00407441
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406d5f
                                                                                                                              0x00406d61
                                                                                                                              0x00406d64
                                                                                                                              0x00406dd5
                                                                                                                              0x00406dd8
                                                                                                                              0x00406ddb
                                                                                                                              0x00406de2
                                                                                                                              0x00406dec
                                                                                                                              0x00000000
                                                                                                                              0x00406dec
                                                                                                                              0x00406d66
                                                                                                                              0x00406d6a
                                                                                                                              0x00406d6d
                                                                                                                              0x00406d6f
                                                                                                                              0x00406d72
                                                                                                                              0x00406d75
                                                                                                                              0x00406d77
                                                                                                                              0x00406d7a
                                                                                                                              0x00406d7c
                                                                                                                              0x00406d81
                                                                                                                              0x00406d84
                                                                                                                              0x00406d87
                                                                                                                              0x00406d8b
                                                                                                                              0x00406d92
                                                                                                                              0x00406d95
                                                                                                                              0x00406d9c
                                                                                                                              0x00406da0
                                                                                                                              0x00406da8
                                                                                                                              0x00406da8
                                                                                                                              0x00406da8
                                                                                                                              0x00406da2
                                                                                                                              0x00406da2
                                                                                                                              0x00406da2
                                                                                                                              0x00406d97
                                                                                                                              0x00406d97
                                                                                                                              0x00406d97
                                                                                                                              0x00406dac
                                                                                                                              0x00406daf
                                                                                                                              0x00406dcd
                                                                                                                              0x00406dcf
                                                                                                                              0x00000000
                                                                                                                              0x00406db1
                                                                                                                              0x00406db1
                                                                                                                              0x00406db4
                                                                                                                              0x00406db7
                                                                                                                              0x00406dba
                                                                                                                              0x00406dbc
                                                                                                                              0x00406dbc
                                                                                                                              0x00406dbc
                                                                                                                              0x00406dbf
                                                                                                                              0x00406dc2
                                                                                                                              0x00406dc4
                                                                                                                              0x00406dc5
                                                                                                                              0x00406dc8
                                                                                                                              0x00000000
                                                                                                                              0x00406dc8
                                                                                                                              0x00000000
                                                                                                                              0x00406ffe
                                                                                                                              0x00407002
                                                                                                                              0x00407020
                                                                                                                              0x00407023
                                                                                                                              0x0040702a
                                                                                                                              0x0040702d
                                                                                                                              0x00407030
                                                                                                                              0x00407033
                                                                                                                              0x00407036
                                                                                                                              0x00407039
                                                                                                                              0x0040703b
                                                                                                                              0x00407042
                                                                                                                              0x00407043
                                                                                                                              0x00407045
                                                                                                                              0x00407048
                                                                                                                              0x0040704b
                                                                                                                              0x0040704e
                                                                                                                              0x0040704e
                                                                                                                              0x00407053
                                                                                                                              0x00000000
                                                                                                                              0x00407053
                                                                                                                              0x00407004
                                                                                                                              0x00407007
                                                                                                                              0x0040700a
                                                                                                                              0x00407014
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407068
                                                                                                                              0x0040706c
                                                                                                                              0x0040708f
                                                                                                                              0x00407092
                                                                                                                              0x00407095
                                                                                                                              0x0040709f
                                                                                                                              0x0040706e
                                                                                                                              0x0040706e
                                                                                                                              0x00407071
                                                                                                                              0x00407074
                                                                                                                              0x00407077
                                                                                                                              0x00407084
                                                                                                                              0x00407087
                                                                                                                              0x00407087
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004070ab
                                                                                                                              0x004070af
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004070b5
                                                                                                                              0x004070b9
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004070bf
                                                                                                                              0x004070c1
                                                                                                                              0x004070c5
                                                                                                                              0x004070c5
                                                                                                                              0x004070c8
                                                                                                                              0x004070cc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040711c
                                                                                                                              0x00407120
                                                                                                                              0x00407127
                                                                                                                              0x0040712a
                                                                                                                              0x0040712d
                                                                                                                              0x00407137
                                                                                                                              0x00000000
                                                                                                                              0x00407137
                                                                                                                              0x00407122
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407143
                                                                                                                              0x00407147
                                                                                                                              0x0040714e
                                                                                                                              0x00407151
                                                                                                                              0x00407154
                                                                                                                              0x00407149
                                                                                                                              0x00407149
                                                                                                                              0x00407149
                                                                                                                              0x00407157
                                                                                                                              0x0040715a
                                                                                                                              0x0040715d
                                                                                                                              0x0040715d
                                                                                                                              0x00407160
                                                                                                                              0x00407163
                                                                                                                              0x00407166
                                                                                                                              0x00407166
                                                                                                                              0x00407169
                                                                                                                              0x00407170
                                                                                                                              0x00407175
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407203
                                                                                                                              0x00407203
                                                                                                                              0x00407207
                                                                                                                              0x004075a5
                                                                                                                              0x00000000
                                                                                                                              0x004075a5
                                                                                                                              0x0040720d
                                                                                                                              0x00407210
                                                                                                                              0x00407213
                                                                                                                              0x00407217
                                                                                                                              0x0040721a
                                                                                                                              0x00407220
                                                                                                                              0x00407222
                                                                                                                              0x00407222
                                                                                                                              0x00407222
                                                                                                                              0x00407225
                                                                                                                              0x00407228
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406df8
                                                                                                                              0x00406df8
                                                                                                                              0x00406dfc
                                                                                                                              0x00407569
                                                                                                                              0x00000000
                                                                                                                              0x00407569
                                                                                                                              0x00406e02
                                                                                                                              0x00406e05
                                                                                                                              0x00406e08
                                                                                                                              0x00406e0c
                                                                                                                              0x00406e0f
                                                                                                                              0x00406e15
                                                                                                                              0x00406e17
                                                                                                                              0x00406e17
                                                                                                                              0x00406e17
                                                                                                                              0x00406e1a
                                                                                                                              0x00406e1d
                                                                                                                              0x00406e1d
                                                                                                                              0x00406e20
                                                                                                                              0x00406e23
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406e29
                                                                                                                              0x00406e2f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406e35
                                                                                                                              0x00406e35
                                                                                                                              0x00406e39
                                                                                                                              0x00406e3c
                                                                                                                              0x00406e3f
                                                                                                                              0x00406e42
                                                                                                                              0x00406e45
                                                                                                                              0x00406e46
                                                                                                                              0x00406e49
                                                                                                                              0x00406e4b
                                                                                                                              0x00406e51
                                                                                                                              0x00406e54
                                                                                                                              0x00406e57
                                                                                                                              0x00406e5a
                                                                                                                              0x00406e5d
                                                                                                                              0x00406e60
                                                                                                                              0x00406e63
                                                                                                                              0x00406e7f
                                                                                                                              0x00406e82
                                                                                                                              0x00406e85
                                                                                                                              0x00406e88
                                                                                                                              0x00406e8f
                                                                                                                              0x00406e93
                                                                                                                              0x00406e95
                                                                                                                              0x00406e99
                                                                                                                              0x00406e65
                                                                                                                              0x00406e65
                                                                                                                              0x00406e69
                                                                                                                              0x00406e71
                                                                                                                              0x00406e76
                                                                                                                              0x00406e78
                                                                                                                              0x00406e7a
                                                                                                                              0x00406e7a
                                                                                                                              0x00406e9c
                                                                                                                              0x00406ea3
                                                                                                                              0x00406ea6
                                                                                                                              0x00000000
                                                                                                                              0x00406eac
                                                                                                                              0x00000000
                                                                                                                              0x00406eac
                                                                                                                              0x00000000
                                                                                                                              0x00406eb1
                                                                                                                              0x00406eb1
                                                                                                                              0x00406eb5
                                                                                                                              0x00407575
                                                                                                                              0x00000000
                                                                                                                              0x00407575
                                                                                                                              0x00406ebb
                                                                                                                              0x00406ebe
                                                                                                                              0x00406ec1
                                                                                                                              0x00406ec5
                                                                                                                              0x00406ec8
                                                                                                                              0x00406ece
                                                                                                                              0x00406ed0
                                                                                                                              0x00406ed0
                                                                                                                              0x00406ed0
                                                                                                                              0x00406ed3
                                                                                                                              0x00406ed6
                                                                                                                              0x00406ed6
                                                                                                                              0x00406ed6
                                                                                                                              0x00406edc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406ede
                                                                                                                              0x00406ee1
                                                                                                                              0x00406ee4
                                                                                                                              0x00406ee7
                                                                                                                              0x00406eea
                                                                                                                              0x00406eed
                                                                                                                              0x00406ef0
                                                                                                                              0x00406ef3
                                                                                                                              0x00406ef6
                                                                                                                              0x00406ef9
                                                                                                                              0x00406efc
                                                                                                                              0x00406f14
                                                                                                                              0x00406f17
                                                                                                                              0x00406f1a
                                                                                                                              0x00406f1d
                                                                                                                              0x00406f1d
                                                                                                                              0x00406f20
                                                                                                                              0x00406f24
                                                                                                                              0x00406f26
                                                                                                                              0x00406efe
                                                                                                                              0x00406efe
                                                                                                                              0x00406f06
                                                                                                                              0x00406f0b
                                                                                                                              0x00406f0d
                                                                                                                              0x00406f0f
                                                                                                                              0x00406f0f
                                                                                                                              0x00406f29
                                                                                                                              0x00406f30
                                                                                                                              0x00406f33
                                                                                                                              0x00000000
                                                                                                                              0x00406f35
                                                                                                                              0x00000000
                                                                                                                              0x00406f35
                                                                                                                              0x00406f33
                                                                                                                              0x00406f3a
                                                                                                                              0x00406f3a
                                                                                                                              0x00406f3a
                                                                                                                              0x00406f3a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406f75
                                                                                                                              0x00406f75
                                                                                                                              0x00406f79
                                                                                                                              0x00407581
                                                                                                                              0x00000000
                                                                                                                              0x00407581
                                                                                                                              0x00406f7f
                                                                                                                              0x00406f82
                                                                                                                              0x00406f85
                                                                                                                              0x00406f89
                                                                                                                              0x00406f8c
                                                                                                                              0x00406f92
                                                                                                                              0x00406f94
                                                                                                                              0x00406f94
                                                                                                                              0x00406f94
                                                                                                                              0x00406f97
                                                                                                                              0x00406f9a
                                                                                                                              0x00406f9a
                                                                                                                              0x00406fa0
                                                                                                                              0x00406f3e
                                                                                                                              0x00406f3e
                                                                                                                              0x00406f41
                                                                                                                              0x00000000
                                                                                                                              0x00406f41
                                                                                                                              0x00406fa2
                                                                                                                              0x00406fa2
                                                                                                                              0x00406fa5
                                                                                                                              0x00406fa8
                                                                                                                              0x00406fab
                                                                                                                              0x00406fae
                                                                                                                              0x00406fb1
                                                                                                                              0x00406fb4
                                                                                                                              0x00406fb7
                                                                                                                              0x00406fba
                                                                                                                              0x00406fbd
                                                                                                                              0x00406fc0
                                                                                                                              0x00406fd8
                                                                                                                              0x00406fdb
                                                                                                                              0x00406fde
                                                                                                                              0x00406fe1
                                                                                                                              0x00406fe1
                                                                                                                              0x00406fe4
                                                                                                                              0x00406fe8
                                                                                                                              0x00406fea
                                                                                                                              0x00406fc2
                                                                                                                              0x00406fc2
                                                                                                                              0x00406fca
                                                                                                                              0x00406fcf
                                                                                                                              0x00406fd1
                                                                                                                              0x00406fd3
                                                                                                                              0x00406fd3
                                                                                                                              0x00406fed
                                                                                                                              0x00406ff4
                                                                                                                              0x00406ff7
                                                                                                                              0x00000000
                                                                                                                              0x00406ff9
                                                                                                                              0x00000000
                                                                                                                              0x00406ff9
                                                                                                                              0x00000000
                                                                                                                              0x00407286
                                                                                                                              0x00407286
                                                                                                                              0x0040728a
                                                                                                                              0x004075b1
                                                                                                                              0x00000000
                                                                                                                              0x004075b1
                                                                                                                              0x00407290
                                                                                                                              0x00407293
                                                                                                                              0x00407296
                                                                                                                              0x0040729a
                                                                                                                              0x0040729d
                                                                                                                              0x004072a3
                                                                                                                              0x004072a5
                                                                                                                              0x004072a5
                                                                                                                              0x004072a5
                                                                                                                              0x004072a8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407056
                                                                                                                              0x00407056
                                                                                                                              0x00407059
                                                                                                                              0x004073cb
                                                                                                                              0x004073cb
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407452
                                                                                                                              0x00407456
                                                                                                                              0x00407474
                                                                                                                              0x00407474
                                                                                                                              0x00407474
                                                                                                                              0x0040747b
                                                                                                                              0x00407482
                                                                                                                              0x00000000
                                                                                                                              0x00407482
                                                                                                                              0x00407458
                                                                                                                              0x0040745b
                                                                                                                              0x0040745e
                                                                                                                              0x00407461
                                                                                                                              0x00407468
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407543
                                                                                                                              0x00407546
                                                                                                                              0x00407447
                                                                                                                              0x00407447
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040717d
                                                                                                                              0x0040717f
                                                                                                                              0x00407186
                                                                                                                              0x00407187
                                                                                                                              0x00407189
                                                                                                                              0x0040718c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407194
                                                                                                                              0x00407197
                                                                                                                              0x0040719a
                                                                                                                              0x0040719c
                                                                                                                              0x0040719e
                                                                                                                              0x0040719e
                                                                                                                              0x0040719f
                                                                                                                              0x004071a2
                                                                                                                              0x004071a9
                                                                                                                              0x004071ac
                                                                                                                              0x004071ba
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040749f
                                                                                                                              0x0040749f
                                                                                                                              0x004074a3
                                                                                                                              0x004075db
                                                                                                                              0x00000000
                                                                                                                              0x004075db
                                                                                                                              0x004074a9
                                                                                                                              0x004074ac
                                                                                                                              0x004074af
                                                                                                                              0x004074b3
                                                                                                                              0x004074b6
                                                                                                                              0x004074bc
                                                                                                                              0x004074be
                                                                                                                              0x004074be
                                                                                                                              0x004074be
                                                                                                                              0x004074c1
                                                                                                                              0x004074c4
                                                                                                                              0x004074c4
                                                                                                                              0x004074c4
                                                                                                                              0x004074c4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004071c2
                                                                                                                              0x004071c5
                                                                                                                              0x004071fb
                                                                                                                              0x0040732b
                                                                                                                              0x0040732b
                                                                                                                              0x0040732b
                                                                                                                              0x0040732b
                                                                                                                              0x0040732e
                                                                                                                              0x0040732e
                                                                                                                              0x00407331
                                                                                                                              0x00407333
                                                                                                                              0x004075bd
                                                                                                                              0x00000000
                                                                                                                              0x004075bd
                                                                                                                              0x00407339
                                                                                                                              0x0040733c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407342
                                                                                                                              0x00407346
                                                                                                                              0x00407349
                                                                                                                              0x00407349
                                                                                                                              0x00407349
                                                                                                                              0x00000000
                                                                                                                              0x00407349
                                                                                                                              0x004071c7
                                                                                                                              0x004071c9
                                                                                                                              0x004071cb
                                                                                                                              0x004071cd
                                                                                                                              0x004071d0
                                                                                                                              0x004071d1
                                                                                                                              0x004071d3
                                                                                                                              0x004071d5
                                                                                                                              0x004071d8
                                                                                                                              0x004071db
                                                                                                                              0x004071f1
                                                                                                                              0x004071f6
                                                                                                                              0x0040722e
                                                                                                                              0x0040722e
                                                                                                                              0x00407232
                                                                                                                              0x0040725e
                                                                                                                              0x00407260
                                                                                                                              0x00407267
                                                                                                                              0x0040726a
                                                                                                                              0x0040726d
                                                                                                                              0x0040726d
                                                                                                                              0x00407272
                                                                                                                              0x00407272
                                                                                                                              0x00407274
                                                                                                                              0x00407277
                                                                                                                              0x0040727e
                                                                                                                              0x00407281
                                                                                                                              0x004072ae
                                                                                                                              0x004072ae
                                                                                                                              0x004072b1
                                                                                                                              0x004072b4
                                                                                                                              0x00407328
                                                                                                                              0x00407328
                                                                                                                              0x00407328
                                                                                                                              0x00000000
                                                                                                                              0x00407328
                                                                                                                              0x004072b6
                                                                                                                              0x004072bc
                                                                                                                              0x004072bf
                                                                                                                              0x004072c2
                                                                                                                              0x004072c5
                                                                                                                              0x004072c8
                                                                                                                              0x004072cb
                                                                                                                              0x004072ce
                                                                                                                              0x004072d1
                                                                                                                              0x004072d4
                                                                                                                              0x004072d7
                                                                                                                              0x004072f0
                                                                                                                              0x004072f2
                                                                                                                              0x004072f5
                                                                                                                              0x004072f6
                                                                                                                              0x004072f9
                                                                                                                              0x004072fb
                                                                                                                              0x004072fe
                                                                                                                              0x00407300
                                                                                                                              0x00407302
                                                                                                                              0x00407305
                                                                                                                              0x00407307
                                                                                                                              0x0040730a
                                                                                                                              0x0040730e
                                                                                                                              0x00407310
                                                                                                                              0x00407310
                                                                                                                              0x00407311
                                                                                                                              0x00407314
                                                                                                                              0x00407317
                                                                                                                              0x004072d9
                                                                                                                              0x004072d9
                                                                                                                              0x004072e1
                                                                                                                              0x004072e6
                                                                                                                              0x004072e8
                                                                                                                              0x004072eb
                                                                                                                              0x004072eb
                                                                                                                              0x0040731a
                                                                                                                              0x00407321
                                                                                                                              0x004072ab
                                                                                                                              0x004072ab
                                                                                                                              0x004072ab
                                                                                                                              0x004072ab
                                                                                                                              0x00000000
                                                                                                                              0x00407323
                                                                                                                              0x00000000
                                                                                                                              0x00407323
                                                                                                                              0x00407321
                                                                                                                              0x00407234
                                                                                                                              0x00407237
                                                                                                                              0x00407239
                                                                                                                              0x0040723c
                                                                                                                              0x0040723f
                                                                                                                              0x00407242
                                                                                                                              0x00407244
                                                                                                                              0x00407247
                                                                                                                              0x0040724a
                                                                                                                              0x0040724a
                                                                                                                              0x0040724d
                                                                                                                              0x0040724d
                                                                                                                              0x00407250
                                                                                                                              0x00407257
                                                                                                                              0x0040722b
                                                                                                                              0x0040722b
                                                                                                                              0x0040722b
                                                                                                                              0x0040722b
                                                                                                                              0x00000000
                                                                                                                              0x00407259
                                                                                                                              0x00000000
                                                                                                                              0x00407259
                                                                                                                              0x00407257
                                                                                                                              0x004071dd
                                                                                                                              0x004071e0
                                                                                                                              0x004071e2
                                                                                                                              0x004071e5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406f44
                                                                                                                              0x00406f44
                                                                                                                              0x00406f48
                                                                                                                              0x0040758d
                                                                                                                              0x00000000
                                                                                                                              0x0040758d
                                                                                                                              0x00406f4e
                                                                                                                              0x00406f51
                                                                                                                              0x00406f54
                                                                                                                              0x00406f57
                                                                                                                              0x00406f5a
                                                                                                                              0x00406f5d
                                                                                                                              0x00406f60
                                                                                                                              0x00406f62
                                                                                                                              0x00406f65
                                                                                                                              0x00406f68
                                                                                                                              0x00406f6b
                                                                                                                              0x00406f6d
                                                                                                                              0x00406f6d
                                                                                                                              0x00406f6d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004070cf
                                                                                                                              0x004070cf
                                                                                                                              0x004070d3
                                                                                                                              0x00407599
                                                                                                                              0x00000000
                                                                                                                              0x00407599
                                                                                                                              0x004070d9
                                                                                                                              0x004070dc
                                                                                                                              0x004070df
                                                                                                                              0x004070e2
                                                                                                                              0x004070e4
                                                                                                                              0x004070e4
                                                                                                                              0x004070e4
                                                                                                                              0x004070e7
                                                                                                                              0x004070ea
                                                                                                                              0x004070ed
                                                                                                                              0x004070f0
                                                                                                                              0x004070f3
                                                                                                                              0x004070f6
                                                                                                                              0x004070f7
                                                                                                                              0x004070f9
                                                                                                                              0x004070f9
                                                                                                                              0x004070f9
                                                                                                                              0x004070fc
                                                                                                                              0x004070ff
                                                                                                                              0x00407102
                                                                                                                              0x00407105
                                                                                                                              0x00407105
                                                                                                                              0x00407105
                                                                                                                              0x00407108
                                                                                                                              0x0040710a
                                                                                                                              0x0040710a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040734c
                                                                                                                              0x0040734c
                                                                                                                              0x0040734c
                                                                                                                              0x00407350
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407356
                                                                                                                              0x00407359
                                                                                                                              0x0040735c
                                                                                                                              0x0040735f
                                                                                                                              0x00407361
                                                                                                                              0x00407361
                                                                                                                              0x00407361
                                                                                                                              0x00407364
                                                                                                                              0x00407367
                                                                                                                              0x0040736a
                                                                                                                              0x0040736d
                                                                                                                              0x00407370
                                                                                                                              0x00407373
                                                                                                                              0x00407374
                                                                                                                              0x00407376
                                                                                                                              0x00407376
                                                                                                                              0x00407376
                                                                                                                              0x00407379
                                                                                                                              0x0040737c
                                                                                                                              0x0040737f
                                                                                                                              0x00407382
                                                                                                                              0x00407385
                                                                                                                              0x00407389
                                                                                                                              0x0040738b
                                                                                                                              0x0040738e
                                                                                                                              0x00000000
                                                                                                                              0x00407390
                                                                                                                              0x0040710d
                                                                                                                              0x0040710d
                                                                                                                              0x00000000
                                                                                                                              0x0040710d
                                                                                                                              0x0040738e
                                                                                                                              0x004075c3
                                                                                                                              0x004075e5
                                                                                                                              0x004075eb
                                                                                                                              0x004075ed
                                                                                                                              0x004075f4
                                                                                                                              0x004075f6
                                                                                                                              0x004075fd
                                                                                                                              0x00407601
                                                                                                                              0x00000000
                                                                                                                              0x00406bf2
                                                                                                                              0x004075fa
                                                                                                                              0x004075fa
                                                                                                                              0x00000000
                                                                                                                              0x004075fa
                                                                                                                              0x00407447
                                                                                                                              0x004074cd
                                                                                                                              0x004074d3
                                                                                                                              0x004074d6
                                                                                                                              0x004074d9
                                                                                                                              0x004074dc
                                                                                                                              0x004074df
                                                                                                                              0x004074e2
                                                                                                                              0x004074e5
                                                                                                                              0x004074e8
                                                                                                                              0x004074ee
                                                                                                                              0x00407507
                                                                                                                              0x0040750a
                                                                                                                              0x0040750d
                                                                                                                              0x00407510
                                                                                                                              0x00407514
                                                                                                                              0x00407516
                                                                                                                              0x00407517
                                                                                                                              0x0040751a
                                                                                                                              0x004074f0
                                                                                                                              0x004074f0
                                                                                                                              0x004074f8
                                                                                                                              0x004074fd
                                                                                                                              0x004074ff
                                                                                                                              0x00407502
                                                                                                                              0x00407502
                                                                                                                              0x00407524
                                                                                                                              0x00000000
                                                                                                                              0x00407526
                                                                                                                              0x00000000
                                                                                                                              0x00407526
                                                                                                                              0x00407524
                                                                                                                              0x00000000
                                                                                                                              0x00407399

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 97748a737734167d5846b9d8dd4738ada3f75d0b833fdafa89234df63502b4a5
                                                                                                                              • Instruction ID: d49815ad38d406b3cd0a1a90ea7be1526168d9e39684835ffa6a026ef1ef4849
                                                                                                                              • Opcode Fuzzy Hash: 97748a737734167d5846b9d8dd4738ada3f75d0b833fdafa89234df63502b4a5
                                                                                                                              • Instruction Fuzzy Hash: 91913270D04228DBEF28CF98C8547ADBBB1FF44305F14816AD856BB281D778A986DF45
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004070AB Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 98%
                                                                                                                              			E004070AB() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M00407602))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8));
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                                                              0x00000000
                                                                                                                              0x004070ab
                                                                                                                              0x004070ab
                                                                                                                              0x004070af
                                                                                                                              0x00407166
                                                                                                                              0x00407169
                                                                                                                              0x00407175
                                                                                                                              0x00407056
                                                                                                                              0x00407056
                                                                                                                              0x00407059
                                                                                                                              0x004073cb
                                                                                                                              0x004073cb
                                                                                                                              0x004073ce
                                                                                                                              0x004073ce
                                                                                                                              0x004073d4
                                                                                                                              0x004073da
                                                                                                                              0x004073e0
                                                                                                                              0x004073fa
                                                                                                                              0x004073fd
                                                                                                                              0x00407403
                                                                                                                              0x0040740e
                                                                                                                              0x00407410
                                                                                                                              0x004073e2
                                                                                                                              0x004073e2
                                                                                                                              0x004073f1
                                                                                                                              0x004073f5
                                                                                                                              0x004073f5
                                                                                                                              0x0040741a
                                                                                                                              0x00407441
                                                                                                                              0x00407441
                                                                                                                              0x00407447
                                                                                                                              0x00407447
                                                                                                                              0x00000000
                                                                                                                              0x0040741c
                                                                                                                              0x0040741c
                                                                                                                              0x00407420
                                                                                                                              0x004075cf
                                                                                                                              0x00000000
                                                                                                                              0x004075cf
                                                                                                                              0x0040742c
                                                                                                                              0x00407433
                                                                                                                              0x0040743b
                                                                                                                              0x0040743e
                                                                                                                              0x00000000
                                                                                                                              0x0040743e
                                                                                                                              0x004070b5
                                                                                                                              0x004070b9
                                                                                                                              0x004075fa
                                                                                                                              0x004075fa
                                                                                                                              0x004075fd
                                                                                                                              0x00407601
                                                                                                                              0x00407601
                                                                                                                              0x004070bf
                                                                                                                              0x004070c5
                                                                                                                              0x004070c8
                                                                                                                              0x004070cc
                                                                                                                              0x004070cf
                                                                                                                              0x004070d3
                                                                                                                              0x00407599
                                                                                                                              0x004075e5
                                                                                                                              0x004075ed
                                                                                                                              0x004075f4
                                                                                                                              0x004075f6
                                                                                                                              0x00000000
                                                                                                                              0x004075f6
                                                                                                                              0x004070d9
                                                                                                                              0x004070dc
                                                                                                                              0x004070e2
                                                                                                                              0x004070e4
                                                                                                                              0x004070e4
                                                                                                                              0x004070e7
                                                                                                                              0x004070ea
                                                                                                                              0x004070ed
                                                                                                                              0x004070f0
                                                                                                                              0x004070f3
                                                                                                                              0x004070f6
                                                                                                                              0x004070f7
                                                                                                                              0x004070f9
                                                                                                                              0x004070f9
                                                                                                                              0x004070f9
                                                                                                                              0x004070fc
                                                                                                                              0x004070ff
                                                                                                                              0x00407102
                                                                                                                              0x00407105
                                                                                                                              0x00407105
                                                                                                                              0x00407108
                                                                                                                              0x0040710a
                                                                                                                              0x0040710a
                                                                                                                              0x0040710d
                                                                                                                              0x0040710d
                                                                                                                              0x0040710d
                                                                                                                              0x00406be3
                                                                                                                              0x00406be3
                                                                                                                              0x00406bec
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406bf2
                                                                                                                              0x00000000
                                                                                                                              0x00406bfd
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406c06
                                                                                                                              0x00406c09
                                                                                                                              0x00406c0c
                                                                                                                              0x00406c10
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406c16
                                                                                                                              0x00406c19
                                                                                                                              0x00406c1b
                                                                                                                              0x00406c1c
                                                                                                                              0x00406c1f
                                                                                                                              0x00406c21
                                                                                                                              0x00406c22
                                                                                                                              0x00406c24
                                                                                                                              0x00406c27
                                                                                                                              0x00406c2c
                                                                                                                              0x00406c31
                                                                                                                              0x00406c3a
                                                                                                                              0x00406c4d
                                                                                                                              0x00406c50
                                                                                                                              0x00406c5c
                                                                                                                              0x00406c84
                                                                                                                              0x00406c86
                                                                                                                              0x00406c94
                                                                                                                              0x00406c94
                                                                                                                              0x00406c98
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406c88
                                                                                                                              0x00406c88
                                                                                                                              0x00406c8b
                                                                                                                              0x00406c8c
                                                                                                                              0x00406c8c
                                                                                                                              0x00000000
                                                                                                                              0x00406c88
                                                                                                                              0x00406c62
                                                                                                                              0x00406c67
                                                                                                                              0x00406c67
                                                                                                                              0x00406c70
                                                                                                                              0x00406c78
                                                                                                                              0x00406c7b
                                                                                                                              0x00000000
                                                                                                                              0x00406c81
                                                                                                                              0x00406c81
                                                                                                                              0x00000000
                                                                                                                              0x00406c81
                                                                                                                              0x00000000
                                                                                                                              0x00406c9e
                                                                                                                              0x00406c9e
                                                                                                                              0x00406ca2
                                                                                                                              0x0040754e
                                                                                                                              0x00000000
                                                                                                                              0x0040754e
                                                                                                                              0x00406cab
                                                                                                                              0x00406cbb
                                                                                                                              0x00406cbe
                                                                                                                              0x00406cc1
                                                                                                                              0x00406cc1
                                                                                                                              0x00406cc1
                                                                                                                              0x00406cc4
                                                                                                                              0x00406cc8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406cca
                                                                                                                              0x00406cd0
                                                                                                                              0x00406cfa
                                                                                                                              0x00406d00
                                                                                                                              0x00406d07
                                                                                                                              0x00000000
                                                                                                                              0x00406d07
                                                                                                                              0x00406cd6
                                                                                                                              0x00406cd9
                                                                                                                              0x00406cde
                                                                                                                              0x00406cde
                                                                                                                              0x00406ce9
                                                                                                                              0x00406cf1
                                                                                                                              0x00406cf4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406d39
                                                                                                                              0x00406d3f
                                                                                                                              0x00406d42
                                                                                                                              0x00406d4f
                                                                                                                              0x00406d57
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406d0e
                                                                                                                              0x00406d0e
                                                                                                                              0x00406d12
                                                                                                                              0x0040755d
                                                                                                                              0x00000000
                                                                                                                              0x0040755d
                                                                                                                              0x00406d1e
                                                                                                                              0x00406d29
                                                                                                                              0x00406d29
                                                                                                                              0x00406d29
                                                                                                                              0x00406d2c
                                                                                                                              0x00406d2f
                                                                                                                              0x00406d32
                                                                                                                              0x00406d37
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406d5f
                                                                                                                              0x00406d61
                                                                                                                              0x00406d64
                                                                                                                              0x00406dd5
                                                                                                                              0x00406dd8
                                                                                                                              0x00406ddb
                                                                                                                              0x00406de2
                                                                                                                              0x00406dec
                                                                                                                              0x00000000
                                                                                                                              0x00406dec
                                                                                                                              0x00406d66
                                                                                                                              0x00406d6a
                                                                                                                              0x00406d6d
                                                                                                                              0x00406d6f
                                                                                                                              0x00406d72
                                                                                                                              0x00406d75
                                                                                                                              0x00406d77
                                                                                                                              0x00406d7a
                                                                                                                              0x00406d7c
                                                                                                                              0x00406d81
                                                                                                                              0x00406d84
                                                                                                                              0x00406d87
                                                                                                                              0x00406d8b
                                                                                                                              0x00406d92
                                                                                                                              0x00406d95
                                                                                                                              0x00406d9c
                                                                                                                              0x00406da0
                                                                                                                              0x00406da8
                                                                                                                              0x00406da8
                                                                                                                              0x00406da8
                                                                                                                              0x00406da2
                                                                                                                              0x00406da2
                                                                                                                              0x00406da2
                                                                                                                              0x00406d97
                                                                                                                              0x00406d97
                                                                                                                              0x00406d97
                                                                                                                              0x00406dac
                                                                                                                              0x00406daf
                                                                                                                              0x00406dcd
                                                                                                                              0x00406dcf
                                                                                                                              0x00000000
                                                                                                                              0x00406db1
                                                                                                                              0x00406db1
                                                                                                                              0x00406db4
                                                                                                                              0x00406db7
                                                                                                                              0x00406dba
                                                                                                                              0x00406dbc
                                                                                                                              0x00406dbc
                                                                                                                              0x00406dbc
                                                                                                                              0x00406dbf
                                                                                                                              0x00406dc2
                                                                                                                              0x00406dc4
                                                                                                                              0x00406dc5
                                                                                                                              0x00406dc8
                                                                                                                              0x00000000
                                                                                                                              0x00406dc8
                                                                                                                              0x00000000
                                                                                                                              0x00406ffe
                                                                                                                              0x00407002
                                                                                                                              0x00407020
                                                                                                                              0x00407023
                                                                                                                              0x0040702a
                                                                                                                              0x0040702d
                                                                                                                              0x00407030
                                                                                                                              0x00407033
                                                                                                                              0x00407036
                                                                                                                              0x00407039
                                                                                                                              0x0040703b
                                                                                                                              0x00407042
                                                                                                                              0x00407043
                                                                                                                              0x00407045
                                                                                                                              0x00407048
                                                                                                                              0x0040704b
                                                                                                                              0x0040704e
                                                                                                                              0x0040704e
                                                                                                                              0x00407053
                                                                                                                              0x00000000
                                                                                                                              0x00407053
                                                                                                                              0x00407004
                                                                                                                              0x00407007
                                                                                                                              0x0040700a
                                                                                                                              0x00407014
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407068
                                                                                                                              0x0040706c
                                                                                                                              0x0040708f
                                                                                                                              0x00407092
                                                                                                                              0x00407095
                                                                                                                              0x0040709f
                                                                                                                              0x0040706e
                                                                                                                              0x0040706e
                                                                                                                              0x00407071
                                                                                                                              0x00407074
                                                                                                                              0x00407077
                                                                                                                              0x00407084
                                                                                                                              0x00407087
                                                                                                                              0x00407087
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040711c
                                                                                                                              0x00407120
                                                                                                                              0x00407127
                                                                                                                              0x0040712a
                                                                                                                              0x0040712d
                                                                                                                              0x00407137
                                                                                                                              0x00000000
                                                                                                                              0x00407137
                                                                                                                              0x00407122
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407143
                                                                                                                              0x00407147
                                                                                                                              0x0040714e
                                                                                                                              0x00407151
                                                                                                                              0x00407154
                                                                                                                              0x00407149
                                                                                                                              0x00407149
                                                                                                                              0x00407149
                                                                                                                              0x00407157
                                                                                                                              0x0040715a
                                                                                                                              0x0040715d
                                                                                                                              0x0040715d
                                                                                                                              0x00407160
                                                                                                                              0x00407163
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407203
                                                                                                                              0x00407203
                                                                                                                              0x00407207
                                                                                                                              0x004075a5
                                                                                                                              0x00000000
                                                                                                                              0x004075a5
                                                                                                                              0x0040720d
                                                                                                                              0x00407210
                                                                                                                              0x00407213
                                                                                                                              0x00407217
                                                                                                                              0x0040721a
                                                                                                                              0x00407220
                                                                                                                              0x00407222
                                                                                                                              0x00407222
                                                                                                                              0x00407222
                                                                                                                              0x00407225
                                                                                                                              0x00407228
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406df8
                                                                                                                              0x00406df8
                                                                                                                              0x00406dfc
                                                                                                                              0x00407569
                                                                                                                              0x00000000
                                                                                                                              0x00407569
                                                                                                                              0x00406e02
                                                                                                                              0x00406e05
                                                                                                                              0x00406e08
                                                                                                                              0x00406e0c
                                                                                                                              0x00406e0f
                                                                                                                              0x00406e15
                                                                                                                              0x00406e17
                                                                                                                              0x00406e17
                                                                                                                              0x00406e17
                                                                                                                              0x00406e1a
                                                                                                                              0x00406e1d
                                                                                                                              0x00406e1d
                                                                                                                              0x00406e20
                                                                                                                              0x00406e23
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406e29
                                                                                                                              0x00406e2f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406e35
                                                                                                                              0x00406e35
                                                                                                                              0x00406e39
                                                                                                                              0x00406e3c
                                                                                                                              0x00406e3f
                                                                                                                              0x00406e42
                                                                                                                              0x00406e45
                                                                                                                              0x00406e46
                                                                                                                              0x00406e49
                                                                                                                              0x00406e4b
                                                                                                                              0x00406e51
                                                                                                                              0x00406e54
                                                                                                                              0x00406e57
                                                                                                                              0x00406e5a
                                                                                                                              0x00406e5d
                                                                                                                              0x00406e60
                                                                                                                              0x00406e63
                                                                                                                              0x00406e7f
                                                                                                                              0x00406e82
                                                                                                                              0x00406e85
                                                                                                                              0x00406e88
                                                                                                                              0x00406e8f
                                                                                                                              0x00406e93
                                                                                                                              0x00406e95
                                                                                                                              0x00406e99
                                                                                                                              0x00406e65
                                                                                                                              0x00406e65
                                                                                                                              0x00406e69
                                                                                                                              0x00406e71
                                                                                                                              0x00406e76
                                                                                                                              0x00406e78
                                                                                                                              0x00406e7a
                                                                                                                              0x00406e7a
                                                                                                                              0x00406e9c
                                                                                                                              0x00406ea3
                                                                                                                              0x00406ea6
                                                                                                                              0x00000000
                                                                                                                              0x00406eac
                                                                                                                              0x00000000
                                                                                                                              0x00406eac
                                                                                                                              0x00000000
                                                                                                                              0x00406eb1
                                                                                                                              0x00406eb1
                                                                                                                              0x00406eb5
                                                                                                                              0x00407575
                                                                                                                              0x00000000
                                                                                                                              0x00407575
                                                                                                                              0x00406ebb
                                                                                                                              0x00406ebe
                                                                                                                              0x00406ec1
                                                                                                                              0x00406ec5
                                                                                                                              0x00406ec8
                                                                                                                              0x00406ece
                                                                                                                              0x00406ed0
                                                                                                                              0x00406ed0
                                                                                                                              0x00406ed0
                                                                                                                              0x00406ed3
                                                                                                                              0x00406ed6
                                                                                                                              0x00406ed6
                                                                                                                              0x00406ed6
                                                                                                                              0x00406edc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406ede
                                                                                                                              0x00406ee1
                                                                                                                              0x00406ee4
                                                                                                                              0x00406ee7
                                                                                                                              0x00406eea
                                                                                                                              0x00406eed
                                                                                                                              0x00406ef0
                                                                                                                              0x00406ef3
                                                                                                                              0x00406ef6
                                                                                                                              0x00406ef9
                                                                                                                              0x00406efc
                                                                                                                              0x00406f14
                                                                                                                              0x00406f17
                                                                                                                              0x00406f1a
                                                                                                                              0x00406f1d
                                                                                                                              0x00406f1d
                                                                                                                              0x00406f20
                                                                                                                              0x00406f24
                                                                                                                              0x00406f26
                                                                                                                              0x00406efe
                                                                                                                              0x00406efe
                                                                                                                              0x00406f06
                                                                                                                              0x00406f0b
                                                                                                                              0x00406f0d
                                                                                                                              0x00406f0f
                                                                                                                              0x00406f0f
                                                                                                                              0x00406f29
                                                                                                                              0x00406f30
                                                                                                                              0x00406f33
                                                                                                                              0x00000000
                                                                                                                              0x00406f35
                                                                                                                              0x00000000
                                                                                                                              0x00406f35
                                                                                                                              0x00406f33
                                                                                                                              0x00406f3a
                                                                                                                              0x00406f3a
                                                                                                                              0x00406f3a
                                                                                                                              0x00406f3a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406f75
                                                                                                                              0x00406f75
                                                                                                                              0x00406f79
                                                                                                                              0x00407581
                                                                                                                              0x00000000
                                                                                                                              0x00407581
                                                                                                                              0x00406f7f
                                                                                                                              0x00406f82
                                                                                                                              0x00406f85
                                                                                                                              0x00406f89
                                                                                                                              0x00406f8c
                                                                                                                              0x00406f92
                                                                                                                              0x00406f94
                                                                                                                              0x00406f94
                                                                                                                              0x00406f94
                                                                                                                              0x00406f97
                                                                                                                              0x00406f9a
                                                                                                                              0x00406f9a
                                                                                                                              0x00406fa0
                                                                                                                              0x00406f3e
                                                                                                                              0x00406f3e
                                                                                                                              0x00406f41
                                                                                                                              0x00000000
                                                                                                                              0x00406f41
                                                                                                                              0x00406fa2
                                                                                                                              0x00406fa2
                                                                                                                              0x00406fa5
                                                                                                                              0x00406fa8
                                                                                                                              0x00406fab
                                                                                                                              0x00406fae
                                                                                                                              0x00406fb1
                                                                                                                              0x00406fb4
                                                                                                                              0x00406fb7
                                                                                                                              0x00406fba
                                                                                                                              0x00406fbd
                                                                                                                              0x00406fc0
                                                                                                                              0x00406fd8
                                                                                                                              0x00406fdb
                                                                                                                              0x00406fde
                                                                                                                              0x00406fe1
                                                                                                                              0x00406fe1
                                                                                                                              0x00406fe4
                                                                                                                              0x00406fe8
                                                                                                                              0x00406fea
                                                                                                                              0x00406fc2
                                                                                                                              0x00406fc2
                                                                                                                              0x00406fca
                                                                                                                              0x00406fcf
                                                                                                                              0x00406fd1
                                                                                                                              0x00406fd3
                                                                                                                              0x00406fd3
                                                                                                                              0x00406fed
                                                                                                                              0x00406ff4
                                                                                                                              0x00406ff7
                                                                                                                              0x00000000
                                                                                                                              0x00406ff9
                                                                                                                              0x00000000
                                                                                                                              0x00406ff9
                                                                                                                              0x00000000
                                                                                                                              0x00407286
                                                                                                                              0x00407286
                                                                                                                              0x0040728a
                                                                                                                              0x004075b1
                                                                                                                              0x00000000
                                                                                                                              0x004075b1
                                                                                                                              0x00407290
                                                                                                                              0x00407293
                                                                                                                              0x00407296
                                                                                                                              0x0040729a
                                                                                                                              0x0040729d
                                                                                                                              0x004072a3
                                                                                                                              0x004072a5
                                                                                                                              0x004072a5
                                                                                                                              0x004072a5
                                                                                                                              0x004072a8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407395
                                                                                                                              0x00407399
                                                                                                                              0x004073bb
                                                                                                                              0x004073be
                                                                                                                              0x004073c8
                                                                                                                              0x00000000
                                                                                                                              0x004073c8
                                                                                                                              0x0040739b
                                                                                                                              0x0040739e
                                                                                                                              0x004073a2
                                                                                                                              0x004073a5
                                                                                                                              0x004073a5
                                                                                                                              0x004073a8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407452
                                                                                                                              0x00407456
                                                                                                                              0x00407474
                                                                                                                              0x00407474
                                                                                                                              0x00407474
                                                                                                                              0x0040747b
                                                                                                                              0x00407482
                                                                                                                              0x00407489
                                                                                                                              0x00407489
                                                                                                                              0x00000000
                                                                                                                              0x00407489
                                                                                                                              0x00407458
                                                                                                                              0x0040745b
                                                                                                                              0x0040745e
                                                                                                                              0x00407461
                                                                                                                              0x00407468
                                                                                                                              0x004073ac
                                                                                                                              0x004073ac
                                                                                                                              0x004073af
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407543
                                                                                                                              0x00407546
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040717d
                                                                                                                              0x0040717f
                                                                                                                              0x00407186
                                                                                                                              0x00407187
                                                                                                                              0x00407189
                                                                                                                              0x0040718c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407194
                                                                                                                              0x00407197
                                                                                                                              0x0040719a
                                                                                                                              0x0040719c
                                                                                                                              0x0040719e
                                                                                                                              0x0040719e
                                                                                                                              0x0040719f
                                                                                                                              0x004071a2
                                                                                                                              0x004071a9
                                                                                                                              0x004071ac
                                                                                                                              0x004071ba
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407490
                                                                                                                              0x00407490
                                                                                                                              0x00407493
                                                                                                                              0x0040749a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040749f
                                                                                                                              0x0040749f
                                                                                                                              0x004074a3
                                                                                                                              0x004075db
                                                                                                                              0x00000000
                                                                                                                              0x004075db
                                                                                                                              0x004074a9
                                                                                                                              0x004074ac
                                                                                                                              0x004074af
                                                                                                                              0x004074b3
                                                                                                                              0x004074b6
                                                                                                                              0x004074bc
                                                                                                                              0x004074be
                                                                                                                              0x004074be
                                                                                                                              0x004074be
                                                                                                                              0x004074c1
                                                                                                                              0x004074c4
                                                                                                                              0x004074c4
                                                                                                                              0x004074c4
                                                                                                                              0x004074c4
                                                                                                                              0x004074c7
                                                                                                                              0x004074c7
                                                                                                                              0x004074cb
                                                                                                                              0x0040752b
                                                                                                                              0x0040752e
                                                                                                                              0x00407533
                                                                                                                              0x00407534
                                                                                                                              0x00407536
                                                                                                                              0x00407538
                                                                                                                              0x0040753b
                                                                                                                              0x00000000
                                                                                                                              0x0040753b
                                                                                                                              0x004074cd
                                                                                                                              0x004074d3
                                                                                                                              0x004074d6
                                                                                                                              0x004074d9
                                                                                                                              0x004074dc
                                                                                                                              0x004074df
                                                                                                                              0x004074e2
                                                                                                                              0x004074e5
                                                                                                                              0x004074e8
                                                                                                                              0x004074eb
                                                                                                                              0x004074ee
                                                                                                                              0x00407507
                                                                                                                              0x0040750a
                                                                                                                              0x0040750d
                                                                                                                              0x00407510
                                                                                                                              0x00407514
                                                                                                                              0x00407516
                                                                                                                              0x00407516
                                                                                                                              0x00407517
                                                                                                                              0x0040751a
                                                                                                                              0x004074f0
                                                                                                                              0x004074f0
                                                                                                                              0x004074f8
                                                                                                                              0x004074fd
                                                                                                                              0x004074ff
                                                                                                                              0x00407502
                                                                                                                              0x00407502
                                                                                                                              0x0040751d
                                                                                                                              0x00407524
                                                                                                                              0x00000000
                                                                                                                              0x00407526
                                                                                                                              0x00000000
                                                                                                                              0x00407526
                                                                                                                              0x00000000
                                                                                                                              0x004071c2
                                                                                                                              0x004071c5
                                                                                                                              0x004071fb
                                                                                                                              0x0040732b
                                                                                                                              0x0040732b
                                                                                                                              0x0040732b
                                                                                                                              0x0040732b
                                                                                                                              0x0040732e
                                                                                                                              0x0040732e
                                                                                                                              0x00407331
                                                                                                                              0x00407333
                                                                                                                              0x004075bd
                                                                                                                              0x00000000
                                                                                                                              0x004075bd
                                                                                                                              0x00407339
                                                                                                                              0x0040733c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407342
                                                                                                                              0x00407346
                                                                                                                              0x00407349
                                                                                                                              0x00407349
                                                                                                                              0x00407349
                                                                                                                              0x00000000
                                                                                                                              0x00407349
                                                                                                                              0x004071c7
                                                                                                                              0x004071c9
                                                                                                                              0x004071cb
                                                                                                                              0x004071cd
                                                                                                                              0x004071d0
                                                                                                                              0x004071d1
                                                                                                                              0x004071d3
                                                                                                                              0x004071d5
                                                                                                                              0x004071d8
                                                                                                                              0x004071db
                                                                                                                              0x004071f1
                                                                                                                              0x004071f6
                                                                                                                              0x0040722e
                                                                                                                              0x0040722e
                                                                                                                              0x00407232
                                                                                                                              0x0040725e
                                                                                                                              0x00407260
                                                                                                                              0x00407267
                                                                                                                              0x0040726a
                                                                                                                              0x0040726d
                                                                                                                              0x0040726d
                                                                                                                              0x00407272
                                                                                                                              0x00407272
                                                                                                                              0x00407274
                                                                                                                              0x00407277
                                                                                                                              0x0040727e
                                                                                                                              0x00407281
                                                                                                                              0x004072ae
                                                                                                                              0x004072ae
                                                                                                                              0x004072b1
                                                                                                                              0x004072b4
                                                                                                                              0x00407328
                                                                                                                              0x00407328
                                                                                                                              0x00407328
                                                                                                                              0x00000000
                                                                                                                              0x00407328
                                                                                                                              0x004072b6
                                                                                                                              0x004072bc
                                                                                                                              0x004072bf
                                                                                                                              0x004072c2
                                                                                                                              0x004072c5
                                                                                                                              0x004072c8
                                                                                                                              0x004072cb
                                                                                                                              0x004072ce
                                                                                                                              0x004072d1
                                                                                                                              0x004072d4
                                                                                                                              0x004072d7
                                                                                                                              0x004072f0
                                                                                                                              0x004072f2
                                                                                                                              0x004072f5
                                                                                                                              0x004072f6
                                                                                                                              0x004072f9
                                                                                                                              0x004072fb
                                                                                                                              0x004072fe
                                                                                                                              0x00407300
                                                                                                                              0x00407302
                                                                                                                              0x00407305
                                                                                                                              0x00407307
                                                                                                                              0x0040730a
                                                                                                                              0x0040730e
                                                                                                                              0x00407310
                                                                                                                              0x00407310
                                                                                                                              0x00407311
                                                                                                                              0x00407314
                                                                                                                              0x00407317
                                                                                                                              0x004072d9
                                                                                                                              0x004072d9
                                                                                                                              0x004072e1
                                                                                                                              0x004072e6
                                                                                                                              0x004072e8
                                                                                                                              0x004072eb
                                                                                                                              0x004072eb
                                                                                                                              0x0040731a
                                                                                                                              0x00407321
                                                                                                                              0x004072ab
                                                                                                                              0x004072ab
                                                                                                                              0x004072ab
                                                                                                                              0x004072ab
                                                                                                                              0x00000000
                                                                                                                              0x00407323
                                                                                                                              0x00000000
                                                                                                                              0x00407323
                                                                                                                              0x00407321
                                                                                                                              0x00407234
                                                                                                                              0x00407237
                                                                                                                              0x00407239
                                                                                                                              0x0040723c
                                                                                                                              0x0040723f
                                                                                                                              0x00407242
                                                                                                                              0x00407244
                                                                                                                              0x00407247
                                                                                                                              0x0040724a
                                                                                                                              0x0040724a
                                                                                                                              0x0040724d
                                                                                                                              0x0040724d
                                                                                                                              0x00407250
                                                                                                                              0x00407257
                                                                                                                              0x0040722b
                                                                                                                              0x0040722b
                                                                                                                              0x0040722b
                                                                                                                              0x0040722b
                                                                                                                              0x00000000
                                                                                                                              0x00407259
                                                                                                                              0x00000000
                                                                                                                              0x00407259
                                                                                                                              0x00407257
                                                                                                                              0x004071dd
                                                                                                                              0x004071e0
                                                                                                                              0x004071e2
                                                                                                                              0x004071e5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406f44
                                                                                                                              0x00406f44
                                                                                                                              0x00406f48
                                                                                                                              0x0040758d
                                                                                                                              0x00000000
                                                                                                                              0x0040758d
                                                                                                                              0x00406f4e
                                                                                                                              0x00406f51
                                                                                                                              0x00406f54
                                                                                                                              0x00406f57
                                                                                                                              0x00406f5a
                                                                                                                              0x00406f5d
                                                                                                                              0x00406f60
                                                                                                                              0x00406f62
                                                                                                                              0x00406f65
                                                                                                                              0x00406f68
                                                                                                                              0x00406f6b
                                                                                                                              0x00406f6d
                                                                                                                              0x00406f6d
                                                                                                                              0x00406f6d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040734c
                                                                                                                              0x0040734c
                                                                                                                              0x0040734c
                                                                                                                              0x00407350
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407356
                                                                                                                              0x00407359
                                                                                                                              0x0040735c
                                                                                                                              0x0040735f
                                                                                                                              0x00407361
                                                                                                                              0x00407361
                                                                                                                              0x00407361
                                                                                                                              0x00407364
                                                                                                                              0x00407367
                                                                                                                              0x0040736a
                                                                                                                              0x0040736d
                                                                                                                              0x00407370
                                                                                                                              0x00407373
                                                                                                                              0x00407374
                                                                                                                              0x00407376
                                                                                                                              0x00407376
                                                                                                                              0x00407376
                                                                                                                              0x00407379
                                                                                                                              0x0040737c
                                                                                                                              0x0040737f
                                                                                                                              0x00407382
                                                                                                                              0x00407385
                                                                                                                              0x00407389
                                                                                                                              0x0040738b
                                                                                                                              0x0040738e
                                                                                                                              0x00000000
                                                                                                                              0x00407390
                                                                                                                              0x00000000
                                                                                                                              0x00407390
                                                                                                                              0x0040738e
                                                                                                                              0x004075c3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406bf2

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 93c083d05bcdf6195ca23c2a54f1652f9efbc2f2339d63ff2f761c89645e7c92
                                                                                                                              • Instruction ID: 0a676f48c9952aad729ccf503b6a86ce95496029d8c73069f89f3073be052f6e
                                                                                                                              • Opcode Fuzzy Hash: 93c083d05bcdf6195ca23c2a54f1652f9efbc2f2339d63ff2f761c89645e7c92
                                                                                                                              • Instruction Fuzzy Hash: C3813471D08228DFDF24CFA8C8847ADBBB1FB44305F24816AD456BB281D778A986DF05
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00406BB0 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 98%
                                                                                                                              			E00406BB0(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M00407602))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12);
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                                                                                                              0x00406bc0
                                                                                                                              0x00406bc7
                                                                                                                              0x00406bcd
                                                                                                                              0x00406bd3
                                                                                                                              0x00000000
                                                                                                                              0x00406bd7
                                                                                                                              0x00406be3
                                                                                                                              0x00406be3
                                                                                                                              0x00406be3
                                                                                                                              0x00406bec
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406bf2
                                                                                                                              0x00000000
                                                                                                                              0x00406bf9
                                                                                                                              0x00406bfd
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406c06
                                                                                                                              0x00406c09
                                                                                                                              0x00406c0c
                                                                                                                              0x00406c0e
                                                                                                                              0x00406c10
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406c16
                                                                                                                              0x00406c19
                                                                                                                              0x00406c1b
                                                                                                                              0x00406c1c
                                                                                                                              0x00406c1f
                                                                                                                              0x00406c21
                                                                                                                              0x00406c22
                                                                                                                              0x00406c24
                                                                                                                              0x00406c27
                                                                                                                              0x00406c2c
                                                                                                                              0x00406c31
                                                                                                                              0x00406c3a
                                                                                                                              0x00406c4d
                                                                                                                              0x00406c50
                                                                                                                              0x00406c59
                                                                                                                              0x00406c5c
                                                                                                                              0x00406c84
                                                                                                                              0x00406c84
                                                                                                                              0x00406c86
                                                                                                                              0x00406c94
                                                                                                                              0x00406c94
                                                                                                                              0x00406c98
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406c88
                                                                                                                              0x00406c88
                                                                                                                              0x00406c8b
                                                                                                                              0x00406c8b
                                                                                                                              0x00406c8c
                                                                                                                              0x00406c8c
                                                                                                                              0x00000000
                                                                                                                              0x00406c88
                                                                                                                              0x00406c5e
                                                                                                                              0x00406c62
                                                                                                                              0x00406c67
                                                                                                                              0x00406c67
                                                                                                                              0x00406c70
                                                                                                                              0x00406c76
                                                                                                                              0x00406c78
                                                                                                                              0x00406c7b
                                                                                                                              0x00000000
                                                                                                                              0x00406c81
                                                                                                                              0x00406c81
                                                                                                                              0x00000000
                                                                                                                              0x00406c81
                                                                                                                              0x00000000
                                                                                                                              0x00406c9e
                                                                                                                              0x00406c9e
                                                                                                                              0x00406ca2
                                                                                                                              0x0040754e
                                                                                                                              0x00000000
                                                                                                                              0x0040754e
                                                                                                                              0x00406cab
                                                                                                                              0x00406cbb
                                                                                                                              0x00406cbe
                                                                                                                              0x00406cc1
                                                                                                                              0x00406cc1
                                                                                                                              0x00406cc1
                                                                                                                              0x00406cc4
                                                                                                                              0x00406cc4
                                                                                                                              0x00406cc8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406cca
                                                                                                                              0x00406ccd
                                                                                                                              0x00406cd0
                                                                                                                              0x00406cfa
                                                                                                                              0x00406d00
                                                                                                                              0x00406d07
                                                                                                                              0x00000000
                                                                                                                              0x00406d07
                                                                                                                              0x00406cd2
                                                                                                                              0x00406cd6
                                                                                                                              0x00406cd9
                                                                                                                              0x00406cde
                                                                                                                              0x00406cde
                                                                                                                              0x00406ce9
                                                                                                                              0x00406cef
                                                                                                                              0x00406cf1
                                                                                                                              0x00406cf4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406d39
                                                                                                                              0x00406d3f
                                                                                                                              0x00406d42
                                                                                                                              0x00406d4f
                                                                                                                              0x00406d57
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406d0e
                                                                                                                              0x00406d0e
                                                                                                                              0x00406d12
                                                                                                                              0x0040755d
                                                                                                                              0x00000000
                                                                                                                              0x0040755d
                                                                                                                              0x00406d1e
                                                                                                                              0x00406d29
                                                                                                                              0x00406d29
                                                                                                                              0x00406d29
                                                                                                                              0x00406d2c
                                                                                                                              0x00406d2f
                                                                                                                              0x00406d32
                                                                                                                              0x00406d35
                                                                                                                              0x00406d37
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004073ce
                                                                                                                              0x004073ce
                                                                                                                              0x004073d4
                                                                                                                              0x004073da
                                                                                                                              0x004073dd
                                                                                                                              0x004073e0
                                                                                                                              0x004073fa
                                                                                                                              0x004073fd
                                                                                                                              0x00407403
                                                                                                                              0x0040740e
                                                                                                                              0x0040740e
                                                                                                                              0x00407410
                                                                                                                              0x004073e2
                                                                                                                              0x004073e2
                                                                                                                              0x004073f1
                                                                                                                              0x004073f5
                                                                                                                              0x004073f5
                                                                                                                              0x00407413
                                                                                                                              0x0040741a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040741c
                                                                                                                              0x0040741c
                                                                                                                              0x00407420
                                                                                                                              0x004075cf
                                                                                                                              0x00000000
                                                                                                                              0x004075cf
                                                                                                                              0x0040742c
                                                                                                                              0x00407433
                                                                                                                              0x0040743b
                                                                                                                              0x0040743b
                                                                                                                              0x0040743b
                                                                                                                              0x0040743e
                                                                                                                              0x00407441
                                                                                                                              0x00407441
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406d5f
                                                                                                                              0x00406d61
                                                                                                                              0x00406d64
                                                                                                                              0x00406dd5
                                                                                                                              0x00406dd8
                                                                                                                              0x00406ddb
                                                                                                                              0x00406de2
                                                                                                                              0x00406dec
                                                                                                                              0x00000000
                                                                                                                              0x00406dec
                                                                                                                              0x00406d66
                                                                                                                              0x00406d6a
                                                                                                                              0x00406d6d
                                                                                                                              0x00406d6f
                                                                                                                              0x00406d72
                                                                                                                              0x00406d75
                                                                                                                              0x00406d77
                                                                                                                              0x00406d7a
                                                                                                                              0x00406d7c
                                                                                                                              0x00406d81
                                                                                                                              0x00406d84
                                                                                                                              0x00406d87
                                                                                                                              0x00406d8b
                                                                                                                              0x00406d92
                                                                                                                              0x00406d95
                                                                                                                              0x00406d9c
                                                                                                                              0x00406da0
                                                                                                                              0x00406da8
                                                                                                                              0x00406da8
                                                                                                                              0x00406da8
                                                                                                                              0x00406da2
                                                                                                                              0x00406da2
                                                                                                                              0x00406da2
                                                                                                                              0x00406d97
                                                                                                                              0x00406d97
                                                                                                                              0x00406d97
                                                                                                                              0x00406dac
                                                                                                                              0x00406daf
                                                                                                                              0x00406dcd
                                                                                                                              0x00406dcf
                                                                                                                              0x00000000
                                                                                                                              0x00406dcf
                                                                                                                              0x00406db1
                                                                                                                              0x00406db4
                                                                                                                              0x00406db7
                                                                                                                              0x00406dba
                                                                                                                              0x00406dbc
                                                                                                                              0x00406dbc
                                                                                                                              0x00406dbc
                                                                                                                              0x00406dbf
                                                                                                                              0x00406dc2
                                                                                                                              0x00406dc4
                                                                                                                              0x00406dc5
                                                                                                                              0x00406dc8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406ffe
                                                                                                                              0x00407002
                                                                                                                              0x00407020
                                                                                                                              0x00407023
                                                                                                                              0x0040702a
                                                                                                                              0x0040702d
                                                                                                                              0x00407030
                                                                                                                              0x00407033
                                                                                                                              0x00407036
                                                                                                                              0x00407039
                                                                                                                              0x0040703b
                                                                                                                              0x00407042
                                                                                                                              0x00407043
                                                                                                                              0x00407045
                                                                                                                              0x00407048
                                                                                                                              0x0040704b
                                                                                                                              0x0040704e
                                                                                                                              0x0040704e
                                                                                                                              0x00407053
                                                                                                                              0x00000000
                                                                                                                              0x00407053
                                                                                                                              0x00407004
                                                                                                                              0x00407007
                                                                                                                              0x0040700a
                                                                                                                              0x00407014
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407068
                                                                                                                              0x0040706c
                                                                                                                              0x0040708f
                                                                                                                              0x00407092
                                                                                                                              0x00407095
                                                                                                                              0x0040709f
                                                                                                                              0x0040706e
                                                                                                                              0x0040706e
                                                                                                                              0x00407071
                                                                                                                              0x00407074
                                                                                                                              0x00407077
                                                                                                                              0x00407084
                                                                                                                              0x00407087
                                                                                                                              0x00407087
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004070ab
                                                                                                                              0x004070af
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004070b5
                                                                                                                              0x004070b9
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004070bf
                                                                                                                              0x004070c1
                                                                                                                              0x004070c5
                                                                                                                              0x004070c5
                                                                                                                              0x004070c8
                                                                                                                              0x004070cc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040711c
                                                                                                                              0x00407120
                                                                                                                              0x00407127
                                                                                                                              0x0040712a
                                                                                                                              0x0040712d
                                                                                                                              0x00407137
                                                                                                                              0x00000000
                                                                                                                              0x00407137
                                                                                                                              0x00407122
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407143
                                                                                                                              0x00407147
                                                                                                                              0x0040714e
                                                                                                                              0x00407151
                                                                                                                              0x00407154
                                                                                                                              0x00407149
                                                                                                                              0x00407149
                                                                                                                              0x00407149
                                                                                                                              0x00407157
                                                                                                                              0x0040715a
                                                                                                                              0x0040715d
                                                                                                                              0x0040715d
                                                                                                                              0x00407160
                                                                                                                              0x00407163
                                                                                                                              0x00407166
                                                                                                                              0x00407166
                                                                                                                              0x00407169
                                                                                                                              0x00407170
                                                                                                                              0x00407175
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407203
                                                                                                                              0x00407203
                                                                                                                              0x00407207
                                                                                                                              0x004075a5
                                                                                                                              0x00000000
                                                                                                                              0x004075a5
                                                                                                                              0x0040720d
                                                                                                                              0x00407210
                                                                                                                              0x00407213
                                                                                                                              0x00407217
                                                                                                                              0x0040721a
                                                                                                                              0x00407220
                                                                                                                              0x00407222
                                                                                                                              0x00407222
                                                                                                                              0x00407222
                                                                                                                              0x00407225
                                                                                                                              0x00407228
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406df8
                                                                                                                              0x00406df8
                                                                                                                              0x00406dfc
                                                                                                                              0x00407569
                                                                                                                              0x00000000
                                                                                                                              0x00407569
                                                                                                                              0x00406e02
                                                                                                                              0x00406e05
                                                                                                                              0x00406e08
                                                                                                                              0x00406e0c
                                                                                                                              0x00406e0f
                                                                                                                              0x00406e15
                                                                                                                              0x00406e17
                                                                                                                              0x00406e17
                                                                                                                              0x00406e17
                                                                                                                              0x00406e1a
                                                                                                                              0x00406e1d
                                                                                                                              0x00406e1d
                                                                                                                              0x00406e20
                                                                                                                              0x00406e23
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406e29
                                                                                                                              0x00406e2f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406e35
                                                                                                                              0x00406e35
                                                                                                                              0x00406e39
                                                                                                                              0x00406e3c
                                                                                                                              0x00406e3f
                                                                                                                              0x00406e42
                                                                                                                              0x00406e45
                                                                                                                              0x00406e46
                                                                                                                              0x00406e49
                                                                                                                              0x00406e4b
                                                                                                                              0x00406e51
                                                                                                                              0x00406e54
                                                                                                                              0x00406e57
                                                                                                                              0x00406e5a
                                                                                                                              0x00406e5d
                                                                                                                              0x00406e60
                                                                                                                              0x00406e63
                                                                                                                              0x00406e7f
                                                                                                                              0x00406e82
                                                                                                                              0x00406e85
                                                                                                                              0x00406e88
                                                                                                                              0x00406e8f
                                                                                                                              0x00406e93
                                                                                                                              0x00406e95
                                                                                                                              0x00406e99
                                                                                                                              0x00406e65
                                                                                                                              0x00406e65
                                                                                                                              0x00406e69
                                                                                                                              0x00406e71
                                                                                                                              0x00406e76
                                                                                                                              0x00406e78
                                                                                                                              0x00406e7a
                                                                                                                              0x00406e7a
                                                                                                                              0x00406e9c
                                                                                                                              0x00406ea3
                                                                                                                              0x00406ea6
                                                                                                                              0x00000000
                                                                                                                              0x00406eac
                                                                                                                              0x00000000
                                                                                                                              0x00406eac
                                                                                                                              0x00000000
                                                                                                                              0x00406eb1
                                                                                                                              0x00406eb1
                                                                                                                              0x00406eb5
                                                                                                                              0x00407575
                                                                                                                              0x00000000
                                                                                                                              0x00407575
                                                                                                                              0x00406ebb
                                                                                                                              0x00406ebe
                                                                                                                              0x00406ec1
                                                                                                                              0x00406ec5
                                                                                                                              0x00406ec8
                                                                                                                              0x00406ece
                                                                                                                              0x00406ed0
                                                                                                                              0x00406ed0
                                                                                                                              0x00406ed0
                                                                                                                              0x00406ed3
                                                                                                                              0x00406ed6
                                                                                                                              0x00406ed6
                                                                                                                              0x00406ed6
                                                                                                                              0x00406edc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406ede
                                                                                                                              0x00406ee1
                                                                                                                              0x00406ee4
                                                                                                                              0x00406ee7
                                                                                                                              0x00406eea
                                                                                                                              0x00406eed
                                                                                                                              0x00406ef0
                                                                                                                              0x00406ef3
                                                                                                                              0x00406ef6
                                                                                                                              0x00406ef9
                                                                                                                              0x00406efc
                                                                                                                              0x00406f14
                                                                                                                              0x00406f17
                                                                                                                              0x00406f1a
                                                                                                                              0x00406f1d
                                                                                                                              0x00406f1d
                                                                                                                              0x00406f20
                                                                                                                              0x00406f24
                                                                                                                              0x00406f26
                                                                                                                              0x00406efe
                                                                                                                              0x00406efe
                                                                                                                              0x00406f06
                                                                                                                              0x00406f0b
                                                                                                                              0x00406f0d
                                                                                                                              0x00406f0f
                                                                                                                              0x00406f0f
                                                                                                                              0x00406f29
                                                                                                                              0x00406f30
                                                                                                                              0x00406f33
                                                                                                                              0x00000000
                                                                                                                              0x00406f35
                                                                                                                              0x00000000
                                                                                                                              0x00406f35
                                                                                                                              0x00406f33
                                                                                                                              0x00406f3a
                                                                                                                              0x00406f3a
                                                                                                                              0x00406f3a
                                                                                                                              0x00406f3a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406f75
                                                                                                                              0x00406f75
                                                                                                                              0x00406f79
                                                                                                                              0x00407581
                                                                                                                              0x00000000
                                                                                                                              0x00407581
                                                                                                                              0x00406f7f
                                                                                                                              0x00406f82
                                                                                                                              0x00406f85
                                                                                                                              0x00406f89
                                                                                                                              0x00406f8c
                                                                                                                              0x00406f92
                                                                                                                              0x00406f94
                                                                                                                              0x00406f94
                                                                                                                              0x00406f94
                                                                                                                              0x00406f97
                                                                                                                              0x00406f9a
                                                                                                                              0x00406f9a
                                                                                                                              0x00406fa0
                                                                                                                              0x00406f3e
                                                                                                                              0x00406f3e
                                                                                                                              0x00406f41
                                                                                                                              0x00000000
                                                                                                                              0x00406f41
                                                                                                                              0x00406fa2
                                                                                                                              0x00406fa2
                                                                                                                              0x00406fa5
                                                                                                                              0x00406fa8
                                                                                                                              0x00406fab
                                                                                                                              0x00406fae
                                                                                                                              0x00406fb1
                                                                                                                              0x00406fb4
                                                                                                                              0x00406fb7
                                                                                                                              0x00406fba
                                                                                                                              0x00406fbd
                                                                                                                              0x00406fc0
                                                                                                                              0x00406fd8
                                                                                                                              0x00406fdb
                                                                                                                              0x00406fde
                                                                                                                              0x00406fe1
                                                                                                                              0x00406fe1
                                                                                                                              0x00406fe4
                                                                                                                              0x00406fe8
                                                                                                                              0x00406fea
                                                                                                                              0x00406fc2
                                                                                                                              0x00406fc2
                                                                                                                              0x00406fca
                                                                                                                              0x00406fcf
                                                                                                                              0x00406fd1
                                                                                                                              0x00406fd3
                                                                                                                              0x00406fd3
                                                                                                                              0x00406fed
                                                                                                                              0x00406ff4
                                                                                                                              0x00406ff7
                                                                                                                              0x00000000
                                                                                                                              0x00406ff9
                                                                                                                              0x00000000
                                                                                                                              0x00406ff9
                                                                                                                              0x00000000
                                                                                                                              0x00407286
                                                                                                                              0x00407286
                                                                                                                              0x0040728a
                                                                                                                              0x004075b1
                                                                                                                              0x00000000
                                                                                                                              0x004075b1
                                                                                                                              0x00407290
                                                                                                                              0x00407293
                                                                                                                              0x00407296
                                                                                                                              0x0040729a
                                                                                                                              0x0040729d
                                                                                                                              0x004072a3
                                                                                                                              0x004072a5
                                                                                                                              0x004072a5
                                                                                                                              0x004072a5
                                                                                                                              0x004072a8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407056
                                                                                                                              0x00407056
                                                                                                                              0x00407059
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407395
                                                                                                                              0x00407399
                                                                                                                              0x004073bb
                                                                                                                              0x004073be
                                                                                                                              0x004073c8
                                                                                                                              0x004073cb
                                                                                                                              0x004073cb
                                                                                                                              0x00000000
                                                                                                                              0x004073cb
                                                                                                                              0x0040739b
                                                                                                                              0x0040739e
                                                                                                                              0x004073a2
                                                                                                                              0x004073a5
                                                                                                                              0x004073a5
                                                                                                                              0x004073a8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407452
                                                                                                                              0x00407456
                                                                                                                              0x00407474
                                                                                                                              0x00407474
                                                                                                                              0x00407474
                                                                                                                              0x0040747b
                                                                                                                              0x00407482
                                                                                                                              0x00407489
                                                                                                                              0x00407489
                                                                                                                              0x00000000
                                                                                                                              0x00407489
                                                                                                                              0x00407458
                                                                                                                              0x0040745b
                                                                                                                              0x0040745e
                                                                                                                              0x00407461
                                                                                                                              0x00407468
                                                                                                                              0x004073ac
                                                                                                                              0x004073ac
                                                                                                                              0x004073af
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407543
                                                                                                                              0x00407546
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040717d
                                                                                                                              0x0040717f
                                                                                                                              0x00407186
                                                                                                                              0x00407187
                                                                                                                              0x00407189
                                                                                                                              0x0040718c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407194
                                                                                                                              0x00407197
                                                                                                                              0x0040719a
                                                                                                                              0x0040719c
                                                                                                                              0x0040719e
                                                                                                                              0x0040719e
                                                                                                                              0x0040719f
                                                                                                                              0x004071a2
                                                                                                                              0x004071a9
                                                                                                                              0x004071ac
                                                                                                                              0x004071ba
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407490
                                                                                                                              0x00407490
                                                                                                                              0x00407493
                                                                                                                              0x0040749a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040749f
                                                                                                                              0x0040749f
                                                                                                                              0x004074a3
                                                                                                                              0x004075db
                                                                                                                              0x00000000
                                                                                                                              0x004075db
                                                                                                                              0x004074a9
                                                                                                                              0x004074ac
                                                                                                                              0x004074af
                                                                                                                              0x004074b3
                                                                                                                              0x004074b6
                                                                                                                              0x004074bc
                                                                                                                              0x004074be
                                                                                                                              0x004074be
                                                                                                                              0x004074be
                                                                                                                              0x004074c1
                                                                                                                              0x004074c4
                                                                                                                              0x004074c4
                                                                                                                              0x004074c4
                                                                                                                              0x004074c4
                                                                                                                              0x004074c7
                                                                                                                              0x004074c7
                                                                                                                              0x004074cb
                                                                                                                              0x0040752b
                                                                                                                              0x0040752e
                                                                                                                              0x00407533
                                                                                                                              0x00407534
                                                                                                                              0x00407536
                                                                                                                              0x00407538
                                                                                                                              0x0040753b
                                                                                                                              0x00407447
                                                                                                                              0x00407447
                                                                                                                              0x00000000
                                                                                                                              0x00407447
                                                                                                                              0x004074cd
                                                                                                                              0x004074d3
                                                                                                                              0x004074d6
                                                                                                                              0x004074d9
                                                                                                                              0x004074dc
                                                                                                                              0x004074df
                                                                                                                              0x004074e2
                                                                                                                              0x004074e5
                                                                                                                              0x004074e8
                                                                                                                              0x004074eb
                                                                                                                              0x004074ee
                                                                                                                              0x00407507
                                                                                                                              0x0040750a
                                                                                                                              0x0040750d
                                                                                                                              0x00407510
                                                                                                                              0x00407514
                                                                                                                              0x00407516
                                                                                                                              0x00407516
                                                                                                                              0x00407517
                                                                                                                              0x0040751a
                                                                                                                              0x004074f0
                                                                                                                              0x004074f0
                                                                                                                              0x004074f8
                                                                                                                              0x004074fd
                                                                                                                              0x004074ff
                                                                                                                              0x00407502
                                                                                                                              0x00407502
                                                                                                                              0x0040751d
                                                                                                                              0x00407524
                                                                                                                              0x00000000
                                                                                                                              0x00407526
                                                                                                                              0x00000000
                                                                                                                              0x00407526
                                                                                                                              0x00000000
                                                                                                                              0x004071c2
                                                                                                                              0x004071c5
                                                                                                                              0x004071fb
                                                                                                                              0x0040732b
                                                                                                                              0x0040732b
                                                                                                                              0x0040732b
                                                                                                                              0x0040732b
                                                                                                                              0x0040732e
                                                                                                                              0x0040732e
                                                                                                                              0x00407331
                                                                                                                              0x00407333
                                                                                                                              0x004075bd
                                                                                                                              0x00000000
                                                                                                                              0x004075bd
                                                                                                                              0x00407339
                                                                                                                              0x0040733c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407342
                                                                                                                              0x00407346
                                                                                                                              0x00407349
                                                                                                                              0x00407349
                                                                                                                              0x00407349
                                                                                                                              0x00000000
                                                                                                                              0x00407349
                                                                                                                              0x004071c7
                                                                                                                              0x004071c9
                                                                                                                              0x004071cb
                                                                                                                              0x004071cd
                                                                                                                              0x004071d0
                                                                                                                              0x004071d1
                                                                                                                              0x004071d3
                                                                                                                              0x004071d5
                                                                                                                              0x004071d8
                                                                                                                              0x004071db
                                                                                                                              0x004071f1
                                                                                                                              0x004071f6
                                                                                                                              0x0040722e
                                                                                                                              0x0040722e
                                                                                                                              0x00407232
                                                                                                                              0x0040725e
                                                                                                                              0x00407260
                                                                                                                              0x00407267
                                                                                                                              0x0040726a
                                                                                                                              0x0040726d
                                                                                                                              0x0040726d
                                                                                                                              0x00407272
                                                                                                                              0x00407272
                                                                                                                              0x00407274
                                                                                                                              0x00407277
                                                                                                                              0x0040727e
                                                                                                                              0x00407281
                                                                                                                              0x004072ae
                                                                                                                              0x004072ae
                                                                                                                              0x004072b1
                                                                                                                              0x004072b4
                                                                                                                              0x00407328
                                                                                                                              0x00407328
                                                                                                                              0x00407328
                                                                                                                              0x00000000
                                                                                                                              0x00407328
                                                                                                                              0x004072b6
                                                                                                                              0x004072bc
                                                                                                                              0x004072bf
                                                                                                                              0x004072c2
                                                                                                                              0x004072c5
                                                                                                                              0x004072c8
                                                                                                                              0x004072cb
                                                                                                                              0x004072ce
                                                                                                                              0x004072d1
                                                                                                                              0x004072d4
                                                                                                                              0x004072d7
                                                                                                                              0x004072f0
                                                                                                                              0x004072f2
                                                                                                                              0x004072f5
                                                                                                                              0x004072f6
                                                                                                                              0x004072f9
                                                                                                                              0x004072fb
                                                                                                                              0x004072fe
                                                                                                                              0x00407300
                                                                                                                              0x00407302
                                                                                                                              0x00407305
                                                                                                                              0x00407307
                                                                                                                              0x0040730a
                                                                                                                              0x0040730e
                                                                                                                              0x00407310
                                                                                                                              0x00407310
                                                                                                                              0x00407311
                                                                                                                              0x00407314
                                                                                                                              0x00407317
                                                                                                                              0x004072d9
                                                                                                                              0x004072d9
                                                                                                                              0x004072e1
                                                                                                                              0x004072e6
                                                                                                                              0x004072e8
                                                                                                                              0x004072eb
                                                                                                                              0x004072eb
                                                                                                                              0x0040731a
                                                                                                                              0x00407321
                                                                                                                              0x004072ab
                                                                                                                              0x004072ab
                                                                                                                              0x004072ab
                                                                                                                              0x004072ab
                                                                                                                              0x00000000
                                                                                                                              0x00407323
                                                                                                                              0x00000000
                                                                                                                              0x00407323
                                                                                                                              0x00407321
                                                                                                                              0x00407234
                                                                                                                              0x00407237
                                                                                                                              0x00407239
                                                                                                                              0x0040723c
                                                                                                                              0x0040723f
                                                                                                                              0x00407242
                                                                                                                              0x00407244
                                                                                                                              0x00407247
                                                                                                                              0x0040724a
                                                                                                                              0x0040724a
                                                                                                                              0x0040724d
                                                                                                                              0x0040724d
                                                                                                                              0x00407250
                                                                                                                              0x00407257
                                                                                                                              0x0040722b
                                                                                                                              0x0040722b
                                                                                                                              0x0040722b
                                                                                                                              0x0040722b
                                                                                                                              0x00000000
                                                                                                                              0x00407259
                                                                                                                              0x00000000
                                                                                                                              0x00407259
                                                                                                                              0x00407257
                                                                                                                              0x004071dd
                                                                                                                              0x004071e0
                                                                                                                              0x004071e2
                                                                                                                              0x004071e5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406f44
                                                                                                                              0x00406f44
                                                                                                                              0x00406f48
                                                                                                                              0x0040758d
                                                                                                                              0x00000000
                                                                                                                              0x0040758d
                                                                                                                              0x00406f4e
                                                                                                                              0x00406f51
                                                                                                                              0x00406f54
                                                                                                                              0x00406f57
                                                                                                                              0x00406f5a
                                                                                                                              0x00406f5d
                                                                                                                              0x00406f60
                                                                                                                              0x00406f62
                                                                                                                              0x00406f65
                                                                                                                              0x00406f68
                                                                                                                              0x00406f6b
                                                                                                                              0x00406f6d
                                                                                                                              0x00406f6d
                                                                                                                              0x00406f6d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004070cf
                                                                                                                              0x004070cf
                                                                                                                              0x004070d3
                                                                                                                              0x00407599
                                                                                                                              0x00000000
                                                                                                                              0x00407599
                                                                                                                              0x004070d9
                                                                                                                              0x004070dc
                                                                                                                              0x004070df
                                                                                                                              0x004070e2
                                                                                                                              0x004070e4
                                                                                                                              0x004070e4
                                                                                                                              0x004070e4
                                                                                                                              0x004070e7
                                                                                                                              0x004070ea
                                                                                                                              0x004070ed
                                                                                                                              0x004070f0
                                                                                                                              0x004070f3
                                                                                                                              0x004070f6
                                                                                                                              0x004070f7
                                                                                                                              0x004070f9
                                                                                                                              0x004070f9
                                                                                                                              0x004070f9
                                                                                                                              0x004070fc
                                                                                                                              0x004070ff
                                                                                                                              0x00407102
                                                                                                                              0x00407105
                                                                                                                              0x00407105
                                                                                                                              0x00407105
                                                                                                                              0x00407108
                                                                                                                              0x0040710a
                                                                                                                              0x0040710a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040734c
                                                                                                                              0x0040734c
                                                                                                                              0x0040734c
                                                                                                                              0x00407350
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407356
                                                                                                                              0x00407359
                                                                                                                              0x0040735c
                                                                                                                              0x0040735f
                                                                                                                              0x00407361
                                                                                                                              0x00407361
                                                                                                                              0x00407361
                                                                                                                              0x00407364
                                                                                                                              0x00407367
                                                                                                                              0x0040736a
                                                                                                                              0x0040736d
                                                                                                                              0x00407370
                                                                                                                              0x00407373
                                                                                                                              0x00407374
                                                                                                                              0x00407376
                                                                                                                              0x00407376
                                                                                                                              0x00407376
                                                                                                                              0x00407379
                                                                                                                              0x0040737c
                                                                                                                              0x0040737f
                                                                                                                              0x00407382
                                                                                                                              0x00407385
                                                                                                                              0x00407389
                                                                                                                              0x0040738b
                                                                                                                              0x0040738e
                                                                                                                              0x00000000
                                                                                                                              0x00407390
                                                                                                                              0x0040710d
                                                                                                                              0x0040710d
                                                                                                                              0x00000000
                                                                                                                              0x0040710d
                                                                                                                              0x0040738e
                                                                                                                              0x004075c3
                                                                                                                              0x004075e5
                                                                                                                              0x004075eb
                                                                                                                              0x004075ed
                                                                                                                              0x004075f4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406bf2
                                                                                                                              0x004075fa
                                                                                                                              0x004075fa
                                                                                                                              0x00000000

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 42fe04b556333c9da529a864bcd0db0a91825228453d2ef5331aa29539740558
                                                                                                                              • Instruction ID: 41bbaa2e3590000dceee7c9791d291245bc26db239967492cd44d063337b5de0
                                                                                                                              • Opcode Fuzzy Hash: 42fe04b556333c9da529a864bcd0db0a91825228453d2ef5331aa29539740558
                                                                                                                              • Instruction Fuzzy Hash: 3E814831D08228DBEF28CFA8C8447ADBBB1FF44305F14816AD856B7281D778A986DF45
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00406FFE Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 98%
                                                                                                                              			E00406FFE() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M00407602))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8));
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                                                                                                              0x00000000
                                                                                                                              0x00406ffe
                                                                                                                              0x00406ffe
                                                                                                                              0x00407002
                                                                                                                              0x00407023
                                                                                                                              0x0040702a
                                                                                                                              0x00407030
                                                                                                                              0x00407036
                                                                                                                              0x00407048
                                                                                                                              0x0040704e
                                                                                                                              0x00407053
                                                                                                                              0x00000000
                                                                                                                              0x00407004
                                                                                                                              0x0040700a
                                                                                                                              0x004073cb
                                                                                                                              0x004073cb
                                                                                                                              0x004073cb
                                                                                                                              0x004073ce
                                                                                                                              0x004073ce
                                                                                                                              0x004073ce
                                                                                                                              0x004073d4
                                                                                                                              0x004073da
                                                                                                                              0x004073e0
                                                                                                                              0x004073fa
                                                                                                                              0x004073fd
                                                                                                                              0x00407403
                                                                                                                              0x0040740e
                                                                                                                              0x00407410
                                                                                                                              0x004073e2
                                                                                                                              0x004073e2
                                                                                                                              0x004073f1
                                                                                                                              0x004073f5
                                                                                                                              0x004073f5
                                                                                                                              0x0040741a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040741c
                                                                                                                              0x00407420
                                                                                                                              0x004075cf
                                                                                                                              0x004075e5
                                                                                                                              0x004075ed
                                                                                                                              0x004075f4
                                                                                                                              0x004075f6
                                                                                                                              0x004075fd
                                                                                                                              0x00407601
                                                                                                                              0x00407601
                                                                                                                              0x0040742c
                                                                                                                              0x00407433
                                                                                                                              0x0040743b
                                                                                                                              0x0040743e
                                                                                                                              0x00407441
                                                                                                                              0x00407441
                                                                                                                              0x00407447
                                                                                                                              0x00407447
                                                                                                                              0x00406be3
                                                                                                                              0x00406be3
                                                                                                                              0x00406be3
                                                                                                                              0x00406bec
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406bf2
                                                                                                                              0x00000000
                                                                                                                              0x00406bfd
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406c06
                                                                                                                              0x00406c09
                                                                                                                              0x00406c0c
                                                                                                                              0x00406c10
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406c16
                                                                                                                              0x00406c19
                                                                                                                              0x00406c1b
                                                                                                                              0x00406c1c
                                                                                                                              0x00406c1f
                                                                                                                              0x00406c21
                                                                                                                              0x00406c22
                                                                                                                              0x00406c24
                                                                                                                              0x00406c27
                                                                                                                              0x00406c2c
                                                                                                                              0x00406c31
                                                                                                                              0x00406c3a
                                                                                                                              0x00406c4d
                                                                                                                              0x00406c50
                                                                                                                              0x00406c5c
                                                                                                                              0x00406c84
                                                                                                                              0x00406c86
                                                                                                                              0x00406c94
                                                                                                                              0x00406c94
                                                                                                                              0x00406c98
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406c88
                                                                                                                              0x00406c88
                                                                                                                              0x00406c8b
                                                                                                                              0x00406c8c
                                                                                                                              0x00406c8c
                                                                                                                              0x00000000
                                                                                                                              0x00406c88
                                                                                                                              0x00406c62
                                                                                                                              0x00406c67
                                                                                                                              0x00406c67
                                                                                                                              0x00406c70
                                                                                                                              0x00406c78
                                                                                                                              0x00406c7b
                                                                                                                              0x00000000
                                                                                                                              0x00406c81
                                                                                                                              0x00406c81
                                                                                                                              0x00000000
                                                                                                                              0x00406c81
                                                                                                                              0x00000000
                                                                                                                              0x00406c9e
                                                                                                                              0x00406c9e
                                                                                                                              0x00406ca2
                                                                                                                              0x0040754e
                                                                                                                              0x00000000
                                                                                                                              0x0040754e
                                                                                                                              0x00406cab
                                                                                                                              0x00406cbb
                                                                                                                              0x00406cbe
                                                                                                                              0x00406cc1
                                                                                                                              0x00406cc1
                                                                                                                              0x00406cc1
                                                                                                                              0x00406cc4
                                                                                                                              0x00406cc8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406cca
                                                                                                                              0x00406cd0
                                                                                                                              0x00406cfa
                                                                                                                              0x00406d00
                                                                                                                              0x00406d07
                                                                                                                              0x00000000
                                                                                                                              0x00406d07
                                                                                                                              0x00406cd6
                                                                                                                              0x00406cd9
                                                                                                                              0x00406cde
                                                                                                                              0x00406cde
                                                                                                                              0x00406ce9
                                                                                                                              0x00406cf1
                                                                                                                              0x00406cf4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406d39
                                                                                                                              0x00406d3f
                                                                                                                              0x00406d42
                                                                                                                              0x00406d4f
                                                                                                                              0x00406d57
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406d0e
                                                                                                                              0x00406d0e
                                                                                                                              0x00406d12
                                                                                                                              0x0040755d
                                                                                                                              0x00000000
                                                                                                                              0x0040755d
                                                                                                                              0x00406d1e
                                                                                                                              0x00406d29
                                                                                                                              0x00406d29
                                                                                                                              0x00406d29
                                                                                                                              0x00406d2c
                                                                                                                              0x00406d2f
                                                                                                                              0x00406d32
                                                                                                                              0x00406d37
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004073ce
                                                                                                                              0x004073ce
                                                                                                                              0x004073d4
                                                                                                                              0x004073da
                                                                                                                              0x004073e0
                                                                                                                              0x004073fa
                                                                                                                              0x004073fd
                                                                                                                              0x00407403
                                                                                                                              0x0040740e
                                                                                                                              0x00407410
                                                                                                                              0x004073e2
                                                                                                                              0x004073e2
                                                                                                                              0x004073f1
                                                                                                                              0x004073f5
                                                                                                                              0x004073f5
                                                                                                                              0x0040741a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406d5f
                                                                                                                              0x00406d61
                                                                                                                              0x00406d64
                                                                                                                              0x00406dd5
                                                                                                                              0x00406dd8
                                                                                                                              0x00406ddb
                                                                                                                              0x00406de2
                                                                                                                              0x00406dec
                                                                                                                              0x004073cb
                                                                                                                              0x004073cb
                                                                                                                              0x00000000
                                                                                                                              0x004073cb
                                                                                                                              0x00406d66
                                                                                                                              0x00406d6a
                                                                                                                              0x00406d6d
                                                                                                                              0x00406d6f
                                                                                                                              0x00406d72
                                                                                                                              0x00406d75
                                                                                                                              0x00406d77
                                                                                                                              0x00406d7a
                                                                                                                              0x00406d7c
                                                                                                                              0x00406d81
                                                                                                                              0x00406d84
                                                                                                                              0x00406d87
                                                                                                                              0x00406d8b
                                                                                                                              0x00406d92
                                                                                                                              0x00406d95
                                                                                                                              0x00406d9c
                                                                                                                              0x00406da0
                                                                                                                              0x00406da8
                                                                                                                              0x00406da8
                                                                                                                              0x00406da8
                                                                                                                              0x00406da2
                                                                                                                              0x00406da2
                                                                                                                              0x00406da2
                                                                                                                              0x00406d97
                                                                                                                              0x00406d97
                                                                                                                              0x00406d97
                                                                                                                              0x00406dac
                                                                                                                              0x00406daf
                                                                                                                              0x00406dcd
                                                                                                                              0x00406dcf
                                                                                                                              0x00000000
                                                                                                                              0x00406db1
                                                                                                                              0x00406db1
                                                                                                                              0x00406db4
                                                                                                                              0x00406db7
                                                                                                                              0x00406dba
                                                                                                                              0x00406dbc
                                                                                                                              0x00406dbc
                                                                                                                              0x00406dbc
                                                                                                                              0x00406dbf
                                                                                                                              0x00406dc2
                                                                                                                              0x00406dc4
                                                                                                                              0x00406dc5
                                                                                                                              0x00406dc8
                                                                                                                              0x00000000
                                                                                                                              0x00406dc8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407068
                                                                                                                              0x0040706c
                                                                                                                              0x0040708f
                                                                                                                              0x00407092
                                                                                                                              0x00407095
                                                                                                                              0x0040709f
                                                                                                                              0x0040706e
                                                                                                                              0x0040706e
                                                                                                                              0x00407071
                                                                                                                              0x00407074
                                                                                                                              0x00407077
                                                                                                                              0x00407084
                                                                                                                              0x00407087
                                                                                                                              0x00407087
                                                                                                                              0x004073cb
                                                                                                                              0x004073cb
                                                                                                                              0x004073cb
                                                                                                                              0x00000000
                                                                                                                              0x004073cb
                                                                                                                              0x00000000
                                                                                                                              0x004070ab
                                                                                                                              0x004070af
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004070b5
                                                                                                                              0x004070b9
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004070bf
                                                                                                                              0x004070c1
                                                                                                                              0x004070c5
                                                                                                                              0x004070c5
                                                                                                                              0x004070c8
                                                                                                                              0x004070cc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040711c
                                                                                                                              0x00407120
                                                                                                                              0x00407127
                                                                                                                              0x0040712a
                                                                                                                              0x0040712d
                                                                                                                              0x00407137
                                                                                                                              0x004073cb
                                                                                                                              0x004073cb
                                                                                                                              0x004073cb
                                                                                                                              0x00000000
                                                                                                                              0x004073cb
                                                                                                                              0x004073cb
                                                                                                                              0x00407122
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407143
                                                                                                                              0x00407147
                                                                                                                              0x0040714e
                                                                                                                              0x00407151
                                                                                                                              0x00407154
                                                                                                                              0x00407149
                                                                                                                              0x00407149
                                                                                                                              0x00407149
                                                                                                                              0x00407157
                                                                                                                              0x0040715a
                                                                                                                              0x0040715d
                                                                                                                              0x0040715d
                                                                                                                              0x00407160
                                                                                                                              0x00407163
                                                                                                                              0x00407166
                                                                                                                              0x00407166
                                                                                                                              0x00407169
                                                                                                                              0x00407170
                                                                                                                              0x00407175
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407203
                                                                                                                              0x00407203
                                                                                                                              0x00407207
                                                                                                                              0x004075a5
                                                                                                                              0x00000000
                                                                                                                              0x004075a5
                                                                                                                              0x0040720d
                                                                                                                              0x00407210
                                                                                                                              0x00407213
                                                                                                                              0x00407217
                                                                                                                              0x0040721a
                                                                                                                              0x00407220
                                                                                                                              0x00407222
                                                                                                                              0x00407222
                                                                                                                              0x00407222
                                                                                                                              0x00407225
                                                                                                                              0x00407228
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406df8
                                                                                                                              0x00406df8
                                                                                                                              0x00406dfc
                                                                                                                              0x00407569
                                                                                                                              0x00000000
                                                                                                                              0x00407569
                                                                                                                              0x00406e02
                                                                                                                              0x00406e05
                                                                                                                              0x00406e08
                                                                                                                              0x00406e0c
                                                                                                                              0x00406e0f
                                                                                                                              0x00406e15
                                                                                                                              0x00406e17
                                                                                                                              0x00406e17
                                                                                                                              0x00406e17
                                                                                                                              0x00406e1a
                                                                                                                              0x00406e1d
                                                                                                                              0x00406e1d
                                                                                                                              0x00406e20
                                                                                                                              0x00406e23
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406e29
                                                                                                                              0x00406e2f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406e35
                                                                                                                              0x00406e35
                                                                                                                              0x00406e39
                                                                                                                              0x00406e3c
                                                                                                                              0x00406e3f
                                                                                                                              0x00406e42
                                                                                                                              0x00406e45
                                                                                                                              0x00406e46
                                                                                                                              0x00406e49
                                                                                                                              0x00406e4b
                                                                                                                              0x00406e51
                                                                                                                              0x00406e54
                                                                                                                              0x00406e57
                                                                                                                              0x00406e5a
                                                                                                                              0x00406e5d
                                                                                                                              0x00406e60
                                                                                                                              0x00406e63
                                                                                                                              0x00406e7f
                                                                                                                              0x00406e82
                                                                                                                              0x00406e85
                                                                                                                              0x00406e88
                                                                                                                              0x00406e8f
                                                                                                                              0x00406e93
                                                                                                                              0x00406e95
                                                                                                                              0x00406e99
                                                                                                                              0x00406e65
                                                                                                                              0x00406e65
                                                                                                                              0x00406e69
                                                                                                                              0x00406e71
                                                                                                                              0x00406e76
                                                                                                                              0x00406e78
                                                                                                                              0x00406e7a
                                                                                                                              0x00406e7a
                                                                                                                              0x00406e9c
                                                                                                                              0x00406ea3
                                                                                                                              0x00406ea6
                                                                                                                              0x00000000
                                                                                                                              0x00406eac
                                                                                                                              0x00000000
                                                                                                                              0x00406eac
                                                                                                                              0x00000000
                                                                                                                              0x00406eb1
                                                                                                                              0x00406eb1
                                                                                                                              0x00406eb5
                                                                                                                              0x00407575
                                                                                                                              0x00000000
                                                                                                                              0x00407575
                                                                                                                              0x00406ebb
                                                                                                                              0x00406ebe
                                                                                                                              0x00406ec1
                                                                                                                              0x00406ec5
                                                                                                                              0x00406ec8
                                                                                                                              0x00406ece
                                                                                                                              0x00406ed0
                                                                                                                              0x00406ed0
                                                                                                                              0x00406ed0
                                                                                                                              0x00406ed3
                                                                                                                              0x00406ed6
                                                                                                                              0x00406ed6
                                                                                                                              0x00406ed6
                                                                                                                              0x00406edc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406ede
                                                                                                                              0x00406ee1
                                                                                                                              0x00406ee4
                                                                                                                              0x00406ee7
                                                                                                                              0x00406eea
                                                                                                                              0x00406eed
                                                                                                                              0x00406ef0
                                                                                                                              0x00406ef3
                                                                                                                              0x00406ef6
                                                                                                                              0x00406ef9
                                                                                                                              0x00406efc
                                                                                                                              0x00406f14
                                                                                                                              0x00406f17
                                                                                                                              0x00406f1a
                                                                                                                              0x00406f1d
                                                                                                                              0x00406f1d
                                                                                                                              0x00406f20
                                                                                                                              0x00406f24
                                                                                                                              0x00406f26
                                                                                                                              0x00406efe
                                                                                                                              0x00406efe
                                                                                                                              0x00406f06
                                                                                                                              0x00406f0b
                                                                                                                              0x00406f0d
                                                                                                                              0x00406f0f
                                                                                                                              0x00406f0f
                                                                                                                              0x00406f29
                                                                                                                              0x00406f30
                                                                                                                              0x00406f33
                                                                                                                              0x00000000
                                                                                                                              0x00406f35
                                                                                                                              0x00000000
                                                                                                                              0x00406f35
                                                                                                                              0x00406f33
                                                                                                                              0x00406f3a
                                                                                                                              0x00406f3a
                                                                                                                              0x00406f3a
                                                                                                                              0x00406f3a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406f75
                                                                                                                              0x00406f75
                                                                                                                              0x00406f79
                                                                                                                              0x00407581
                                                                                                                              0x00000000
                                                                                                                              0x00407581
                                                                                                                              0x00406f7f
                                                                                                                              0x00406f82
                                                                                                                              0x00406f85
                                                                                                                              0x00406f89
                                                                                                                              0x00406f8c
                                                                                                                              0x00406f92
                                                                                                                              0x00406f94
                                                                                                                              0x00406f94
                                                                                                                              0x00406f94
                                                                                                                              0x00406f97
                                                                                                                              0x00406f9a
                                                                                                                              0x00406f9a
                                                                                                                              0x00406fa0
                                                                                                                              0x00406f3e
                                                                                                                              0x00406f3e
                                                                                                                              0x00406f41
                                                                                                                              0x00000000
                                                                                                                              0x00406f41
                                                                                                                              0x00406fa2
                                                                                                                              0x00406fa2
                                                                                                                              0x00406fa5
                                                                                                                              0x00406fa8
                                                                                                                              0x00406fab
                                                                                                                              0x00406fae
                                                                                                                              0x00406fb1
                                                                                                                              0x00406fb4
                                                                                                                              0x00406fb7
                                                                                                                              0x00406fba
                                                                                                                              0x00406fbd
                                                                                                                              0x00406fc0
                                                                                                                              0x00406fd8
                                                                                                                              0x00406fdb
                                                                                                                              0x00406fde
                                                                                                                              0x00406fe1
                                                                                                                              0x00406fe1
                                                                                                                              0x00406fe4
                                                                                                                              0x00406fe8
                                                                                                                              0x00406fea
                                                                                                                              0x00406fc2
                                                                                                                              0x00406fc2
                                                                                                                              0x00406fca
                                                                                                                              0x00406fcf
                                                                                                                              0x00406fd1
                                                                                                                              0x00406fd3
                                                                                                                              0x00406fd3
                                                                                                                              0x00406fed
                                                                                                                              0x00406ff4
                                                                                                                              0x00406ff7
                                                                                                                              0x00000000
                                                                                                                              0x00406ff9
                                                                                                                              0x00000000
                                                                                                                              0x00406ff9
                                                                                                                              0x00000000
                                                                                                                              0x00407286
                                                                                                                              0x00407286
                                                                                                                              0x0040728a
                                                                                                                              0x004075b1
                                                                                                                              0x00000000
                                                                                                                              0x004075b1
                                                                                                                              0x00407290
                                                                                                                              0x00407293
                                                                                                                              0x00407296
                                                                                                                              0x0040729a
                                                                                                                              0x0040729d
                                                                                                                              0x004072a3
                                                                                                                              0x004072a5
                                                                                                                              0x004072a5
                                                                                                                              0x004072a5
                                                                                                                              0x004072a8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407056
                                                                                                                              0x00407056
                                                                                                                              0x00407059
                                                                                                                              0x004073cb
                                                                                                                              0x004073cb
                                                                                                                              0x004073cb
                                                                                                                              0x00000000
                                                                                                                              0x004073cb
                                                                                                                              0x00000000
                                                                                                                              0x00407395
                                                                                                                              0x00407399
                                                                                                                              0x004073bb
                                                                                                                              0x004073be
                                                                                                                              0x004073c8
                                                                                                                              0x004073cb
                                                                                                                              0x004073cb
                                                                                                                              0x004073cb
                                                                                                                              0x00000000
                                                                                                                              0x004073cb
                                                                                                                              0x004073cb
                                                                                                                              0x0040739b
                                                                                                                              0x0040739e
                                                                                                                              0x004073a2
                                                                                                                              0x004073a5
                                                                                                                              0x004073a5
                                                                                                                              0x004073a8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407452
                                                                                                                              0x00407456
                                                                                                                              0x00407474
                                                                                                                              0x00407474
                                                                                                                              0x00407474
                                                                                                                              0x0040747b
                                                                                                                              0x00407482
                                                                                                                              0x00407489
                                                                                                                              0x00407489
                                                                                                                              0x00000000
                                                                                                                              0x00407489
                                                                                                                              0x00407458
                                                                                                                              0x0040745b
                                                                                                                              0x0040745e
                                                                                                                              0x00407461
                                                                                                                              0x00407468
                                                                                                                              0x004073ac
                                                                                                                              0x004073ac
                                                                                                                              0x004073af
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407543
                                                                                                                              0x00407546
                                                                                                                              0x00407447
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040717d
                                                                                                                              0x0040717f
                                                                                                                              0x00407186
                                                                                                                              0x00407187
                                                                                                                              0x00407189
                                                                                                                              0x0040718c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407194
                                                                                                                              0x00407197
                                                                                                                              0x0040719a
                                                                                                                              0x0040719c
                                                                                                                              0x0040719e
                                                                                                                              0x0040719e
                                                                                                                              0x0040719f
                                                                                                                              0x004071a2
                                                                                                                              0x004071a9
                                                                                                                              0x004071ac
                                                                                                                              0x004071ba
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407490
                                                                                                                              0x00407490
                                                                                                                              0x00407493
                                                                                                                              0x0040749a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040749f
                                                                                                                              0x0040749f
                                                                                                                              0x004074a3
                                                                                                                              0x004075db
                                                                                                                              0x00000000
                                                                                                                              0x004075db
                                                                                                                              0x004074a9
                                                                                                                              0x004074ac
                                                                                                                              0x004074af
                                                                                                                              0x004074b3
                                                                                                                              0x004074b6
                                                                                                                              0x004074bc
                                                                                                                              0x004074be
                                                                                                                              0x004074be
                                                                                                                              0x004074be
                                                                                                                              0x004074c1
                                                                                                                              0x004074c4
                                                                                                                              0x004074c4
                                                                                                                              0x004074c4
                                                                                                                              0x004074c4
                                                                                                                              0x004074c7
                                                                                                                              0x004074c7
                                                                                                                              0x004074cb
                                                                                                                              0x0040752b
                                                                                                                              0x0040752e
                                                                                                                              0x00407533
                                                                                                                              0x00407534
                                                                                                                              0x00407536
                                                                                                                              0x00407538
                                                                                                                              0x0040753b
                                                                                                                              0x00407447
                                                                                                                              0x00407447
                                                                                                                              0x00000000
                                                                                                                              0x0040744d
                                                                                                                              0x00407447
                                                                                                                              0x004074cd
                                                                                                                              0x004074d3
                                                                                                                              0x004074d6
                                                                                                                              0x004074d9
                                                                                                                              0x004074dc
                                                                                                                              0x004074df
                                                                                                                              0x004074e2
                                                                                                                              0x004074e5
                                                                                                                              0x004074e8
                                                                                                                              0x004074eb
                                                                                                                              0x004074ee
                                                                                                                              0x00407507
                                                                                                                              0x0040750a
                                                                                                                              0x0040750d
                                                                                                                              0x00407510
                                                                                                                              0x00407514
                                                                                                                              0x00407516
                                                                                                                              0x00407516
                                                                                                                              0x00407517
                                                                                                                              0x0040751a
                                                                                                                              0x004074f0
                                                                                                                              0x004074f0
                                                                                                                              0x004074f8
                                                                                                                              0x004074fd
                                                                                                                              0x004074ff
                                                                                                                              0x00407502
                                                                                                                              0x00407502
                                                                                                                              0x0040751d
                                                                                                                              0x00407524
                                                                                                                              0x00000000
                                                                                                                              0x00407526
                                                                                                                              0x00000000
                                                                                                                              0x00407526
                                                                                                                              0x00000000
                                                                                                                              0x004071c2
                                                                                                                              0x004071c5
                                                                                                                              0x004071fb
                                                                                                                              0x0040732b
                                                                                                                              0x0040732b
                                                                                                                              0x0040732b
                                                                                                                              0x0040732b
                                                                                                                              0x0040732e
                                                                                                                              0x0040732e
                                                                                                                              0x00407331
                                                                                                                              0x00407333
                                                                                                                              0x004075bd
                                                                                                                              0x00000000
                                                                                                                              0x004075bd
                                                                                                                              0x00407339
                                                                                                                              0x0040733c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407342
                                                                                                                              0x00407346
                                                                                                                              0x00407349
                                                                                                                              0x00407349
                                                                                                                              0x00407349
                                                                                                                              0x00000000
                                                                                                                              0x00407349
                                                                                                                              0x004071c7
                                                                                                                              0x004071c9
                                                                                                                              0x004071cb
                                                                                                                              0x004071cd
                                                                                                                              0x004071d0
                                                                                                                              0x004071d1
                                                                                                                              0x004071d3
                                                                                                                              0x004071d5
                                                                                                                              0x004071d8
                                                                                                                              0x004071db
                                                                                                                              0x004071f1
                                                                                                                              0x004071f6
                                                                                                                              0x0040722e
                                                                                                                              0x0040722e
                                                                                                                              0x00407232
                                                                                                                              0x0040725e
                                                                                                                              0x00407260
                                                                                                                              0x00407267
                                                                                                                              0x0040726a
                                                                                                                              0x0040726d
                                                                                                                              0x0040726d
                                                                                                                              0x00407272
                                                                                                                              0x00407272
                                                                                                                              0x00407274
                                                                                                                              0x00407277
                                                                                                                              0x0040727e
                                                                                                                              0x00407281
                                                                                                                              0x004072ae
                                                                                                                              0x004072ae
                                                                                                                              0x004072b1
                                                                                                                              0x004072b4
                                                                                                                              0x00407328
                                                                                                                              0x00407328
                                                                                                                              0x00407328
                                                                                                                              0x00000000
                                                                                                                              0x00407328
                                                                                                                              0x004072b6
                                                                                                                              0x004072bc
                                                                                                                              0x004072bf
                                                                                                                              0x004072c2
                                                                                                                              0x004072c5
                                                                                                                              0x004072c8
                                                                                                                              0x004072cb
                                                                                                                              0x004072ce
                                                                                                                              0x004072d1
                                                                                                                              0x004072d4
                                                                                                                              0x004072d7
                                                                                                                              0x004072f0
                                                                                                                              0x004072f2
                                                                                                                              0x004072f5
                                                                                                                              0x004072f6
                                                                                                                              0x004072f9
                                                                                                                              0x004072fb
                                                                                                                              0x004072fe
                                                                                                                              0x00407300
                                                                                                                              0x00407302
                                                                                                                              0x00407305
                                                                                                                              0x00407307
                                                                                                                              0x0040730a
                                                                                                                              0x0040730e
                                                                                                                              0x00407310
                                                                                                                              0x00407310
                                                                                                                              0x00407311
                                                                                                                              0x00407314
                                                                                                                              0x00407317
                                                                                                                              0x004072d9
                                                                                                                              0x004072d9
                                                                                                                              0x004072e1
                                                                                                                              0x004072e6
                                                                                                                              0x004072e8
                                                                                                                              0x004072eb
                                                                                                                              0x004072eb
                                                                                                                              0x0040731a
                                                                                                                              0x00407321
                                                                                                                              0x004072ab
                                                                                                                              0x004072ab
                                                                                                                              0x004072ab
                                                                                                                              0x004072ab
                                                                                                                              0x00000000
                                                                                                                              0x00407323
                                                                                                                              0x00000000
                                                                                                                              0x00407323
                                                                                                                              0x00407321
                                                                                                                              0x00407234
                                                                                                                              0x00407237
                                                                                                                              0x00407239
                                                                                                                              0x0040723c
                                                                                                                              0x0040723f
                                                                                                                              0x00407242
                                                                                                                              0x00407244
                                                                                                                              0x00407247
                                                                                                                              0x0040724a
                                                                                                                              0x0040724a
                                                                                                                              0x0040724d
                                                                                                                              0x0040724d
                                                                                                                              0x00407250
                                                                                                                              0x00407257
                                                                                                                              0x0040722b
                                                                                                                              0x0040722b
                                                                                                                              0x0040722b
                                                                                                                              0x0040722b
                                                                                                                              0x00000000
                                                                                                                              0x00407259
                                                                                                                              0x00000000
                                                                                                                              0x00407259
                                                                                                                              0x00407257
                                                                                                                              0x004071dd
                                                                                                                              0x004071e0
                                                                                                                              0x004071e2
                                                                                                                              0x004071e5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406f44
                                                                                                                              0x00406f44
                                                                                                                              0x00406f48
                                                                                                                              0x0040758d
                                                                                                                              0x00000000
                                                                                                                              0x0040758d
                                                                                                                              0x00406f4e
                                                                                                                              0x00406f51
                                                                                                                              0x00406f54
                                                                                                                              0x00406f57
                                                                                                                              0x00406f5a
                                                                                                                              0x00406f5d
                                                                                                                              0x00406f60
                                                                                                                              0x00406f62
                                                                                                                              0x00406f65
                                                                                                                              0x00406f68
                                                                                                                              0x00406f6b
                                                                                                                              0x00406f6d
                                                                                                                              0x00406f6d
                                                                                                                              0x00406f6d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004070cf
                                                                                                                              0x004070cf
                                                                                                                              0x004070d3
                                                                                                                              0x00407599
                                                                                                                              0x00000000
                                                                                                                              0x00407599
                                                                                                                              0x004070d9
                                                                                                                              0x004070dc
                                                                                                                              0x004070df
                                                                                                                              0x004070e2
                                                                                                                              0x004070e4
                                                                                                                              0x004070e4
                                                                                                                              0x004070e4
                                                                                                                              0x004070e7
                                                                                                                              0x004070ea
                                                                                                                              0x004070ed
                                                                                                                              0x004070f0
                                                                                                                              0x004070f3
                                                                                                                              0x004070f6
                                                                                                                              0x004070f7
                                                                                                                              0x004070f9
                                                                                                                              0x004070f9
                                                                                                                              0x004070f9
                                                                                                                              0x004070fc
                                                                                                                              0x004070ff
                                                                                                                              0x00407102
                                                                                                                              0x00407105
                                                                                                                              0x00407105
                                                                                                                              0x00407105
                                                                                                                              0x00407108
                                                                                                                              0x0040710a
                                                                                                                              0x0040710a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040734c
                                                                                                                              0x0040734c
                                                                                                                              0x0040734c
                                                                                                                              0x00407350
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407356
                                                                                                                              0x00407359
                                                                                                                              0x0040735c
                                                                                                                              0x0040735f
                                                                                                                              0x00407361
                                                                                                                              0x00407361
                                                                                                                              0x00407361
                                                                                                                              0x00407364
                                                                                                                              0x00407367
                                                                                                                              0x0040736a
                                                                                                                              0x0040736d
                                                                                                                              0x00407370
                                                                                                                              0x00407373
                                                                                                                              0x00407374
                                                                                                                              0x00407376
                                                                                                                              0x00407376
                                                                                                                              0x00407376
                                                                                                                              0x00407379
                                                                                                                              0x0040737c
                                                                                                                              0x0040737f
                                                                                                                              0x00407382
                                                                                                                              0x00407385
                                                                                                                              0x00407389
                                                                                                                              0x0040738b
                                                                                                                              0x0040738e
                                                                                                                              0x00000000
                                                                                                                              0x00407390
                                                                                                                              0x0040710d
                                                                                                                              0x0040710d
                                                                                                                              0x00000000
                                                                                                                              0x0040710d
                                                                                                                              0x0040738e
                                                                                                                              0x004075c3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406bf2
                                                                                                                              0x004075fa
                                                                                                                              0x004075fa
                                                                                                                              0x00000000
                                                                                                                              0x004075fa
                                                                                                                              0x00407447
                                                                                                                              0x004073ce
                                                                                                                              0x004073cb
                                                                                                                              0x00000000
                                                                                                                              0x00407002

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7ccf24f4e081119859c9f0e48baaaa1d38e3934f3a3b1d8a87677b84cb71901f
                                                                                                                              • Instruction ID: 4a3513360c1d1cc4287bdabe5afcaa460628bed3c0d7ae87261646ca99be8a9f
                                                                                                                              • Opcode Fuzzy Hash: 7ccf24f4e081119859c9f0e48baaaa1d38e3934f3a3b1d8a87677b84cb71901f
                                                                                                                              • Instruction Fuzzy Hash: 0D711271D04228DBEF28CF98C9947ADBBF1FB44305F14806AD856B7280D738A986DF05
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040711C Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 98%
                                                                                                                              			E0040711C() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8));
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                                                                                                              0x00000000
                                                                                                                              0x0040711c
                                                                                                                              0x0040711c
                                                                                                                              0x00407120
                                                                                                                              0x0040712d
                                                                                                                              0x00407137
                                                                                                                              0x00000000
                                                                                                                              0x00407122
                                                                                                                              0x00407122
                                                                                                                              0x0040715d
                                                                                                                              0x00407160
                                                                                                                              0x00407163
                                                                                                                              0x00407166
                                                                                                                              0x00407166
                                                                                                                              0x00407169
                                                                                                                              0x00407170
                                                                                                                              0x00407175
                                                                                                                              0x00407056
                                                                                                                              0x00407059
                                                                                                                              0x004073cb
                                                                                                                              0x004073cb
                                                                                                                              0x004073cb
                                                                                                                              0x004073ce
                                                                                                                              0x004073ce
                                                                                                                              0x004073ce
                                                                                                                              0x004073d4
                                                                                                                              0x004073da
                                                                                                                              0x004073e0
                                                                                                                              0x004073fa
                                                                                                                              0x004073fd
                                                                                                                              0x00407403
                                                                                                                              0x0040740e
                                                                                                                              0x00407410
                                                                                                                              0x004073e2
                                                                                                                              0x004073e2
                                                                                                                              0x004073f1
                                                                                                                              0x004073f5
                                                                                                                              0x004073f5
                                                                                                                              0x0040741a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040741c
                                                                                                                              0x00407420
                                                                                                                              0x004075cf
                                                                                                                              0x004075e5
                                                                                                                              0x004075ed
                                                                                                                              0x004075f4
                                                                                                                              0x004075f6
                                                                                                                              0x004075fd
                                                                                                                              0x00407601
                                                                                                                              0x00407601
                                                                                                                              0x0040742c
                                                                                                                              0x00407433
                                                                                                                              0x0040743b
                                                                                                                              0x0040743e
                                                                                                                              0x00407441
                                                                                                                              0x00407441
                                                                                                                              0x00407447
                                                                                                                              0x00407447
                                                                                                                              0x00406be3
                                                                                                                              0x00406be3
                                                                                                                              0x00406be3
                                                                                                                              0x00406bec
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406bf2
                                                                                                                              0x00000000
                                                                                                                              0x00406bfd
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406c06
                                                                                                                              0x00406c09
                                                                                                                              0x00406c0c
                                                                                                                              0x00406c10
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406c16
                                                                                                                              0x00406c19
                                                                                                                              0x00406c1b
                                                                                                                              0x00406c1c
                                                                                                                              0x00406c1f
                                                                                                                              0x00406c21
                                                                                                                              0x00406c22
                                                                                                                              0x00406c24
                                                                                                                              0x00406c27
                                                                                                                              0x00406c2c
                                                                                                                              0x00406c31
                                                                                                                              0x00406c3a
                                                                                                                              0x00406c4d
                                                                                                                              0x00406c50
                                                                                                                              0x00406c5c
                                                                                                                              0x00406c84
                                                                                                                              0x00406c86
                                                                                                                              0x00406c94
                                                                                                                              0x00406c94
                                                                                                                              0x00406c98
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406c88
                                                                                                                              0x00406c88
                                                                                                                              0x00406c8b
                                                                                                                              0x00406c8c
                                                                                                                              0x00406c8c
                                                                                                                              0x00000000
                                                                                                                              0x00406c88
                                                                                                                              0x00406c62
                                                                                                                              0x00406c67
                                                                                                                              0x00406c67
                                                                                                                              0x00406c70
                                                                                                                              0x00406c78
                                                                                                                              0x00406c7b
                                                                                                                              0x00000000
                                                                                                                              0x00406c81
                                                                                                                              0x00406c81
                                                                                                                              0x00000000
                                                                                                                              0x00406c81
                                                                                                                              0x00000000
                                                                                                                              0x00406c9e
                                                                                                                              0x00406c9e
                                                                                                                              0x00406ca2
                                                                                                                              0x0040754e
                                                                                                                              0x00000000
                                                                                                                              0x0040754e
                                                                                                                              0x00406cab
                                                                                                                              0x00406cbb
                                                                                                                              0x00406cbe
                                                                                                                              0x00406cc1
                                                                                                                              0x00406cc1
                                                                                                                              0x00406cc1
                                                                                                                              0x00406cc4
                                                                                                                              0x00406cc8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406cca
                                                                                                                              0x00406cd0
                                                                                                                              0x00406cfa
                                                                                                                              0x00406d00
                                                                                                                              0x00406d07
                                                                                                                              0x00000000
                                                                                                                              0x00406d07
                                                                                                                              0x00406cd6
                                                                                                                              0x00406cd9
                                                                                                                              0x00406cde
                                                                                                                              0x00406cde
                                                                                                                              0x00406ce9
                                                                                                                              0x00406cf1
                                                                                                                              0x00406cf4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406d39
                                                                                                                              0x00406d3f
                                                                                                                              0x00406d42
                                                                                                                              0x00406d4f
                                                                                                                              0x00406d57
                                                                                                                              0x004073cb
                                                                                                                              0x004073cb
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406d0e
                                                                                                                              0x00406d0e
                                                                                                                              0x00406d12
                                                                                                                              0x0040755d
                                                                                                                              0x00000000
                                                                                                                              0x0040755d
                                                                                                                              0x00406d1e
                                                                                                                              0x00406d29
                                                                                                                              0x00406d29
                                                                                                                              0x00406d29
                                                                                                                              0x00406d2c
                                                                                                                              0x00406d2f
                                                                                                                              0x00406d32
                                                                                                                              0x00406d37
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004073ce
                                                                                                                              0x004073ce
                                                                                                                              0x004073d4
                                                                                                                              0x004073da
                                                                                                                              0x004073e0
                                                                                                                              0x004073fa
                                                                                                                              0x004073fd
                                                                                                                              0x00407403
                                                                                                                              0x0040740e
                                                                                                                              0x00407410
                                                                                                                              0x004073e2
                                                                                                                              0x004073e2
                                                                                                                              0x004073f1
                                                                                                                              0x004073f5
                                                                                                                              0x004073f5
                                                                                                                              0x0040741a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406d5f
                                                                                                                              0x00406d61
                                                                                                                              0x00406d64
                                                                                                                              0x00406dd5
                                                                                                                              0x00406dd8
                                                                                                                              0x00406ddb
                                                                                                                              0x00406de2
                                                                                                                              0x00406dec
                                                                                                                              0x004073cb
                                                                                                                              0x004073cb
                                                                                                                              0x004073cb
                                                                                                                              0x00000000
                                                                                                                              0x004073cb
                                                                                                                              0x004073cb
                                                                                                                              0x00406d66
                                                                                                                              0x00406d6a
                                                                                                                              0x00406d6d
                                                                                                                              0x00406d6f
                                                                                                                              0x00406d72
                                                                                                                              0x00406d75
                                                                                                                              0x00406d77
                                                                                                                              0x00406d7a
                                                                                                                              0x00406d7c
                                                                                                                              0x00406d81
                                                                                                                              0x00406d84
                                                                                                                              0x00406d87
                                                                                                                              0x00406d8b
                                                                                                                              0x00406d92
                                                                                                                              0x00406d95
                                                                                                                              0x00406d9c
                                                                                                                              0x00406da0
                                                                                                                              0x00406da8
                                                                                                                              0x00406da8
                                                                                                                              0x00406da8
                                                                                                                              0x00406da2
                                                                                                                              0x00406da2
                                                                                                                              0x00406da2
                                                                                                                              0x00406d97
                                                                                                                              0x00406d97
                                                                                                                              0x00406d97
                                                                                                                              0x00406dac
                                                                                                                              0x00406daf
                                                                                                                              0x00406dcd
                                                                                                                              0x00406dcf
                                                                                                                              0x00000000
                                                                                                                              0x00406db1
                                                                                                                              0x00406db1
                                                                                                                              0x00406db4
                                                                                                                              0x00406db7
                                                                                                                              0x00406dba
                                                                                                                              0x00406dbc
                                                                                                                              0x00406dbc
                                                                                                                              0x00406dbc
                                                                                                                              0x00406dbf
                                                                                                                              0x00406dc2
                                                                                                                              0x00406dc4
                                                                                                                              0x00406dc5
                                                                                                                              0x00406dc8
                                                                                                                              0x00000000
                                                                                                                              0x00406dc8
                                                                                                                              0x00000000
                                                                                                                              0x00406ffe
                                                                                                                              0x00407002
                                                                                                                              0x00407020
                                                                                                                              0x00407023
                                                                                                                              0x0040702a
                                                                                                                              0x0040702d
                                                                                                                              0x00407030
                                                                                                                              0x00407033
                                                                                                                              0x00407036
                                                                                                                              0x00407039
                                                                                                                              0x0040703b
                                                                                                                              0x00407042
                                                                                                                              0x00407043
                                                                                                                              0x00407045
                                                                                                                              0x00407048
                                                                                                                              0x0040704b
                                                                                                                              0x0040704e
                                                                                                                              0x0040704e
                                                                                                                              0x00407053
                                                                                                                              0x00000000
                                                                                                                              0x00407053
                                                                                                                              0x00407004
                                                                                                                              0x00407007
                                                                                                                              0x0040700a
                                                                                                                              0x00407014
                                                                                                                              0x004073cb
                                                                                                                              0x004073cb
                                                                                                                              0x004073cb
                                                                                                                              0x00000000
                                                                                                                              0x004073cb
                                                                                                                              0x00000000
                                                                                                                              0x00407068
                                                                                                                              0x0040706c
                                                                                                                              0x0040708f
                                                                                                                              0x00407092
                                                                                                                              0x00407095
                                                                                                                              0x0040709f
                                                                                                                              0x0040706e
                                                                                                                              0x0040706e
                                                                                                                              0x00407071
                                                                                                                              0x00407074
                                                                                                                              0x00407077
                                                                                                                              0x00407084
                                                                                                                              0x00407087
                                                                                                                              0x00407087
                                                                                                                              0x004073cb
                                                                                                                              0x004073cb
                                                                                                                              0x004073cb
                                                                                                                              0x00000000
                                                                                                                              0x004073cb
                                                                                                                              0x00000000
                                                                                                                              0x004070ab
                                                                                                                              0x004070af
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004070b5
                                                                                                                              0x004070b9
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004070bf
                                                                                                                              0x004070c1
                                                                                                                              0x004070c5
                                                                                                                              0x004070c5
                                                                                                                              0x004070c8
                                                                                                                              0x004070cc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407143
                                                                                                                              0x00407147
                                                                                                                              0x0040714e
                                                                                                                              0x00407151
                                                                                                                              0x00407154
                                                                                                                              0x00407149
                                                                                                                              0x00407149
                                                                                                                              0x00407149
                                                                                                                              0x00407157
                                                                                                                              0x0040715a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407203
                                                                                                                              0x00407203
                                                                                                                              0x00407207
                                                                                                                              0x004075a5
                                                                                                                              0x00000000
                                                                                                                              0x004075a5
                                                                                                                              0x0040720d
                                                                                                                              0x00407210
                                                                                                                              0x00407213
                                                                                                                              0x00407217
                                                                                                                              0x0040721a
                                                                                                                              0x00407220
                                                                                                                              0x00407222
                                                                                                                              0x00407222
                                                                                                                              0x00407222
                                                                                                                              0x00407225
                                                                                                                              0x00407228
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406df8
                                                                                                                              0x00406df8
                                                                                                                              0x00406dfc
                                                                                                                              0x00407569
                                                                                                                              0x00000000
                                                                                                                              0x00407569
                                                                                                                              0x00406e02
                                                                                                                              0x00406e05
                                                                                                                              0x00406e08
                                                                                                                              0x00406e0c
                                                                                                                              0x00406e0f
                                                                                                                              0x00406e15
                                                                                                                              0x00406e17
                                                                                                                              0x00406e17
                                                                                                                              0x00406e17
                                                                                                                              0x00406e1a
                                                                                                                              0x00406e1d
                                                                                                                              0x00406e1d
                                                                                                                              0x00406e20
                                                                                                                              0x00406e23
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406e29
                                                                                                                              0x00406e2f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406e35
                                                                                                                              0x00406e35
                                                                                                                              0x00406e39
                                                                                                                              0x00406e3c
                                                                                                                              0x00406e3f
                                                                                                                              0x00406e42
                                                                                                                              0x00406e45
                                                                                                                              0x00406e46
                                                                                                                              0x00406e49
                                                                                                                              0x00406e4b
                                                                                                                              0x00406e51
                                                                                                                              0x00406e54
                                                                                                                              0x00406e57
                                                                                                                              0x00406e5a
                                                                                                                              0x00406e5d
                                                                                                                              0x00406e60
                                                                                                                              0x00406e63
                                                                                                                              0x00406e7f
                                                                                                                              0x00406e82
                                                                                                                              0x00406e85
                                                                                                                              0x00406e88
                                                                                                                              0x00406e8f
                                                                                                                              0x00406e93
                                                                                                                              0x00406e95
                                                                                                                              0x00406e99
                                                                                                                              0x00406e65
                                                                                                                              0x00406e65
                                                                                                                              0x00406e69
                                                                                                                              0x00406e71
                                                                                                                              0x00406e76
                                                                                                                              0x00406e78
                                                                                                                              0x00406e7a
                                                                                                                              0x00406e7a
                                                                                                                              0x00406e9c
                                                                                                                              0x00406ea3
                                                                                                                              0x00406ea6
                                                                                                                              0x00000000
                                                                                                                              0x00406eac
                                                                                                                              0x00000000
                                                                                                                              0x00406eac
                                                                                                                              0x00000000
                                                                                                                              0x00406eb1
                                                                                                                              0x00406eb1
                                                                                                                              0x00406eb5
                                                                                                                              0x00407575
                                                                                                                              0x00000000
                                                                                                                              0x00407575
                                                                                                                              0x00406ebb
                                                                                                                              0x00406ebe
                                                                                                                              0x00406ec1
                                                                                                                              0x00406ec5
                                                                                                                              0x00406ec8
                                                                                                                              0x00406ece
                                                                                                                              0x00406ed0
                                                                                                                              0x00406ed0
                                                                                                                              0x00406ed0
                                                                                                                              0x00406ed3
                                                                                                                              0x00406ed6
                                                                                                                              0x00406ed6
                                                                                                                              0x00406ed6
                                                                                                                              0x00406edc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406ede
                                                                                                                              0x00406ee1
                                                                                                                              0x00406ee4
                                                                                                                              0x00406ee7
                                                                                                                              0x00406eea
                                                                                                                              0x00406eed
                                                                                                                              0x00406ef0
                                                                                                                              0x00406ef3
                                                                                                                              0x00406ef6
                                                                                                                              0x00406ef9
                                                                                                                              0x00406efc
                                                                                                                              0x00406f14
                                                                                                                              0x00406f17
                                                                                                                              0x00406f1a
                                                                                                                              0x00406f1d
                                                                                                                              0x00406f1d
                                                                                                                              0x00406f20
                                                                                                                              0x00406f24
                                                                                                                              0x00406f26
                                                                                                                              0x00406efe
                                                                                                                              0x00406efe
                                                                                                                              0x00406f06
                                                                                                                              0x00406f0b
                                                                                                                              0x00406f0d
                                                                                                                              0x00406f0f
                                                                                                                              0x00406f0f
                                                                                                                              0x00406f29
                                                                                                                              0x00406f30
                                                                                                                              0x00406f33
                                                                                                                              0x00000000
                                                                                                                              0x00406f35
                                                                                                                              0x00000000
                                                                                                                              0x00406f35
                                                                                                                              0x00406f33
                                                                                                                              0x00406f3a
                                                                                                                              0x00406f3a
                                                                                                                              0x00406f3a
                                                                                                                              0x00406f3a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406f75
                                                                                                                              0x00406f75
                                                                                                                              0x00406f79
                                                                                                                              0x00407581
                                                                                                                              0x00000000
                                                                                                                              0x00407581
                                                                                                                              0x00406f7f
                                                                                                                              0x00406f82
                                                                                                                              0x00406f85
                                                                                                                              0x00406f89
                                                                                                                              0x00406f8c
                                                                                                                              0x00406f92
                                                                                                                              0x00406f94
                                                                                                                              0x00406f94
                                                                                                                              0x00406f94
                                                                                                                              0x00406f97
                                                                                                                              0x00406f9a
                                                                                                                              0x00406f9a
                                                                                                                              0x00406fa0
                                                                                                                              0x00406f3e
                                                                                                                              0x00406f3e
                                                                                                                              0x00406f41
                                                                                                                              0x00000000
                                                                                                                              0x00406f41
                                                                                                                              0x00406fa2
                                                                                                                              0x00406fa2
                                                                                                                              0x00406fa5
                                                                                                                              0x00406fa8
                                                                                                                              0x00406fab
                                                                                                                              0x00406fae
                                                                                                                              0x00406fb1
                                                                                                                              0x00406fb4
                                                                                                                              0x00406fb7
                                                                                                                              0x00406fba
                                                                                                                              0x00406fbd
                                                                                                                              0x00406fc0
                                                                                                                              0x00406fd8
                                                                                                                              0x00406fdb
                                                                                                                              0x00406fde
                                                                                                                              0x00406fe1
                                                                                                                              0x00406fe1
                                                                                                                              0x00406fe4
                                                                                                                              0x00406fe8
                                                                                                                              0x00406fea
                                                                                                                              0x00406fc2
                                                                                                                              0x00406fc2
                                                                                                                              0x00406fca
                                                                                                                              0x00406fcf
                                                                                                                              0x00406fd1
                                                                                                                              0x00406fd3
                                                                                                                              0x00406fd3
                                                                                                                              0x00406fed
                                                                                                                              0x00406ff4
                                                                                                                              0x00406ff7
                                                                                                                              0x00000000
                                                                                                                              0x00406ff9
                                                                                                                              0x00000000
                                                                                                                              0x00406ff9
                                                                                                                              0x00000000
                                                                                                                              0x00407286
                                                                                                                              0x00407286
                                                                                                                              0x0040728a
                                                                                                                              0x004075b1
                                                                                                                              0x00000000
                                                                                                                              0x004075b1
                                                                                                                              0x00407290
                                                                                                                              0x00407293
                                                                                                                              0x00407296
                                                                                                                              0x0040729a
                                                                                                                              0x0040729d
                                                                                                                              0x004072a3
                                                                                                                              0x004072a5
                                                                                                                              0x004072a5
                                                                                                                              0x004072a5
                                                                                                                              0x004072a8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407395
                                                                                                                              0x00407399
                                                                                                                              0x004073bb
                                                                                                                              0x004073be
                                                                                                                              0x004073c8
                                                                                                                              0x004073cb
                                                                                                                              0x004073cb
                                                                                                                              0x004073cb
                                                                                                                              0x00000000
                                                                                                                              0x004073cb
                                                                                                                              0x004073cb
                                                                                                                              0x0040739b
                                                                                                                              0x0040739e
                                                                                                                              0x004073a2
                                                                                                                              0x004073a5
                                                                                                                              0x004073a5
                                                                                                                              0x004073a8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407452
                                                                                                                              0x00407456
                                                                                                                              0x00407474
                                                                                                                              0x00407474
                                                                                                                              0x00407474
                                                                                                                              0x0040747b
                                                                                                                              0x00407482
                                                                                                                              0x00407489
                                                                                                                              0x00407489
                                                                                                                              0x00000000
                                                                                                                              0x00407489
                                                                                                                              0x00407458
                                                                                                                              0x0040745b
                                                                                                                              0x0040745e
                                                                                                                              0x00407461
                                                                                                                              0x00407468
                                                                                                                              0x004073ac
                                                                                                                              0x004073ac
                                                                                                                              0x004073af
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407543
                                                                                                                              0x00407546
                                                                                                                              0x00407447
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040717d
                                                                                                                              0x0040717f
                                                                                                                              0x00407186
                                                                                                                              0x00407187
                                                                                                                              0x00407189
                                                                                                                              0x0040718c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407194
                                                                                                                              0x00407197
                                                                                                                              0x0040719a
                                                                                                                              0x0040719c
                                                                                                                              0x0040719e
                                                                                                                              0x0040719e
                                                                                                                              0x0040719f
                                                                                                                              0x004071a2
                                                                                                                              0x004071a9
                                                                                                                              0x004071ac
                                                                                                                              0x004071ba
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407490
                                                                                                                              0x00407490
                                                                                                                              0x00407493
                                                                                                                              0x0040749a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040749f
                                                                                                                              0x0040749f
                                                                                                                              0x004074a3
                                                                                                                              0x004075db
                                                                                                                              0x00000000
                                                                                                                              0x004075db
                                                                                                                              0x004074a9
                                                                                                                              0x004074ac
                                                                                                                              0x004074af
                                                                                                                              0x004074b3
                                                                                                                              0x004074b6
                                                                                                                              0x004074bc
                                                                                                                              0x004074be
                                                                                                                              0x004074be
                                                                                                                              0x004074be
                                                                                                                              0x004074c1
                                                                                                                              0x004074c4
                                                                                                                              0x004074c4
                                                                                                                              0x004074c4
                                                                                                                              0x004074c4
                                                                                                                              0x004074c7
                                                                                                                              0x004074c7
                                                                                                                              0x004074cb
                                                                                                                              0x0040752b
                                                                                                                              0x0040752e
                                                                                                                              0x00407533
                                                                                                                              0x00407534
                                                                                                                              0x00407536
                                                                                                                              0x00407538
                                                                                                                              0x0040753b
                                                                                                                              0x00407447
                                                                                                                              0x00407447
                                                                                                                              0x00000000
                                                                                                                              0x0040744d
                                                                                                                              0x00407447
                                                                                                                              0x004074cd
                                                                                                                              0x004074d3
                                                                                                                              0x004074d6
                                                                                                                              0x004074d9
                                                                                                                              0x004074dc
                                                                                                                              0x004074df
                                                                                                                              0x004074e2
                                                                                                                              0x004074e5
                                                                                                                              0x004074e8
                                                                                                                              0x004074eb
                                                                                                                              0x004074ee
                                                                                                                              0x00407507
                                                                                                                              0x0040750a
                                                                                                                              0x0040750d
                                                                                                                              0x00407510
                                                                                                                              0x00407514
                                                                                                                              0x00407516
                                                                                                                              0x00407516
                                                                                                                              0x00407517
                                                                                                                              0x0040751a
                                                                                                                              0x004074f0
                                                                                                                              0x004074f0
                                                                                                                              0x004074f8
                                                                                                                              0x004074fd
                                                                                                                              0x004074ff
                                                                                                                              0x00407502
                                                                                                                              0x00407502
                                                                                                                              0x0040751d
                                                                                                                              0x00407524
                                                                                                                              0x00000000
                                                                                                                              0x00407526
                                                                                                                              0x00000000
                                                                                                                              0x00407526
                                                                                                                              0x00000000
                                                                                                                              0x004071c2
                                                                                                                              0x004071c5
                                                                                                                              0x004071fb
                                                                                                                              0x0040732b
                                                                                                                              0x0040732b
                                                                                                                              0x0040732b
                                                                                                                              0x0040732b
                                                                                                                              0x0040732e
                                                                                                                              0x0040732e
                                                                                                                              0x00407331
                                                                                                                              0x00407333
                                                                                                                              0x004075bd
                                                                                                                              0x00000000
                                                                                                                              0x004075bd
                                                                                                                              0x00407339
                                                                                                                              0x0040733c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407342
                                                                                                                              0x00407346
                                                                                                                              0x00407349
                                                                                                                              0x00407349
                                                                                                                              0x00407349
                                                                                                                              0x00000000
                                                                                                                              0x00407349
                                                                                                                              0x004071c7
                                                                                                                              0x004071c9
                                                                                                                              0x004071cb
                                                                                                                              0x004071cd
                                                                                                                              0x004071d0
                                                                                                                              0x004071d1
                                                                                                                              0x004071d3
                                                                                                                              0x004071d5
                                                                                                                              0x004071d8
                                                                                                                              0x004071db
                                                                                                                              0x004071f1
                                                                                                                              0x004071f6
                                                                                                                              0x0040722e
                                                                                                                              0x0040722e
                                                                                                                              0x00407232
                                                                                                                              0x0040725e
                                                                                                                              0x00407260
                                                                                                                              0x00407267
                                                                                                                              0x0040726a
                                                                                                                              0x0040726d
                                                                                                                              0x0040726d
                                                                                                                              0x00407272
                                                                                                                              0x00407272
                                                                                                                              0x00407274
                                                                                                                              0x00407277
                                                                                                                              0x0040727e
                                                                                                                              0x00407281
                                                                                                                              0x004072ae
                                                                                                                              0x004072ae
                                                                                                                              0x004072b1
                                                                                                                              0x004072b4
                                                                                                                              0x00407328
                                                                                                                              0x00407328
                                                                                                                              0x00407328
                                                                                                                              0x00000000
                                                                                                                              0x00407328
                                                                                                                              0x004072b6
                                                                                                                              0x004072bc
                                                                                                                              0x004072bf
                                                                                                                              0x004072c2
                                                                                                                              0x004072c5
                                                                                                                              0x004072c8
                                                                                                                              0x004072cb
                                                                                                                              0x004072ce
                                                                                                                              0x004072d1
                                                                                                                              0x004072d4
                                                                                                                              0x004072d7
                                                                                                                              0x004072f0
                                                                                                                              0x004072f2
                                                                                                                              0x004072f5
                                                                                                                              0x004072f6
                                                                                                                              0x004072f9
                                                                                                                              0x004072fb
                                                                                                                              0x004072fe
                                                                                                                              0x00407300
                                                                                                                              0x00407302
                                                                                                                              0x00407305
                                                                                                                              0x00407307
                                                                                                                              0x0040730a
                                                                                                                              0x0040730e
                                                                                                                              0x00407310
                                                                                                                              0x00407310
                                                                                                                              0x00407311
                                                                                                                              0x00407314
                                                                                                                              0x00407317
                                                                                                                              0x004072d9
                                                                                                                              0x004072d9
                                                                                                                              0x004072e1
                                                                                                                              0x004072e6
                                                                                                                              0x004072e8
                                                                                                                              0x004072eb
                                                                                                                              0x004072eb
                                                                                                                              0x0040731a
                                                                                                                              0x00407321
                                                                                                                              0x004072ab
                                                                                                                              0x004072ab
                                                                                                                              0x004072ab
                                                                                                                              0x004072ab
                                                                                                                              0x00000000
                                                                                                                              0x00407323
                                                                                                                              0x00000000
                                                                                                                              0x00407323
                                                                                                                              0x00407321
                                                                                                                              0x00407234
                                                                                                                              0x00407237
                                                                                                                              0x00407239
                                                                                                                              0x0040723c
                                                                                                                              0x0040723f
                                                                                                                              0x00407242
                                                                                                                              0x00407244
                                                                                                                              0x00407247
                                                                                                                              0x0040724a
                                                                                                                              0x0040724a
                                                                                                                              0x0040724d
                                                                                                                              0x0040724d
                                                                                                                              0x00407250
                                                                                                                              0x00407257
                                                                                                                              0x0040722b
                                                                                                                              0x0040722b
                                                                                                                              0x0040722b
                                                                                                                              0x0040722b
                                                                                                                              0x00000000
                                                                                                                              0x00407259
                                                                                                                              0x00000000
                                                                                                                              0x00407259
                                                                                                                              0x00407257
                                                                                                                              0x004071dd
                                                                                                                              0x004071e0
                                                                                                                              0x004071e2
                                                                                                                              0x004071e5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406f44
                                                                                                                              0x00406f44
                                                                                                                              0x00406f48
                                                                                                                              0x0040758d
                                                                                                                              0x00000000
                                                                                                                              0x0040758d
                                                                                                                              0x00406f4e
                                                                                                                              0x00406f51
                                                                                                                              0x00406f54
                                                                                                                              0x00406f57
                                                                                                                              0x00406f5a
                                                                                                                              0x00406f5d
                                                                                                                              0x00406f60
                                                                                                                              0x00406f62
                                                                                                                              0x00406f65
                                                                                                                              0x00406f68
                                                                                                                              0x00406f6b
                                                                                                                              0x00406f6d
                                                                                                                              0x00406f6d
                                                                                                                              0x00406f6d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004070cf
                                                                                                                              0x004070cf
                                                                                                                              0x004070d3
                                                                                                                              0x00407599
                                                                                                                              0x00000000
                                                                                                                              0x00407599
                                                                                                                              0x004070d9
                                                                                                                              0x004070dc
                                                                                                                              0x004070df
                                                                                                                              0x004070e2
                                                                                                                              0x004070e4
                                                                                                                              0x004070e4
                                                                                                                              0x004070e4
                                                                                                                              0x004070e7
                                                                                                                              0x004070ea
                                                                                                                              0x004070ed
                                                                                                                              0x004070f0
                                                                                                                              0x004070f3
                                                                                                                              0x004070f6
                                                                                                                              0x004070f7
                                                                                                                              0x004070f9
                                                                                                                              0x004070f9
                                                                                                                              0x004070f9
                                                                                                                              0x004070fc
                                                                                                                              0x004070ff
                                                                                                                              0x00407102
                                                                                                                              0x00407105
                                                                                                                              0x00407105
                                                                                                                              0x00407105
                                                                                                                              0x00407108
                                                                                                                              0x0040710a
                                                                                                                              0x0040710a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040734c
                                                                                                                              0x0040734c
                                                                                                                              0x0040734c
                                                                                                                              0x00407350
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407356
                                                                                                                              0x00407359
                                                                                                                              0x0040735c
                                                                                                                              0x0040735f
                                                                                                                              0x00407361
                                                                                                                              0x00407361
                                                                                                                              0x00407361
                                                                                                                              0x00407364
                                                                                                                              0x00407367
                                                                                                                              0x0040736a
                                                                                                                              0x0040736d
                                                                                                                              0x00407370
                                                                                                                              0x00407373
                                                                                                                              0x00407374
                                                                                                                              0x00407376
                                                                                                                              0x00407376
                                                                                                                              0x00407376
                                                                                                                              0x00407379
                                                                                                                              0x0040737c
                                                                                                                              0x0040737f
                                                                                                                              0x00407382
                                                                                                                              0x00407385
                                                                                                                              0x00407389
                                                                                                                              0x0040738b
                                                                                                                              0x0040738e
                                                                                                                              0x00000000
                                                                                                                              0x00407390
                                                                                                                              0x0040710d
                                                                                                                              0x0040710d
                                                                                                                              0x00000000
                                                                                                                              0x0040710d
                                                                                                                              0x0040738e
                                                                                                                              0x004075c3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406bf2
                                                                                                                              0x004075fa
                                                                                                                              0x004075fa
                                                                                                                              0x00000000
                                                                                                                              0x004075fa
                                                                                                                              0x00407447
                                                                                                                              0x004073ce
                                                                                                                              0x004073cb
                                                                                                                              0x00000000
                                                                                                                              0x00407120

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c68610f165bc536a6a66ce61bc987e677a2aaa57ebbfa987bd426c3fc0f92c56
                                                                                                                              • Instruction ID: aecab3f40db1f9fc07a3dc9ea3777efa7aa3d7dc23f88bc09ddd959c6243594a
                                                                                                                              • Opcode Fuzzy Hash: c68610f165bc536a6a66ce61bc987e677a2aaa57ebbfa987bd426c3fc0f92c56
                                                                                                                              • Instruction Fuzzy Hash: 2B711571D04228DBEF28CF98C8547ADBBB1FF44305F14806AD856BB281D778A986DF05
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00407068 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 98%
                                                                                                                              			E00407068() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                                                                                                              0x00000000
                                                                                                                              0x00407068
                                                                                                                              0x00407068
                                                                                                                              0x0040706c
                                                                                                                              0x00407095
                                                                                                                              0x0040709f
                                                                                                                              0x0040706e
                                                                                                                              0x00407077
                                                                                                                              0x00407084
                                                                                                                              0x00407087
                                                                                                                              0x004073cb
                                                                                                                              0x004073cb
                                                                                                                              0x004073ce
                                                                                                                              0x004073ce
                                                                                                                              0x004073ce
                                                                                                                              0x004073d4
                                                                                                                              0x004073da
                                                                                                                              0x004073e0
                                                                                                                              0x004073fa
                                                                                                                              0x004073fd
                                                                                                                              0x00407403
                                                                                                                              0x0040740e
                                                                                                                              0x00407410
                                                                                                                              0x004073e2
                                                                                                                              0x004073e2
                                                                                                                              0x004073f1
                                                                                                                              0x004073f5
                                                                                                                              0x004073f5
                                                                                                                              0x0040741a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040741c
                                                                                                                              0x00407420
                                                                                                                              0x004075cf
                                                                                                                              0x004075e5
                                                                                                                              0x004075ed
                                                                                                                              0x004075f4
                                                                                                                              0x004075f6
                                                                                                                              0x004075fd
                                                                                                                              0x00407601
                                                                                                                              0x00407601
                                                                                                                              0x0040742c
                                                                                                                              0x00407433
                                                                                                                              0x0040743b
                                                                                                                              0x0040743e
                                                                                                                              0x00407441
                                                                                                                              0x00407441
                                                                                                                              0x00407447
                                                                                                                              0x00407447
                                                                                                                              0x00406be3
                                                                                                                              0x00406be3
                                                                                                                              0x00406be3
                                                                                                                              0x00406bec
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406bf2
                                                                                                                              0x00000000
                                                                                                                              0x00406bfd
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406c06
                                                                                                                              0x00406c09
                                                                                                                              0x00406c0c
                                                                                                                              0x00406c10
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406c16
                                                                                                                              0x00406c19
                                                                                                                              0x00406c1b
                                                                                                                              0x00406c1c
                                                                                                                              0x00406c1f
                                                                                                                              0x00406c21
                                                                                                                              0x00406c22
                                                                                                                              0x00406c24
                                                                                                                              0x00406c27
                                                                                                                              0x00406c2c
                                                                                                                              0x00406c31
                                                                                                                              0x00406c3a
                                                                                                                              0x00406c4d
                                                                                                                              0x00406c50
                                                                                                                              0x00406c5c
                                                                                                                              0x00406c84
                                                                                                                              0x00406c86
                                                                                                                              0x00406c94
                                                                                                                              0x00406c94
                                                                                                                              0x00406c98
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406c88
                                                                                                                              0x00406c88
                                                                                                                              0x00406c8b
                                                                                                                              0x00406c8c
                                                                                                                              0x00406c8c
                                                                                                                              0x00000000
                                                                                                                              0x00406c88
                                                                                                                              0x00406c62
                                                                                                                              0x00406c67
                                                                                                                              0x00406c67
                                                                                                                              0x00406c70
                                                                                                                              0x00406c78
                                                                                                                              0x00406c7b
                                                                                                                              0x00000000
                                                                                                                              0x00406c81
                                                                                                                              0x00406c81
                                                                                                                              0x00000000
                                                                                                                              0x00406c81
                                                                                                                              0x00000000
                                                                                                                              0x00406c9e
                                                                                                                              0x00406c9e
                                                                                                                              0x00406ca2
                                                                                                                              0x0040754e
                                                                                                                              0x00000000
                                                                                                                              0x0040754e
                                                                                                                              0x00406cab
                                                                                                                              0x00406cbb
                                                                                                                              0x00406cbe
                                                                                                                              0x00406cc1
                                                                                                                              0x00406cc1
                                                                                                                              0x00406cc1
                                                                                                                              0x00406cc4
                                                                                                                              0x00406cc8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406cca
                                                                                                                              0x00406cd0
                                                                                                                              0x00406cfa
                                                                                                                              0x00406d00
                                                                                                                              0x00406d07
                                                                                                                              0x00000000
                                                                                                                              0x00406d07
                                                                                                                              0x00406cd6
                                                                                                                              0x00406cd9
                                                                                                                              0x00406cde
                                                                                                                              0x00406cde
                                                                                                                              0x00406ce9
                                                                                                                              0x00406cf1
                                                                                                                              0x00406cf4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406d39
                                                                                                                              0x00406d3f
                                                                                                                              0x00406d42
                                                                                                                              0x00406d4f
                                                                                                                              0x00406d57
                                                                                                                              0x004073cb
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406d0e
                                                                                                                              0x00406d0e
                                                                                                                              0x00406d12
                                                                                                                              0x0040755d
                                                                                                                              0x00000000
                                                                                                                              0x0040755d
                                                                                                                              0x00406d1e
                                                                                                                              0x00406d29
                                                                                                                              0x00406d29
                                                                                                                              0x00406d29
                                                                                                                              0x00406d2c
                                                                                                                              0x00406d2f
                                                                                                                              0x00406d32
                                                                                                                              0x00406d37
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004073ce
                                                                                                                              0x004073ce
                                                                                                                              0x004073d4
                                                                                                                              0x004073da
                                                                                                                              0x004073e0
                                                                                                                              0x004073fa
                                                                                                                              0x004073fd
                                                                                                                              0x00407403
                                                                                                                              0x0040740e
                                                                                                                              0x00407410
                                                                                                                              0x004073e2
                                                                                                                              0x004073e2
                                                                                                                              0x004073f1
                                                                                                                              0x004073f5
                                                                                                                              0x004073f5
                                                                                                                              0x0040741a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406d5f
                                                                                                                              0x00406d61
                                                                                                                              0x00406d64
                                                                                                                              0x00406dd5
                                                                                                                              0x00406dd8
                                                                                                                              0x00406ddb
                                                                                                                              0x00406de2
                                                                                                                              0x00406dec
                                                                                                                              0x004073cb
                                                                                                                              0x004073cb
                                                                                                                              0x00000000
                                                                                                                              0x004073cb
                                                                                                                              0x004073cb
                                                                                                                              0x00406d66
                                                                                                                              0x00406d6a
                                                                                                                              0x00406d6d
                                                                                                                              0x00406d6f
                                                                                                                              0x00406d72
                                                                                                                              0x00406d75
                                                                                                                              0x00406d77
                                                                                                                              0x00406d7a
                                                                                                                              0x00406d7c
                                                                                                                              0x00406d81
                                                                                                                              0x00406d84
                                                                                                                              0x00406d87
                                                                                                                              0x00406d8b
                                                                                                                              0x00406d92
                                                                                                                              0x00406d95
                                                                                                                              0x00406d9c
                                                                                                                              0x00406da0
                                                                                                                              0x00406da8
                                                                                                                              0x00406da8
                                                                                                                              0x00406da8
                                                                                                                              0x00406da2
                                                                                                                              0x00406da2
                                                                                                                              0x00406da2
                                                                                                                              0x00406d97
                                                                                                                              0x00406d97
                                                                                                                              0x00406d97
                                                                                                                              0x00406dac
                                                                                                                              0x00406daf
                                                                                                                              0x00406dcd
                                                                                                                              0x00406dcf
                                                                                                                              0x00000000
                                                                                                                              0x00406db1
                                                                                                                              0x00406db1
                                                                                                                              0x00406db4
                                                                                                                              0x00406db7
                                                                                                                              0x00406dba
                                                                                                                              0x00406dbc
                                                                                                                              0x00406dbc
                                                                                                                              0x00406dbc
                                                                                                                              0x00406dbf
                                                                                                                              0x00406dc2
                                                                                                                              0x00406dc4
                                                                                                                              0x00406dc5
                                                                                                                              0x00406dc8
                                                                                                                              0x00000000
                                                                                                                              0x00406dc8
                                                                                                                              0x00000000
                                                                                                                              0x00406ffe
                                                                                                                              0x00407002
                                                                                                                              0x00407020
                                                                                                                              0x00407023
                                                                                                                              0x0040702a
                                                                                                                              0x0040702d
                                                                                                                              0x00407030
                                                                                                                              0x00407033
                                                                                                                              0x00407036
                                                                                                                              0x00407039
                                                                                                                              0x0040703b
                                                                                                                              0x00407042
                                                                                                                              0x00407043
                                                                                                                              0x00407045
                                                                                                                              0x00407048
                                                                                                                              0x0040704b
                                                                                                                              0x0040704e
                                                                                                                              0x0040704e
                                                                                                                              0x00407053
                                                                                                                              0x00000000
                                                                                                                              0x00407053
                                                                                                                              0x00407004
                                                                                                                              0x00407007
                                                                                                                              0x0040700a
                                                                                                                              0x00407014
                                                                                                                              0x004073cb
                                                                                                                              0x004073cb
                                                                                                                              0x00000000
                                                                                                                              0x004073cb
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004070ab
                                                                                                                              0x004070af
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004070b5
                                                                                                                              0x004070b9
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004070bf
                                                                                                                              0x004070c1
                                                                                                                              0x004070c5
                                                                                                                              0x004070c5
                                                                                                                              0x004070c8
                                                                                                                              0x004070cc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040711c
                                                                                                                              0x00407120
                                                                                                                              0x00407127
                                                                                                                              0x0040712a
                                                                                                                              0x0040712d
                                                                                                                              0x00407137
                                                                                                                              0x004073cb
                                                                                                                              0x004073cb
                                                                                                                              0x00000000
                                                                                                                              0x004073cb
                                                                                                                              0x004073cb
                                                                                                                              0x00407122
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407143
                                                                                                                              0x00407147
                                                                                                                              0x0040714e
                                                                                                                              0x00407151
                                                                                                                              0x00407154
                                                                                                                              0x00407149
                                                                                                                              0x00407149
                                                                                                                              0x00407149
                                                                                                                              0x00407157
                                                                                                                              0x0040715a
                                                                                                                              0x0040715d
                                                                                                                              0x0040715d
                                                                                                                              0x00407160
                                                                                                                              0x00407163
                                                                                                                              0x00407166
                                                                                                                              0x00407166
                                                                                                                              0x00407169
                                                                                                                              0x00407170
                                                                                                                              0x00407175
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407203
                                                                                                                              0x00407203
                                                                                                                              0x00407207
                                                                                                                              0x004075a5
                                                                                                                              0x00000000
                                                                                                                              0x004075a5
                                                                                                                              0x0040720d
                                                                                                                              0x00407210
                                                                                                                              0x00407213
                                                                                                                              0x00407217
                                                                                                                              0x0040721a
                                                                                                                              0x00407220
                                                                                                                              0x00407222
                                                                                                                              0x00407222
                                                                                                                              0x00407222
                                                                                                                              0x00407225
                                                                                                                              0x00407228
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406df8
                                                                                                                              0x00406df8
                                                                                                                              0x00406dfc
                                                                                                                              0x00407569
                                                                                                                              0x00000000
                                                                                                                              0x00407569
                                                                                                                              0x00406e02
                                                                                                                              0x00406e05
                                                                                                                              0x00406e08
                                                                                                                              0x00406e0c
                                                                                                                              0x00406e0f
                                                                                                                              0x00406e15
                                                                                                                              0x00406e17
                                                                                                                              0x00406e17
                                                                                                                              0x00406e17
                                                                                                                              0x00406e1a
                                                                                                                              0x00406e1d
                                                                                                                              0x00406e1d
                                                                                                                              0x00406e20
                                                                                                                              0x00406e23
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406e29
                                                                                                                              0x00406e2f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406e35
                                                                                                                              0x00406e35
                                                                                                                              0x00406e39
                                                                                                                              0x00406e3c
                                                                                                                              0x00406e3f
                                                                                                                              0x00406e42
                                                                                                                              0x00406e45
                                                                                                                              0x00406e46
                                                                                                                              0x00406e49
                                                                                                                              0x00406e4b
                                                                                                                              0x00406e51
                                                                                                                              0x00406e54
                                                                                                                              0x00406e57
                                                                                                                              0x00406e5a
                                                                                                                              0x00406e5d
                                                                                                                              0x00406e60
                                                                                                                              0x00406e63
                                                                                                                              0x00406e7f
                                                                                                                              0x00406e82
                                                                                                                              0x00406e85
                                                                                                                              0x00406e88
                                                                                                                              0x00406e8f
                                                                                                                              0x00406e93
                                                                                                                              0x00406e95
                                                                                                                              0x00406e99
                                                                                                                              0x00406e65
                                                                                                                              0x00406e65
                                                                                                                              0x00406e69
                                                                                                                              0x00406e71
                                                                                                                              0x00406e76
                                                                                                                              0x00406e78
                                                                                                                              0x00406e7a
                                                                                                                              0x00406e7a
                                                                                                                              0x00406e9c
                                                                                                                              0x00406ea3
                                                                                                                              0x00406ea6
                                                                                                                              0x00000000
                                                                                                                              0x00406eac
                                                                                                                              0x00000000
                                                                                                                              0x00406eac
                                                                                                                              0x00000000
                                                                                                                              0x00406eb1
                                                                                                                              0x00406eb1
                                                                                                                              0x00406eb5
                                                                                                                              0x00407575
                                                                                                                              0x00000000
                                                                                                                              0x00407575
                                                                                                                              0x00406ebb
                                                                                                                              0x00406ebe
                                                                                                                              0x00406ec1
                                                                                                                              0x00406ec5
                                                                                                                              0x00406ec8
                                                                                                                              0x00406ece
                                                                                                                              0x00406ed0
                                                                                                                              0x00406ed0
                                                                                                                              0x00406ed0
                                                                                                                              0x00406ed3
                                                                                                                              0x00406ed6
                                                                                                                              0x00406ed6
                                                                                                                              0x00406ed6
                                                                                                                              0x00406edc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406ede
                                                                                                                              0x00406ee1
                                                                                                                              0x00406ee4
                                                                                                                              0x00406ee7
                                                                                                                              0x00406eea
                                                                                                                              0x00406eed
                                                                                                                              0x00406ef0
                                                                                                                              0x00406ef3
                                                                                                                              0x00406ef6
                                                                                                                              0x00406ef9
                                                                                                                              0x00406efc
                                                                                                                              0x00406f14
                                                                                                                              0x00406f17
                                                                                                                              0x00406f1a
                                                                                                                              0x00406f1d
                                                                                                                              0x00406f1d
                                                                                                                              0x00406f20
                                                                                                                              0x00406f24
                                                                                                                              0x00406f26
                                                                                                                              0x00406efe
                                                                                                                              0x00406efe
                                                                                                                              0x00406f06
                                                                                                                              0x00406f0b
                                                                                                                              0x00406f0d
                                                                                                                              0x00406f0f
                                                                                                                              0x00406f0f
                                                                                                                              0x00406f29
                                                                                                                              0x00406f30
                                                                                                                              0x00406f33
                                                                                                                              0x00000000
                                                                                                                              0x00406f35
                                                                                                                              0x00000000
                                                                                                                              0x00406f35
                                                                                                                              0x00406f33
                                                                                                                              0x00406f3a
                                                                                                                              0x00406f3a
                                                                                                                              0x00406f3a
                                                                                                                              0x00406f3a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406f75
                                                                                                                              0x00406f75
                                                                                                                              0x00406f79
                                                                                                                              0x00407581
                                                                                                                              0x00000000
                                                                                                                              0x00407581
                                                                                                                              0x00406f7f
                                                                                                                              0x00406f82
                                                                                                                              0x00406f85
                                                                                                                              0x00406f89
                                                                                                                              0x00406f8c
                                                                                                                              0x00406f92
                                                                                                                              0x00406f94
                                                                                                                              0x00406f94
                                                                                                                              0x00406f94
                                                                                                                              0x00406f97
                                                                                                                              0x00406f9a
                                                                                                                              0x00406f9a
                                                                                                                              0x00406fa0
                                                                                                                              0x00406f3e
                                                                                                                              0x00406f3e
                                                                                                                              0x00406f41
                                                                                                                              0x00000000
                                                                                                                              0x00406f41
                                                                                                                              0x00406fa2
                                                                                                                              0x00406fa2
                                                                                                                              0x00406fa5
                                                                                                                              0x00406fa8
                                                                                                                              0x00406fab
                                                                                                                              0x00406fae
                                                                                                                              0x00406fb1
                                                                                                                              0x00406fb4
                                                                                                                              0x00406fb7
                                                                                                                              0x00406fba
                                                                                                                              0x00406fbd
                                                                                                                              0x00406fc0
                                                                                                                              0x00406fd8
                                                                                                                              0x00406fdb
                                                                                                                              0x00406fde
                                                                                                                              0x00406fe1
                                                                                                                              0x00406fe1
                                                                                                                              0x00406fe4
                                                                                                                              0x00406fe8
                                                                                                                              0x00406fea
                                                                                                                              0x00406fc2
                                                                                                                              0x00406fc2
                                                                                                                              0x00406fca
                                                                                                                              0x00406fcf
                                                                                                                              0x00406fd1
                                                                                                                              0x00406fd3
                                                                                                                              0x00406fd3
                                                                                                                              0x00406fed
                                                                                                                              0x00406ff4
                                                                                                                              0x00406ff7
                                                                                                                              0x00000000
                                                                                                                              0x00406ff9
                                                                                                                              0x00000000
                                                                                                                              0x00406ff9
                                                                                                                              0x00000000
                                                                                                                              0x00407286
                                                                                                                              0x00407286
                                                                                                                              0x0040728a
                                                                                                                              0x004075b1
                                                                                                                              0x00000000
                                                                                                                              0x004075b1
                                                                                                                              0x00407290
                                                                                                                              0x00407293
                                                                                                                              0x00407296
                                                                                                                              0x0040729a
                                                                                                                              0x0040729d
                                                                                                                              0x004072a3
                                                                                                                              0x004072a5
                                                                                                                              0x004072a5
                                                                                                                              0x004072a5
                                                                                                                              0x004072a8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407056
                                                                                                                              0x00407056
                                                                                                                              0x00407059
                                                                                                                              0x004073cb
                                                                                                                              0x004073cb
                                                                                                                              0x00000000
                                                                                                                              0x004073cb
                                                                                                                              0x00000000
                                                                                                                              0x00407395
                                                                                                                              0x00407399
                                                                                                                              0x004073bb
                                                                                                                              0x004073be
                                                                                                                              0x004073c8
                                                                                                                              0x004073cb
                                                                                                                              0x004073cb
                                                                                                                              0x00000000
                                                                                                                              0x004073cb
                                                                                                                              0x004073cb
                                                                                                                              0x0040739b
                                                                                                                              0x0040739e
                                                                                                                              0x004073a2
                                                                                                                              0x004073a5
                                                                                                                              0x004073a5
                                                                                                                              0x004073a8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407452
                                                                                                                              0x00407456
                                                                                                                              0x00407474
                                                                                                                              0x00407474
                                                                                                                              0x00407474
                                                                                                                              0x0040747b
                                                                                                                              0x00407482
                                                                                                                              0x00407489
                                                                                                                              0x00407489
                                                                                                                              0x00000000
                                                                                                                              0x00407489
                                                                                                                              0x00407458
                                                                                                                              0x0040745b
                                                                                                                              0x0040745e
                                                                                                                              0x00407461
                                                                                                                              0x00407468
                                                                                                                              0x004073ac
                                                                                                                              0x004073ac
                                                                                                                              0x004073af
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407543
                                                                                                                              0x00407546
                                                                                                                              0x00407447
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040717d
                                                                                                                              0x0040717f
                                                                                                                              0x00407186
                                                                                                                              0x00407187
                                                                                                                              0x00407189
                                                                                                                              0x0040718c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407194
                                                                                                                              0x00407197
                                                                                                                              0x0040719a
                                                                                                                              0x0040719c
                                                                                                                              0x0040719e
                                                                                                                              0x0040719e
                                                                                                                              0x0040719f
                                                                                                                              0x004071a2
                                                                                                                              0x004071a9
                                                                                                                              0x004071ac
                                                                                                                              0x004071ba
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407490
                                                                                                                              0x00407490
                                                                                                                              0x00407493
                                                                                                                              0x0040749a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040749f
                                                                                                                              0x0040749f
                                                                                                                              0x004074a3
                                                                                                                              0x004075db
                                                                                                                              0x00000000
                                                                                                                              0x004075db
                                                                                                                              0x004074a9
                                                                                                                              0x004074ac
                                                                                                                              0x004074af
                                                                                                                              0x004074b3
                                                                                                                              0x004074b6
                                                                                                                              0x004074bc
                                                                                                                              0x004074be
                                                                                                                              0x004074be
                                                                                                                              0x004074be
                                                                                                                              0x004074c1
                                                                                                                              0x004074c4
                                                                                                                              0x004074c4
                                                                                                                              0x004074c4
                                                                                                                              0x004074c4
                                                                                                                              0x004074c7
                                                                                                                              0x004074c7
                                                                                                                              0x004074cb
                                                                                                                              0x0040752b
                                                                                                                              0x0040752e
                                                                                                                              0x00407533
                                                                                                                              0x00407534
                                                                                                                              0x00407536
                                                                                                                              0x00407538
                                                                                                                              0x0040753b
                                                                                                                              0x00407447
                                                                                                                              0x00407447
                                                                                                                              0x00000000
                                                                                                                              0x0040744d
                                                                                                                              0x00407447
                                                                                                                              0x004074cd
                                                                                                                              0x004074d3
                                                                                                                              0x004074d6
                                                                                                                              0x004074d9
                                                                                                                              0x004074dc
                                                                                                                              0x004074df
                                                                                                                              0x004074e2
                                                                                                                              0x004074e5
                                                                                                                              0x004074e8
                                                                                                                              0x004074eb
                                                                                                                              0x004074ee
                                                                                                                              0x00407507
                                                                                                                              0x0040750a
                                                                                                                              0x0040750d
                                                                                                                              0x00407510
                                                                                                                              0x00407514
                                                                                                                              0x00407516
                                                                                                                              0x00407516
                                                                                                                              0x00407517
                                                                                                                              0x0040751a
                                                                                                                              0x004074f0
                                                                                                                              0x004074f0
                                                                                                                              0x004074f8
                                                                                                                              0x004074fd
                                                                                                                              0x004074ff
                                                                                                                              0x00407502
                                                                                                                              0x00407502
                                                                                                                              0x0040751d
                                                                                                                              0x00407524
                                                                                                                              0x00000000
                                                                                                                              0x00407526
                                                                                                                              0x00000000
                                                                                                                              0x00407526
                                                                                                                              0x00000000
                                                                                                                              0x004071c2
                                                                                                                              0x004071c5
                                                                                                                              0x004071fb
                                                                                                                              0x0040732b
                                                                                                                              0x0040732b
                                                                                                                              0x0040732b
                                                                                                                              0x0040732b
                                                                                                                              0x0040732e
                                                                                                                              0x0040732e
                                                                                                                              0x00407331
                                                                                                                              0x00407333
                                                                                                                              0x004075bd
                                                                                                                              0x00000000
                                                                                                                              0x004075bd
                                                                                                                              0x00407339
                                                                                                                              0x0040733c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407342
                                                                                                                              0x00407346
                                                                                                                              0x00407349
                                                                                                                              0x00407349
                                                                                                                              0x00407349
                                                                                                                              0x00000000
                                                                                                                              0x00407349
                                                                                                                              0x004071c7
                                                                                                                              0x004071c9
                                                                                                                              0x004071cb
                                                                                                                              0x004071cd
                                                                                                                              0x004071d0
                                                                                                                              0x004071d1
                                                                                                                              0x004071d3
                                                                                                                              0x004071d5
                                                                                                                              0x004071d8
                                                                                                                              0x004071db
                                                                                                                              0x004071f1
                                                                                                                              0x004071f6
                                                                                                                              0x0040722e
                                                                                                                              0x0040722e
                                                                                                                              0x00407232
                                                                                                                              0x0040725e
                                                                                                                              0x00407260
                                                                                                                              0x00407267
                                                                                                                              0x0040726a
                                                                                                                              0x0040726d
                                                                                                                              0x0040726d
                                                                                                                              0x00407272
                                                                                                                              0x00407272
                                                                                                                              0x00407274
                                                                                                                              0x00407277
                                                                                                                              0x0040727e
                                                                                                                              0x00407281
                                                                                                                              0x004072ae
                                                                                                                              0x004072ae
                                                                                                                              0x004072b1
                                                                                                                              0x004072b4
                                                                                                                              0x00407328
                                                                                                                              0x00407328
                                                                                                                              0x00407328
                                                                                                                              0x00000000
                                                                                                                              0x00407328
                                                                                                                              0x004072b6
                                                                                                                              0x004072bc
                                                                                                                              0x004072bf
                                                                                                                              0x004072c2
                                                                                                                              0x004072c5
                                                                                                                              0x004072c8
                                                                                                                              0x004072cb
                                                                                                                              0x004072ce
                                                                                                                              0x004072d1
                                                                                                                              0x004072d4
                                                                                                                              0x004072d7
                                                                                                                              0x004072f0
                                                                                                                              0x004072f2
                                                                                                                              0x004072f5
                                                                                                                              0x004072f6
                                                                                                                              0x004072f9
                                                                                                                              0x004072fb
                                                                                                                              0x004072fe
                                                                                                                              0x00407300
                                                                                                                              0x00407302
                                                                                                                              0x00407305
                                                                                                                              0x00407307
                                                                                                                              0x0040730a
                                                                                                                              0x0040730e
                                                                                                                              0x00407310
                                                                                                                              0x00407310
                                                                                                                              0x00407311
                                                                                                                              0x00407314
                                                                                                                              0x00407317
                                                                                                                              0x004072d9
                                                                                                                              0x004072d9
                                                                                                                              0x004072e1
                                                                                                                              0x004072e6
                                                                                                                              0x004072e8
                                                                                                                              0x004072eb
                                                                                                                              0x004072eb
                                                                                                                              0x0040731a
                                                                                                                              0x00407321
                                                                                                                              0x004072ab
                                                                                                                              0x004072ab
                                                                                                                              0x004072ab
                                                                                                                              0x004072ab
                                                                                                                              0x00000000
                                                                                                                              0x00407323
                                                                                                                              0x00000000
                                                                                                                              0x00407323
                                                                                                                              0x00407321
                                                                                                                              0x00407234
                                                                                                                              0x00407237
                                                                                                                              0x00407239
                                                                                                                              0x0040723c
                                                                                                                              0x0040723f
                                                                                                                              0x00407242
                                                                                                                              0x00407244
                                                                                                                              0x00407247
                                                                                                                              0x0040724a
                                                                                                                              0x0040724a
                                                                                                                              0x0040724d
                                                                                                                              0x0040724d
                                                                                                                              0x00407250
                                                                                                                              0x00407257
                                                                                                                              0x0040722b
                                                                                                                              0x0040722b
                                                                                                                              0x0040722b
                                                                                                                              0x0040722b
                                                                                                                              0x00000000
                                                                                                                              0x00407259
                                                                                                                              0x00000000
                                                                                                                              0x00407259
                                                                                                                              0x00407257
                                                                                                                              0x004071dd
                                                                                                                              0x004071e0
                                                                                                                              0x004071e2
                                                                                                                              0x004071e5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406f44
                                                                                                                              0x00406f44
                                                                                                                              0x00406f48
                                                                                                                              0x0040758d
                                                                                                                              0x00000000
                                                                                                                              0x0040758d
                                                                                                                              0x00406f4e
                                                                                                                              0x00406f51
                                                                                                                              0x00406f54
                                                                                                                              0x00406f57
                                                                                                                              0x00406f5a
                                                                                                                              0x00406f5d
                                                                                                                              0x00406f60
                                                                                                                              0x00406f62
                                                                                                                              0x00406f65
                                                                                                                              0x00406f68
                                                                                                                              0x00406f6b
                                                                                                                              0x00406f6d
                                                                                                                              0x00406f6d
                                                                                                                              0x00406f6d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004070cf
                                                                                                                              0x004070cf
                                                                                                                              0x004070d3
                                                                                                                              0x00407599
                                                                                                                              0x00000000
                                                                                                                              0x00407599
                                                                                                                              0x004070d9
                                                                                                                              0x004070dc
                                                                                                                              0x004070df
                                                                                                                              0x004070e2
                                                                                                                              0x004070e4
                                                                                                                              0x004070e4
                                                                                                                              0x004070e4
                                                                                                                              0x004070e7
                                                                                                                              0x004070ea
                                                                                                                              0x004070ed
                                                                                                                              0x004070f0
                                                                                                                              0x004070f3
                                                                                                                              0x004070f6
                                                                                                                              0x004070f7
                                                                                                                              0x004070f9
                                                                                                                              0x004070f9
                                                                                                                              0x004070f9
                                                                                                                              0x004070fc
                                                                                                                              0x004070ff
                                                                                                                              0x00407102
                                                                                                                              0x00407105
                                                                                                                              0x00407105
                                                                                                                              0x00407105
                                                                                                                              0x00407108
                                                                                                                              0x0040710a
                                                                                                                              0x0040710a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040734c
                                                                                                                              0x0040734c
                                                                                                                              0x0040734c
                                                                                                                              0x00407350
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407356
                                                                                                                              0x00407359
                                                                                                                              0x0040735c
                                                                                                                              0x0040735f
                                                                                                                              0x00407361
                                                                                                                              0x00407361
                                                                                                                              0x00407361
                                                                                                                              0x00407364
                                                                                                                              0x00407367
                                                                                                                              0x0040736a
                                                                                                                              0x0040736d
                                                                                                                              0x00407370
                                                                                                                              0x00407373
                                                                                                                              0x00407374
                                                                                                                              0x00407376
                                                                                                                              0x00407376
                                                                                                                              0x00407376
                                                                                                                              0x00407379
                                                                                                                              0x0040737c
                                                                                                                              0x0040737f
                                                                                                                              0x00407382
                                                                                                                              0x00407385
                                                                                                                              0x00407389
                                                                                                                              0x0040738b
                                                                                                                              0x0040738e
                                                                                                                              0x00000000
                                                                                                                              0x00407390
                                                                                                                              0x0040710d
                                                                                                                              0x0040710d
                                                                                                                              0x00000000
                                                                                                                              0x0040710d
                                                                                                                              0x0040738e
                                                                                                                              0x004075c3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406bf2
                                                                                                                              0x004075fa
                                                                                                                              0x004075fa
                                                                                                                              0x00000000
                                                                                                                              0x004075fa
                                                                                                                              0x00407447
                                                                                                                              0x004073ce
                                                                                                                              0x004073cb

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b33066b9a67caffcdb2859c2a3d237c195f810e8b6f417b46283b98aba377de3
                                                                                                                              • Instruction ID: 947ff9f4813c08031b822263453b6bbc7859602ae013fffc9a74d3363ad91bbb
                                                                                                                              • Opcode Fuzzy Hash: b33066b9a67caffcdb2859c2a3d237c195f810e8b6f417b46283b98aba377de3
                                                                                                                              • Instruction Fuzzy Hash: FE713471E04228DBEF28CF98C8547ADBBB1FF44305F15806AD856BB281C778A986DF45
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00403479 Relevance: 4.6, APIs: 3, Instructions: 101COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 94%
                                                                                                                              			E00403479(intOrPtr _a4) {
				intOrPtr _t10;
				intOrPtr _t11;
				signed int _t12;
				void* _t14;
				void* _t15;
				long _t16;
				void* _t18;
				intOrPtr _t19;
				intOrPtr _t31;
				long _t32;
				intOrPtr _t34;
				intOrPtr _t36;
				void* _t37;
				intOrPtr _t49;

				_t32 =  *0x420ef4; // 0x2147f57
				_t34 = _t32 -  *0x40ce60 + _a4;
				 *0x42a26c = GetTickCount() + 0x1f4;
				if(_t34 <= 0) {
					L22:
					E0040302E(1);
					return 0;
				}
				E004035F8( *0x420f04);
				SetFilePointer( *0x40a01c,  *0x40ce60, 0, 0); // executed
				 *0x420f00 = _t34;
				 *0x420ef0 = 0;
				while(1) {
					_t10 =  *0x420ef8; // 0xadaea8
					_t31 = 0x4000;
					_t11 = _t10 -  *0x420f04;
					if(_t11 <= 0x4000) {
						_t31 = _t11;
					}
					_t12 = E004035E2(0x414ef0, _t31);
					if(_t12 == 0) {
						break;
					}
					 *0x420f04 =  *0x420f04 + _t31;
					 *0x40ce80 = 0x414ef0;
					 *0x40ce84 = _t31;
					L6:
					L6:
					if( *0x42a270 != 0 &&  *0x42a300 == 0) {
						_t19 =  *0x420f00; // 0xd340
						 *0x420ef0 = _t19 -  *0x420ef4 - _a4 +  *0x40ce60; // executed
						E0040302E(0); // executed
					}
					 *0x40ce88 = 0x40cef0;
					 *0x40ce8c = 0x8000; // executed
					_t14 = E00406BB0(0x40ce68); // executed
					if(_t14 < 0) {
						goto L20;
					}
					_t36 =  *0x40ce88; // 0x40d378
					_t37 = _t36 - 0x40cef0;
					if(_t37 == 0) {
						__eflags =  *0x40ce84; // 0x0
						if(__eflags != 0) {
							goto L20;
						}
						__eflags = _t31;
						if(_t31 == 0) {
							goto L20;
						}
						L16:
						_t16 =  *0x420ef4; // 0x2147f57
						if(_t16 -  *0x40ce60 + _a4 > 0) {
							continue;
						}
						SetFilePointer( *0x40a01c, _t16, 0, 0); // executed
						goto L22;
					}
					_t18 = E0040620A( *0x40a01c, 0x40cef0, _t37); // executed
					if(_t18 == 0) {
						_push(0xfffffffe);
						L21:
						_pop(_t15);
						return _t15;
					}
					 *0x40ce60 =  *0x40ce60 + _t37;
					_t49 =  *0x40ce84; // 0x0
					if(_t49 != 0) {
						goto L6;
					}
					goto L16;
					L20:
					_push(0xfffffffd);
					goto L21;
				}
				return _t12 | 0xffffffff;
			}

















                                                                                                                              0x0040347c
                                                                                                                              0x00403489
                                                                                                                              0x0040349c
                                                                                                                              0x004034a1
                                                                                                                              0x004035d1
                                                                                                                              0x004035d3
                                                                                                                              0x00000000
                                                                                                                              0x004035d9
                                                                                                                              0x004034ad
                                                                                                                              0x004034c0
                                                                                                                              0x004034c6
                                                                                                                              0x004034cc
                                                                                                                              0x004034d7
                                                                                                                              0x004034d7
                                                                                                                              0x004034dc
                                                                                                                              0x004034e1
                                                                                                                              0x004034e9
                                                                                                                              0x004034eb
                                                                                                                              0x004034eb
                                                                                                                              0x004034f4
                                                                                                                              0x004034fb
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403501
                                                                                                                              0x00403507
                                                                                                                              0x0040350d
                                                                                                                              0x00000000
                                                                                                                              0x00403513
                                                                                                                              0x00403519
                                                                                                                              0x00403523
                                                                                                                              0x00403539
                                                                                                                              0x0040353e
                                                                                                                              0x00403543
                                                                                                                              0x00403549
                                                                                                                              0x0040354f
                                                                                                                              0x00403559
                                                                                                                              0x00403560
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403562
                                                                                                                              0x00403568
                                                                                                                              0x0040356a
                                                                                                                              0x0040358d
                                                                                                                              0x00403593
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403595
                                                                                                                              0x00403597
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403599
                                                                                                                              0x00403599
                                                                                                                              0x004035ac
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004035bb
                                                                                                                              0x00000000
                                                                                                                              0x004035bb
                                                                                                                              0x00403574
                                                                                                                              0x0040357b
                                                                                                                              0x004035c8
                                                                                                                              0x004035ce
                                                                                                                              0x004035ce
                                                                                                                              0x00000000
                                                                                                                              0x004035ce
                                                                                                                              0x0040357d
                                                                                                                              0x00403583
                                                                                                                              0x00403589
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004035cc
                                                                                                                              0x004035cc
                                                                                                                              0x00000000
                                                                                                                              0x004035cc
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • GetTickCount.KERNEL32 ref: 0040348D
                                                                                                                                • Part of subcall function 004035F8: SetFilePointer.KERNELBASE(00000000,00000000,00000000,004032F6,?), ref: 00403606
                                                                                                                              • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,004033A3,00000004,00000000,00000000,?,?,0040331D,000000FF,00000000,00000000,?,?), ref: 004034C0
                                                                                                                              • SetFilePointer.KERNELBASE(02147F57,00000000,00000000,00414EF0,00004000,?,00000000,004033A3,00000004,00000000,00000000,?,?,0040331D,000000FF,00000000), ref: 004035BB
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FilePointer$CountTick
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1092082344-0
                                                                                                                              • Opcode ID: 7c0ab14c9ef84ee4c874d23136c95771ec66e08690032c4b640086482a56d3ee
                                                                                                                              • Instruction ID: 4a0f782daef8a724a5dada35133bb9654e3c612a62d69fcdf17392b9264be50a
                                                                                                                              • Opcode Fuzzy Hash: 7c0ab14c9ef84ee4c874d23136c95771ec66e08690032c4b640086482a56d3ee
                                                                                                                              • Instruction Fuzzy Hash: 3A31AEB2650205EFC7209F29EE848263BADF70475A755023BE900B22F1C7B59D42DB9D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00401B9B Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 59%
                                                                                                                              			E00401B9B(void* __ebx) {
				intOrPtr _t8;
				void* _t9;
				void _t12;
				void* _t14;
				void* _t22;
				void* _t25;
				void* _t30;
				char* _t32;
				void* _t33;
				void* _t34;
				void* _t37;

				_t28 = __ebx;
				_t8 =  *((intOrPtr*)(_t37 - 0x28));
				_t33 =  *0x40ce58; // 0x39cbac8
				if(_t8 == __ebx) {
					if( *((intOrPtr*)(_t37 - 0x2c)) == __ebx) {
						_t9 = GlobalAlloc(0x40, 0x804); // executed
						_t34 = _t9;
						_t5 = _t34 + 4; // 0x4
						E004066A5(__ebx, _t30, _t34, _t5,  *((intOrPtr*)(_t37 - 0x30)));
						_t12 =  *0x40ce58; // 0x39cbac8
						 *_t34 = _t12;
						 *0x40ce58 = _t34;
					} else {
						if(_t33 == __ebx) {
							 *((intOrPtr*)(_t37 - 4)) = 1;
						} else {
							_t3 = _t33 + 4; // 0x39cbacc
							E00406668(_t30, _t3);
							_push(_t33);
							 *0x40ce58 =  *_t33;
							GlobalFree();
						}
					}
					goto L15;
				} else {
					while(1) {
						_t8 = _t8 - 1;
						if(_t33 == _t28) {
							break;
						}
						_t33 =  *_t33;
						if(_t8 != _t28) {
							continue;
						} else {
							if(_t33 == _t28) {
								break;
							} else {
								_t36 = _t33 + 4;
								_t32 = L"C:\\PC:\\Users\\alfons\\AppData\\Roaming\\Winamp\\Plugins\\ml\\ml_online.ini";
								E00406668(_t32, _t33 + 4);
								_t22 =  *0x40ce58; // 0x39cbac8
								E00406668(_t36, _t22 + 4);
								_t25 =  *0x40ce58; // 0x39cbac8
								_push(_t32);
								_push(_t25 + 4);
								E00406668();
								L15:
								 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t37 - 4));
								_t14 = 0;
							}
						}
						goto L17;
					}
					_push(0x200010);
					_push(E004066A5(_t28, _t30, _t33, _t28, 0xffffffe8));
					E00405CC8();
					_t14 = 0x7fffffff;
				}
				L17:
				return _t14;
			}














                                                                                                                              0x00401b9b
                                                                                                                              0x00401b9b
                                                                                                                              0x00401b9e
                                                                                                                              0x00401ba6
                                                                                                                              0x00401bef
                                                                                                                              0x00401c1d
                                                                                                                              0x00401c26
                                                                                                                              0x00401c28
                                                                                                                              0x00401c2c
                                                                                                                              0x00401c31
                                                                                                                              0x00401c36
                                                                                                                              0x00401c38
                                                                                                                              0x00401bf1
                                                                                                                              0x00401bf3
                                                                                                                              0x0040292e
                                                                                                                              0x00401bf9
                                                                                                                              0x00401bf9
                                                                                                                              0x00401bfe
                                                                                                                              0x00401c05
                                                                                                                              0x00401c06
                                                                                                                              0x00401c0b
                                                                                                                              0x00401c0b
                                                                                                                              0x00401bf3
                                                                                                                              0x00000000
                                                                                                                              0x00401ba8
                                                                                                                              0x00401ba8
                                                                                                                              0x00401ba8
                                                                                                                              0x00401bab
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00401bb1
                                                                                                                              0x00401bb5
                                                                                                                              0x00000000
                                                                                                                              0x00401bb7
                                                                                                                              0x00401bb9
                                                                                                                              0x00000000
                                                                                                                              0x00401bbf
                                                                                                                              0x00401bbf
                                                                                                                              0x00401bc2
                                                                                                                              0x00401bc9
                                                                                                                              0x00401bce
                                                                                                                              0x00401bd8
                                                                                                                              0x00401bdd
                                                                                                                              0x00401be2
                                                                                                                              0x00401be6
                                                                                                                              0x00402a94
                                                                                                                              0x00402c2a
                                                                                                                              0x00402c2d
                                                                                                                              0x00402c33
                                                                                                                              0x00402c33
                                                                                                                              0x00401bb9
                                                                                                                              0x00000000
                                                                                                                              0x00401bb5
                                                                                                                              0x0040238a
                                                                                                                              0x00402397
                                                                                                                              0x00402398
                                                                                                                              0x0040239d
                                                                                                                              0x0040239d
                                                                                                                              0x00402c35
                                                                                                                              0x00402c39

                                                                                                                              APIs
                                                                                                                              • GlobalFree.KERNEL32 ref: 00401C0B
                                                                                                                              • GlobalAlloc.KERNELBASE(00000040,00000804), ref: 00401C1D
                                                                                                                                • Part of subcall function 004066A5: lstrcatW.KERNEL32(C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\xml\xui\titlebar,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                                                                                                • Part of subcall function 004066A5: lstrlenW.KERNEL32(C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\xml\xui\titlebar,00000000,Extract: browser.maki,?,00405701,Extract: browser.maki,00000000), ref: 004068A4
                                                                                                                              Strings
                                                                                                                              • C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\fonts\button-font-normal.png, xrefs: 00401BC2, 00401BC8, 00401BE2
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Global$AllocFreelstrcatlstrlen
                                                                                                                              • String ID: C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\fonts\button-font-normal.png
                                                                                                                              • API String ID: 3292104215-581683063
                                                                                                                              • Opcode ID: 4319b31a17754bffce461f57a5489b402a00cd847fb6eeae40cdae925115eaf0
                                                                                                                              • Instruction ID: d74cddccbdd50a14e5bf5e3e63826a63b2a65df0fd836753f00777670cd3b466
                                                                                                                              • Opcode Fuzzy Hash: 4319b31a17754bffce461f57a5489b402a00cd847fb6eeae40cdae925115eaf0
                                                                                                                              • Instruction Fuzzy Hash: 5321D872904210DBDB20EFA4DEC4E5E73A4AB047157150A3BF542F72D0D6BD9C518BAD
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040259E Relevance: 4.5, APIs: 3, Instructions: 47registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 86%
                                                                                                                              			E0040259E(int* __ebx, intOrPtr __edx, short* __edi) {
				int _t10;
				long _t13;
				int* _t16;
				intOrPtr _t21;
				short* _t22;
				void* _t24;
				void* _t26;
				void* _t29;

				_t22 = __edi;
				_t21 = __edx;
				_t16 = __ebx;
				_t24 = E00402DE6(_t29, 0x20019);
				_t10 = E00402D84(3);
				 *((intOrPtr*)(_t26 - 0x10)) = _t21;
				 *__edi = __ebx;
				if(_t24 == __ebx) {
					 *((intOrPtr*)(_t26 - 4)) = 1;
				} else {
					 *(_t26 + 8) = 0x3ff;
					if( *((intOrPtr*)(_t26 - 0x20)) == __ebx) {
						_t13 = RegEnumValueW(_t24, _t10, __edi, _t26 + 8, __ebx, __ebx, __ebx, __ebx);
						__eflags = _t13;
						if(_t13 != 0) {
							 *((intOrPtr*)(_t26 - 4)) = 1;
						}
					} else {
						RegEnumKeyW(_t24, _t10, __edi, 0x3ff);
					}
					_t22[0x3ff] = _t16;
					_push(_t24); // executed
					RegCloseKey(); // executed
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t26 - 4));
				return 0;
			}











                                                                                                                              0x0040259e
                                                                                                                              0x0040259e
                                                                                                                              0x0040259e
                                                                                                                              0x004025aa
                                                                                                                              0x004025ac
                                                                                                                              0x004025b4
                                                                                                                              0x004025b7
                                                                                                                              0x004025ba
                                                                                                                              0x0040292e
                                                                                                                              0x004025c0
                                                                                                                              0x004025c8
                                                                                                                              0x004025cb
                                                                                                                              0x004025e4
                                                                                                                              0x004025ea
                                                                                                                              0x004025ec
                                                                                                                              0x004025ee
                                                                                                                              0x004025ee
                                                                                                                              0x004025cd
                                                                                                                              0x004025d1
                                                                                                                              0x004025d1
                                                                                                                              0x004025f5
                                                                                                                              0x004025fc
                                                                                                                              0x004025fd
                                                                                                                              0x004025fd
                                                                                                                              0x00402c2d
                                                                                                                              0x00402c39

                                                                                                                              APIs
                                                                                                                              • RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 004025D1
                                                                                                                              • RegEnumValueW.ADVAPI32 ref: 004025E4
                                                                                                                              • RegCloseKey.KERNELBASE(?,?,?,Interactive User,00000000,00000011,00000002), ref: 004025FD
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Enum$CloseValue
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 397863658-0
                                                                                                                              • Opcode ID: 91b7ee3e2609278c276b7596eea9c8dfd9b7d1f13b65589bef597d58201fb2b3
                                                                                                                              • Instruction ID: fdd171a53236be04b49e80cc8c25aaf428e2db1c32e81cf7e645575326a8d696
                                                                                                                              • Opcode Fuzzy Hash: 91b7ee3e2609278c276b7596eea9c8dfd9b7d1f13b65589bef597d58201fb2b3
                                                                                                                              • Instruction Fuzzy Hash: 35017CB1A04105ABEB159F94DE58AAEB66CEF40348F10403AF501B61D0EBB85E45966D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00406AE0 Relevance: 4.5, APIs: 3, Instructions: 27synchronizationCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00406AE0(void* __ecx, void* _a4) {
				long _v8;
				long _t6;

				_t6 = WaitForSingleObject(_a4, 0x64);
				while(_t6 == 0x102) {
					E00406A71(0xf);
					_t6 = WaitForSingleObject(_a4, 0x64);
				}
				GetExitCodeProcess(_a4,  &_v8); // executed
				return _v8;
			}





                                                                                                                              0x00406af1
                                                                                                                              0x00406b08
                                                                                                                              0x00406afc
                                                                                                                              0x00406b06
                                                                                                                              0x00406b06
                                                                                                                              0x00406b13
                                                                                                                              0x00406b1f

                                                                                                                              APIs
                                                                                                                              • WaitForSingleObject.KERNEL32(?,00000064), ref: 00406AF1
                                                                                                                              • WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 00406B06
                                                                                                                              • GetExitCodeProcess.KERNELBASE ref: 00406B13
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ObjectSingleWait$CodeExitProcess
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2567322000-0
                                                                                                                              • Opcode ID: c0daa64154bb0774b0f48346674b492318025e1df3185352ae56c24ee987a067
                                                                                                                              • Instruction ID: dffe0f0baa3edeb4a8159ab808a8d66eaa88359a938bc324e0f181ad12cbd91f
                                                                                                                              • Opcode Fuzzy Hash: c0daa64154bb0774b0f48346674b492318025e1df3185352ae56c24ee987a067
                                                                                                                              • Instruction Fuzzy Hash: 36E09236600118FBDB00AB54DD05E9E7B6ADB45704F114036FA05B6190C6B1AE22DA94
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040459D Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E0040459D(int _a4) {
				long _t3;

				if(_a4 == 0x78) {
					 *0x42922c =  *0x42922c + 1;
				}
				_t3 = SendMessageW( *0x42a268, 0x408, _a4, 0); // executed
				return _t3;
			}




                                                                                                                              0x004045a2
                                                                                                                              0x004045a4
                                                                                                                              0x004045a4
                                                                                                                              0x004045bb
                                                                                                                              0x004045c1

                                                                                                                              APIs
                                                                                                                              • SendMessageW.USER32(00000408,?,00000000,004041FC), ref: 004045BB
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSend
                                                                                                                              • String ID: x
                                                                                                                              • API String ID: 3850602802-2363233923
                                                                                                                              • Opcode ID: a4e2778218c9fdeab8ae4952123a6e605dd424a78c20075fb3486bdcc909a4f1
                                                                                                                              • Instruction ID: 271d720e87c3080f9bc4c684b425461430c88a900e0fa794081ec75d4c8aeb56
                                                                                                                              • Opcode Fuzzy Hash: a4e2778218c9fdeab8ae4952123a6e605dd424a78c20075fb3486bdcc909a4f1
                                                                                                                              • Instruction Fuzzy Hash: 58C01271646200FBCB208B00EE00F067A21B7A4B02F2088B9FB81240B48A314822DB2D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00403371 Relevance: 3.1, APIs: 2, Instructions: 88COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 92%
                                                                                                                              			E00403371(void* __ecx, long _a4, intOrPtr _a8, void* _a12, long _a16) {
				long _v8;
				long _t21;
				long _t22;
				void* _t24;
				long _t26;
				int _t27;
				long _t28;
				void* _t29;
				void* _t30;
				long _t31;
				long _t32;
				long _t36;

				_t21 = _a4;
				if(_t21 >= 0) {
					_t32 = _t21 +  *0x42a2b8;
					 *0x420ef4 = _t32;
					SetFilePointer( *0x40a01c, _t32, 0, 0); // executed
				}
				_t22 = E00403479(4);
				if(_t22 >= 0) {
					_t24 = E004061DB( *0x40a01c,  &_a4, 4); // executed
					if(_t24 == 0) {
						L18:
						_push(0xfffffffd);
						goto L19;
					} else {
						 *0x420ef4 =  *0x420ef4 + 4;
						_t36 = E00403479(_a4);
						if(_t36 < 0) {
							L21:
							_t22 = _t36;
						} else {
							if(_a12 != 0) {
								_t26 = _a4;
								if(_t26 >= _a16) {
									_t26 = _a16;
								}
								_t27 = ReadFile( *0x40a01c, _a12, _t26,  &_v8, 0); // executed
								if(_t27 != 0) {
									_t36 = _v8;
									 *0x420ef4 =  *0x420ef4 + _t36;
									goto L21;
								} else {
									goto L18;
								}
							} else {
								if(_a4 <= 0) {
									goto L21;
								} else {
									while(1) {
										_t28 = _a4;
										if(_a4 >= 0x4000) {
											_t28 = 0x4000;
										}
										_v8 = _t28;
										_t29 = E004061DB( *0x40a01c, 0x414ef0, _t28); // executed
										if(_t29 == 0) {
											goto L18;
										}
										_t30 = E0040620A(_a8, 0x414ef0, _v8); // executed
										if(_t30 == 0) {
											_push(0xfffffffe);
											L19:
											_pop(_t22);
										} else {
											_t31 = _v8;
											_a4 = _a4 - _t31;
											 *0x420ef4 =  *0x420ef4 + _t31;
											_t36 = _t36 + _t31;
											if(_a4 > 0) {
												continue;
											} else {
												goto L21;
											}
										}
										goto L22;
									}
									goto L18;
								}
							}
						}
					}
				}
				L22:
				return _t22;
			}















                                                                                                                              0x00403375
                                                                                                                              0x0040337e
                                                                                                                              0x00403387
                                                                                                                              0x0040338b
                                                                                                                              0x00403396
                                                                                                                              0x00403396
                                                                                                                              0x0040339e
                                                                                                                              0x004033a5
                                                                                                                              0x004033b7
                                                                                                                              0x004033be
                                                                                                                              0x00403463
                                                                                                                              0x00403463
                                                                                                                              0x00000000
                                                                                                                              0x004033c4
                                                                                                                              0x004033c7
                                                                                                                              0x004033d3
                                                                                                                              0x004033d7
                                                                                                                              0x00403471
                                                                                                                              0x00403471
                                                                                                                              0x004033dd
                                                                                                                              0x004033e0
                                                                                                                              0x0040343f
                                                                                                                              0x00403445
                                                                                                                              0x00403447
                                                                                                                              0x00403447
                                                                                                                              0x00403459
                                                                                                                              0x00403461
                                                                                                                              0x00403468
                                                                                                                              0x0040346b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004033e2
                                                                                                                              0x004033e5
                                                                                                                              0x00000000
                                                                                                                              0x004033eb
                                                                                                                              0x004033f0
                                                                                                                              0x004033f7
                                                                                                                              0x004033fa
                                                                                                                              0x004033fc
                                                                                                                              0x004033fc
                                                                                                                              0x00403409
                                                                                                                              0x0040340c
                                                                                                                              0x00403413
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040341c
                                                                                                                              0x00403423
                                                                                                                              0x0040343b
                                                                                                                              0x00403465
                                                                                                                              0x00403465
                                                                                                                              0x00403425
                                                                                                                              0x00403425
                                                                                                                              0x00403428
                                                                                                                              0x0040342b
                                                                                                                              0x00403431
                                                                                                                              0x00403437
                                                                                                                              0x00000000
                                                                                                                              0x00403439
                                                                                                                              0x00000000
                                                                                                                              0x00403439
                                                                                                                              0x00403437
                                                                                                                              0x00000000
                                                                                                                              0x00403423
                                                                                                                              0x00000000
                                                                                                                              0x004033f0
                                                                                                                              0x004033e5
                                                                                                                              0x004033e0
                                                                                                                              0x004033d7
                                                                                                                              0x004033be
                                                                                                                              0x00403473
                                                                                                                              0x00403476

                                                                                                                              APIs
                                                                                                                              • SetFilePointer.KERNELBASE(?,00000000,00000000,00000000,00000000,?,?,0040331D,000000FF,00000000,00000000,?,?), ref: 00403396
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FilePointer
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 973152223-0
                                                                                                                              • Opcode ID: b1bf35b654f0c361909532a2badc84153f12731a676864620281ad9f652e4f28
                                                                                                                              • Instruction ID: 963a71f16df831595788c30304fa9cedbf2cad19eb63879c1ada4fe15c9ed8fa
                                                                                                                              • Opcode Fuzzy Hash: b1bf35b654f0c361909532a2badc84153f12731a676864620281ad9f652e4f28
                                                                                                                              • Instruction Fuzzy Hash: 93319F70200219EFDB129F65ED84E9A3FA8FF00355B10443AF905EA1A1D778CE51DBA9
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040252A Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 84%
                                                                                                                              			E0040252A(int* __ebx, char* __edi) {
				void* _t17;
				short* _t18;
				long _t21;
				void* _t35;
				void* _t37;
				void* _t40;

				_t33 = __edi;
				_t27 = __ebx;
				_t17 = E00402DE6(_t40, 0x20019); // executed
				_t35 = _t17;
				_t18 = E00402DA6(0x33);
				 *__edi = __ebx;
				if(_t35 == __ebx) {
					 *(_t37 - 4) = 1;
				} else {
					 *(_t37 - 0x10) = 0x800;
					_t21 = RegQueryValueExW(_t35, _t18, __ebx, _t37 + 8, __edi, _t37 - 0x10); // executed
					if(_t21 != 0) {
						L7:
						 *_t33 = _t27;
						 *(_t37 - 4) = 1;
					} else {
						if( *(_t37 + 8) == 4) {
							__eflags =  *(_t37 - 0x20) - __ebx;
							 *(_t37 - 4) = 0 |  *(_t37 - 0x20) == __ebx;
							E004065AF(__edi,  *__edi);
						} else {
							if( *(_t37 + 8) == 1 ||  *(_t37 + 8) == 2) {
								 *(_t37 - 4) =  *(_t37 - 0x20);
								_t33[0x7fe] = _t27;
							} else {
								goto L7;
							}
						}
					}
					_push(_t35); // executed
					RegCloseKey(); // executed
				}
				 *0x42a2e8 =  *0x42a2e8 +  *(_t37 - 4);
				return 0;
			}









                                                                                                                              0x0040252a
                                                                                                                              0x0040252a
                                                                                                                              0x0040252f
                                                                                                                              0x00402536
                                                                                                                              0x00402538
                                                                                                                              0x0040253f
                                                                                                                              0x00402542
                                                                                                                              0x0040292e
                                                                                                                              0x00402548
                                                                                                                              0x0040254b
                                                                                                                              0x0040255b
                                                                                                                              0x00402566
                                                                                                                              0x00402596
                                                                                                                              0x00402596
                                                                                                                              0x00402599
                                                                                                                              0x00402568
                                                                                                                              0x0040256c
                                                                                                                              0x00402585
                                                                                                                              0x0040258c
                                                                                                                              0x0040258f
                                                                                                                              0x0040256e
                                                                                                                              0x00402571
                                                                                                                              0x0040257c
                                                                                                                              0x004025f5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00402571
                                                                                                                              0x0040256c
                                                                                                                              0x004025fc
                                                                                                                              0x004025fd
                                                                                                                              0x004025fd
                                                                                                                              0x00402c2d
                                                                                                                              0x00402c39

                                                                                                                              APIs
                                                                                                                              • RegQueryValueExW.KERNELBASE(00000000,00000000,?,?,?,?,?,?,?,?,00000033), ref: 0040255B
                                                                                                                              • RegCloseKey.KERNELBASE(?,?,?,Interactive User,00000000,00000011,00000002), ref: 004025FD
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseQueryValue
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3356406503-0
                                                                                                                              • Opcode ID: 6a8ec2809d4675c6f0e16cb7776b62bce3f2a37e76b53da777b7f2e3d9c2fca9
                                                                                                                              • Instruction ID: eaee0c709954dca67eb2d1c59e66f6ca2c08a593dad46a4828cc6951ae7b5872
                                                                                                                              • Opcode Fuzzy Hash: 6a8ec2809d4675c6f0e16cb7776b62bce3f2a37e76b53da777b7f2e3d9c2fca9
                                                                                                                              • Instruction Fuzzy Hash: 5C116D71900219EBDF14DFA4DE589AE7774FF04345B20443BE401B62D0E7B88A45EB5D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 69%
                                                                                                                              			E00401389(signed int _a4, struct HWND__* _a10) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x42a290;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if(_a10 != 0) {
						 *0x42924c =  *0x42924c + _t12;
						SendMessageW(_a10, 0x402, MulDiv( *0x42924c, 0x7530,  *0x429234), 0); // executed
					}
				}
				return 0;
			}










                                                                                                                              0x0040138a
                                                                                                                              0x004013fa
                                                                                                                              0x0040139b
                                                                                                                              0x004013a0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004013a2
                                                                                                                              0x004013a3
                                                                                                                              0x004013ad
                                                                                                                              0x00000000
                                                                                                                              0x00401404
                                                                                                                              0x004013b0
                                                                                                                              0x004013b7
                                                                                                                              0x004013bd
                                                                                                                              0x004013be
                                                                                                                              0x004013c0
                                                                                                                              0x004013c2
                                                                                                                              0x004013b9
                                                                                                                              0x004013b9
                                                                                                                              0x004013ba
                                                                                                                              0x004013ba
                                                                                                                              0x004013c9
                                                                                                                              0x004013cb
                                                                                                                              0x004013f4
                                                                                                                              0x004013f4
                                                                                                                              0x004013c9
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                              • SendMessageW.USER32(?,00000402,00000000), ref: 004013F4
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSend
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3850602802-0
                                                                                                                              • Opcode ID: 09e122a9c5ca6d14e20a0c17f6d9bb0c47d9e5f073d0cae9cf8d248ab6fa9320
                                                                                                                              • Instruction ID: af17251ef12b8b272b5eaf8d1bef107274ce64b6e67bb2dd4604cf2723900e86
                                                                                                                              • Opcode Fuzzy Hash: 09e122a9c5ca6d14e20a0c17f6d9bb0c47d9e5f073d0cae9cf8d248ab6fa9320
                                                                                                                              • Instruction Fuzzy Hash: 6F012831724220EBEB295B389D05B6A3698E710714F10857FF855F76F1E678CC029B6D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00401EDE Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • ShowWindow.USER32(00000000,00000000), ref: 00401EFC
                                                                                                                              • KiUserCallbackDispatcher.NTDLL(00000000,00000000), ref: 00401F07
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CallbackDispatcherShowUserWindow
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 82835404-0
                                                                                                                              • Opcode ID: d682e64da976263d74778dcd61bd470f9ad8341d2b96c4d867934af8fae03e48
                                                                                                                              • Instruction ID: 74d914ea4967392a65d1c9fdd8f91c6329c2dde8704c14122971abf6b6e16597
                                                                                                                              • Opcode Fuzzy Hash: d682e64da976263d74778dcd61bd470f9ad8341d2b96c4d867934af8fae03e48
                                                                                                                              • Instruction Fuzzy Hash: 14E0D872908201CFE705EBA4EE485AD73F0EF40315710097FE401F11D0DBB54C00862D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405C4B Relevance: 3.0, APIs: 2, Instructions: 24processCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00405C4B(WCHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x426750->cb = 0x44;
				_t7 = CreateProcessW(0, _a4, 0, 0, 0, 0x4000000, 0, 0, 0x426750,  &_v20); // executed
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                                                                                              0x00405c54
                                                                                                                              0x00405c74
                                                                                                                              0x00405c7c
                                                                                                                              0x00405c81
                                                                                                                              0x00000000
                                                                                                                              0x00405c87
                                                                                                                              0x00405c8b

                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseCreateHandleProcess
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3712363035-0
                                                                                                                              • Opcode ID: ab61a979a714f7ec4effc1a78875f568a822f35fd178278bd28005db307d5d14
                                                                                                                              • Instruction ID: 91309136e62a13352d93043ad9bb7922807806bb2ea2f765c8e9c4a894a003d9
                                                                                                                              • Opcode Fuzzy Hash: ab61a979a714f7ec4effc1a78875f568a822f35fd178278bd28005db307d5d14
                                                                                                                              • Instruction Fuzzy Hash: 59E0B6B4600209BFFB109B64EE09F7B7BADFB04648F414565BD51F2190D778A8158A78
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00406A35 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00406A35(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a410);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a410));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a414));
				}
				_t5 = E004069C5(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                                                                                                              0x00406a3d
                                                                                                                              0x00406a40
                                                                                                                              0x00406a47
                                                                                                                              0x00406a4f
                                                                                                                              0x00406a5b
                                                                                                                              0x00000000
                                                                                                                              0x00406a62
                                                                                                                              0x00406a52
                                                                                                                              0x00406a59
                                                                                                                              0x00000000
                                                                                                                              0x00406a6a
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • GetModuleHandleA.KERNEL32(?,00000020,?,00403750,0000000B), ref: 00406A47
                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 00406A62
                                                                                                                                • Part of subcall function 004069C5: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004069DC
                                                                                                                                • Part of subcall function 004069C5: wsprintfW.USER32 ref: 00406A17
                                                                                                                                • Part of subcall function 004069C5: LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406A2B
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2547128583-0
                                                                                                                              • Opcode ID: a89557e88259ac32882439a66efe2bded2b7fe37332f597cb2162f61758b0433
                                                                                                                              • Instruction ID: 0464b4a7853edb7079d0776797c383171681067eb8499b99987f1e8ea9f8efb8
                                                                                                                              • Opcode Fuzzy Hash: a89557e88259ac32882439a66efe2bded2b7fe37332f597cb2162f61758b0433
                                                                                                                              • Instruction Fuzzy Hash: E0E086727042106AD210A6745D08D3773E8ABC6711307883EF557F2040D738DC359A79
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00402C05 Relevance: 3.0, APIs: 2, Instructions: 21windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00402C05(signed int __eax) {
				RECT* _t10;
				signed int _t12;
				void* _t16;

				_t12 =  *0x425748; // 0x1
				SendMessageW( *(_t16 - 8), 0xb, _t12 & __eax, _t10); // executed
				if( *((intOrPtr*)(_t16 - 0x30)) != _t10) {
					InvalidateRect( *(_t16 - 8), _t10, _t10);
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t16 - 4));
				return 0;
			}






                                                                                                                              0x00402c05
                                                                                                                              0x00402c14
                                                                                                                              0x00402c1d
                                                                                                                              0x00402c24
                                                                                                                              0x00402c24
                                                                                                                              0x00402c2d
                                                                                                                              0x00402c39

                                                                                                                              APIs
                                                                                                                              • SendMessageW.USER32(?,0000000B,00000001), ref: 00402C14
                                                                                                                              • InvalidateRect.USER32(?), ref: 00402C24
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InvalidateMessageRectSend
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 909852535-0
                                                                                                                              • Opcode ID: f432a0a30971dc187192fe2491b4b63328d533872b60b8ab23492fb2b34197a6
                                                                                                                              • Instruction ID: c061831bd97a7b49b699665abee3b6b910fafb94a2d14f64d6e35fdc86e4b588
                                                                                                                              • Opcode Fuzzy Hash: f432a0a30971dc187192fe2491b4b63328d533872b60b8ab23492fb2b34197a6
                                                                                                                              • Instruction Fuzzy Hash: 36E08C72700408FFEB11CBA4EE84DAEB7B9FB40315F00007AF502A00A0D7300D51CA28
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00406158 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 68%
                                                                                                                              			E00406158(WCHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesW(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileW(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                                                                                              0x0040615c
                                                                                                                              0x00406169
                                                                                                                              0x0040617e
                                                                                                                              0x00406184

                                                                                                                              APIs
                                                                                                                              • GetFileAttributesW.KERNELBASE(00000003,00403113,C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe,80000000,00000003), ref: 0040615C
                                                                                                                              • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: File$AttributesCreate
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 415043291-0
                                                                                                                              • Opcode ID: bc48b18717e6d0ecb647aea7fc0ab07bebcbb2e2e3a0bd9572a83b91cd6509df
                                                                                                                              • Instruction ID: 0e1b57c135d9ed337dcee0f1630d7a3ffd6699826ab823f4ff8c6da5104765b0
                                                                                                                              • Opcode Fuzzy Hash: bc48b18717e6d0ecb647aea7fc0ab07bebcbb2e2e3a0bd9572a83b91cd6509df
                                                                                                                              • Instruction Fuzzy Hash: DCD09E71254201AFEF0D8F20DF16F2E7AA2EB94B04F11952CB682940E1DAB15C15AB19
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00406133 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00406133(WCHAR* _a4) {
				signed char _t3;
				signed char _t7;

				_t3 = GetFileAttributesW(_a4); // executed
				_t7 = _t3;
				if(_t7 != 0xffffffff) {
					SetFileAttributesW(_a4, _t3 & 0x000000fe); // executed
				}
				return _t7;
			}





                                                                                                                              0x00406138
                                                                                                                              0x0040613e
                                                                                                                              0x00406143
                                                                                                                              0x0040614c
                                                                                                                              0x0040614c
                                                                                                                              0x00406155

                                                                                                                              APIs
                                                                                                                              • GetFileAttributesW.KERNELBASE(?,?,00405D38,?,?,00000000,00405F0E,?,?,?,?), ref: 00406138
                                                                                                                              • SetFileAttributesW.KERNELBASE(?,00000000), ref: 0040614C
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AttributesFile
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3188754299-0
                                                                                                                              • Opcode ID: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                                                              • Instruction ID: 3e6336b5c460747e2e1e0fbe3c4db8defb42c0044e1a92967a1d29a512d2a4bc
                                                                                                                              • Opcode Fuzzy Hash: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                                                              • Instruction Fuzzy Hash: 73D0C972514130ABC2102728AE0889ABB56EB64271B014A35F9A5A62B0CB304C628A98
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405C16 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00405C16(WCHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryW(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                                                                                                              0x00405c1c
                                                                                                                              0x00405c24
                                                                                                                              0x00000000
                                                                                                                              0x00405c2a
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • CreateDirectoryW.KERNELBASE(?,00000000,00403633,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405C1C
                                                                                                                              • GetLastError.KERNEL32 ref: 00405C2A
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateDirectoryErrorLast
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1375471231-0
                                                                                                                              • Opcode ID: 3d774f31bfc7c5d70b6f8c035fc875d1b29c99f0800ffc9da4ab7b914865a185
                                                                                                                              • Instruction ID: 66e62c5d6c7775ff4cea72667941029308d228c48495a605f612c1d2d9e1fc74
                                                                                                                              • Opcode Fuzzy Hash: 3d774f31bfc7c5d70b6f8c035fc875d1b29c99f0800ffc9da4ab7b914865a185
                                                                                                                              • Instruction Fuzzy Hash: FBC04C31218605AEE7605B219F0CB177A94DB50741F114839E186F40A0DA788455D92D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 6F562B98 Relevance: 1.6, APIs: 1, Instructions: 143COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • CreateWindowExW.USER32(00000000), ref: 6F562C57
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.699435220.000000006F561000.00000020.00000001.01000000.00000004.sdmp, Offset: 6F560000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.699425612.000000006F560000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699447140.000000006F564000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699455238.000000006F566000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6f560000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateWindow
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 716092398-0
                                                                                                                              • Opcode ID: 79a52c712088d91b3ea04c8678abadc4edd37c69dbf0076fe19494d6535d73cc
                                                                                                                              • Instruction ID: eef543b546ba95d07635f0c9dc5108f9e9c75843b27634e3a645a5221cf15610
                                                                                                                              • Opcode Fuzzy Hash: 79a52c712088d91b3ea04c8678abadc4edd37c69dbf0076fe19494d6535d73cc
                                                                                                                              • Instruction Fuzzy Hash: DE419E71544704EBDF11DF6CDA44B693B74EB89338F208935E5208A272D738EC95CBA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004023B2 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004023B2(int __eax, WCHAR* __ebx) {
				WCHAR* _t11;
				WCHAR* _t13;
				void* _t17;
				int _t21;

				_t11 = __ebx;
				_t5 = __eax;
				_t13 = 0;
				if(__eax != __ebx) {
					__eax = E00402DA6(__ebx);
				}
				if( *((intOrPtr*)(_t17 - 0x2c)) != _t11) {
					_t13 = E00402DA6(0x11);
				}
				if( *((intOrPtr*)(_t17 - 0x20)) != _t11) {
					_t11 = E00402DA6(0x22);
				}
				_t5 = WritePrivateProfileStringW(0, _t13, _t11, E00402DA6(0xffffffcd)); // executed
				_t21 = _t5;
				if(_t21 == 0) {
					 *((intOrPtr*)(_t17 - 4)) = 1;
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t17 - 4));
				return 0;
			}







                                                                                                                              0x004023b2
                                                                                                                              0x004023b2
                                                                                                                              0x004023b4
                                                                                                                              0x004023b8
                                                                                                                              0x004023bb
                                                                                                                              0x004023c0
                                                                                                                              0x004023c5
                                                                                                                              0x004023ce
                                                                                                                              0x004023ce
                                                                                                                              0x004023d3
                                                                                                                              0x004023dc
                                                                                                                              0x004023dc
                                                                                                                              0x004023e9
                                                                                                                              0x004015b4
                                                                                                                              0x004015b6
                                                                                                                              0x0040292e
                                                                                                                              0x0040292e
                                                                                                                              0x00402c2d
                                                                                                                              0x00402c39

                                                                                                                              APIs
                                                                                                                              • WritePrivateProfileStringW.KERNEL32(00000000,00000000,?,00000000), ref: 004023E9
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: PrivateProfileStringWrite
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 390214022-0
                                                                                                                              • Opcode ID: 498f41ba95d1dc934bc83887be66b3af98def7cf3aba53834c7129a1bd888199
                                                                                                                              • Instruction ID: de4cb5ca612a6b97b91745c8380e1d92b079ec7b797fcdaf288f77766e75fad7
                                                                                                                              • Opcode Fuzzy Hash: 498f41ba95d1dc934bc83887be66b3af98def7cf3aba53834c7129a1bd888199
                                                                                                                              • Instruction Fuzzy Hash: FAE04F31900124BBDF603AB11F8DEAE205C6FC6744B18013EF911BA1C2E9FC8C4146AD
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00406503 Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00406503(void* __eflags, intOrPtr _a4, short* _a8, int _a12, void** _a16) {
				void* _t7;
				long _t8;
				void* _t9;

				_t7 = E00406454(_a4,  &_a12);
				if(_t7 != 0) {
					_t8 = RegCreateKeyExW(_t7, _a8, 0, 0, 0, _a12, 0, _a16, 0); // executed
					return _t8;
				}
				_t9 = 6;
				return _t9;
			}






                                                                                                                              0x0040650d
                                                                                                                              0x00406516
                                                                                                                              0x0040652c
                                                                                                                              0x00000000
                                                                                                                              0x0040652c
                                                                                                                              0x0040651a
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402E57,00000000,?,?), ref: 0040652C
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Create
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2289755597-0
                                                                                                                              • Opcode ID: f0170b29b94a961cdf0cc122a920c286c7e5b726b195fdee8f598fb45efbb6e4
                                                                                                                              • Instruction ID: 390987c888b9fe28ccc3a202ccefe0e129b8fdbaba7b34d45eb5723cdb444700
                                                                                                                              • Opcode Fuzzy Hash: f0170b29b94a961cdf0cc122a920c286c7e5b726b195fdee8f598fb45efbb6e4
                                                                                                                              • Instruction Fuzzy Hash: C1E0ECB2010109BEEF099F90EC0ADBB372DEB04704F41492EF907E4091E6B5AE70AA34
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040620A Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E0040620A(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                                                              0x0040620e
                                                                                                                              0x0040621e
                                                                                                                              0x00406226
                                                                                                                              0x00000000
                                                                                                                              0x0040622d
                                                                                                                              0x00000000
                                                                                                                              0x0040622f

                                                                                                                              APIs
                                                                                                                              • WriteFile.KERNELBASE(?,00000000,00000000,00000000,00000000,0040D378,0040CEF0,00403579,0040CEF0,0040D378,00414EF0,00004000,?,00000000,004033A3,00000004), ref: 0040621E
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FileWrite
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3934441357-0
                                                                                                                              • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                                                              • Instruction ID: 398385dbb58ca0a44fa402a726e0ab0b2131cea3ae709c8a1b666252059dd88a
                                                                                                                              • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                                                              • Instruction Fuzzy Hash: F6E08632141129EBCF10AE548C00EEB375CFB01350F014476F955E3040D330E93087A5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004061DB Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004061DB(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                                                              0x004061df
                                                                                                                              0x004061ef
                                                                                                                              0x004061f7
                                                                                                                              0x00000000
                                                                                                                              0x004061fe
                                                                                                                              0x00000000
                                                                                                                              0x00406200

                                                                                                                              APIs
                                                                                                                              • ReadFile.KERNELBASE(?,00000000,00000000,00000000,00000000,00414EF0,0040CEF0,004035F5,?,?,004034F9,00414EF0,00004000,?,00000000,004033A3), ref: 004061EF
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FileRead
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2738559852-0
                                                                                                                              • Opcode ID: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                                                              • Instruction ID: 689b8facb1381159ac92aeccc4703b7db47ce2620db9a14c340ec3ef8a35c8b1
                                                                                                                              • Opcode Fuzzy Hash: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                                                              • Instruction Fuzzy Hash: C1E0863250021AABDF10AE518C04AEB375CEB01360F014477F922E2150D230E82187E8
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 6F562A7F Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			_entry_(intOrPtr _a4, intOrPtr _a8) {

				 *0x6f565048 = _a4;
				if(_a8 == 1) {
					VirtualProtect(0x6f56505c, 4, 0x40, 0x6f56504c); // executed
					 *0x6f56505c = 0xc2;
					 *0x6f56504c = 0;
					 *0x6f565054 = 0;
					 *0x6f565068 = 0;
					 *0x6f565058 = 0;
					 *0x6f565050 = 0;
					 *0x6f565060 = 0;
					 *0x6f56505e = 0;
				}
				return 1;
			}



                                                                                                                              0x6f562a88
                                                                                                                              0x6f562a8d
                                                                                                                              0x6f562a9d
                                                                                                                              0x6f562aa5
                                                                                                                              0x6f562aac
                                                                                                                              0x6f562ab1
                                                                                                                              0x6f562ab6
                                                                                                                              0x6f562abb
                                                                                                                              0x6f562ac0
                                                                                                                              0x6f562ac5
                                                                                                                              0x6f562aca
                                                                                                                              0x6f562aca
                                                                                                                              0x6f562ad2

                                                                                                                              APIs
                                                                                                                              • VirtualProtect.KERNELBASE(6F56505C,00000004,00000040,6F56504C), ref: 6F562A9D
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.699435220.000000006F561000.00000020.00000001.01000000.00000004.sdmp, Offset: 6F560000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.699425612.000000006F560000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699447140.000000006F564000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699455238.000000006F566000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6f560000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ProtectVirtual
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 544645111-0
                                                                                                                              • Opcode ID: 84889994d230d05f14fe1b2bc92a5e62ec653d672d69fef1010cfe0474228ddf
                                                                                                                              • Instruction ID: 08a04e1fa08c6a3fecbddf8733f2cda1b8c87ceaa93d89fa814c790e3af1b075
                                                                                                                              • Opcode Fuzzy Hash: 84889994d230d05f14fe1b2bc92a5e62ec653d672d69fef1010cfe0474228ddf
                                                                                                                              • Instruction Fuzzy Hash: D1F0A5B0584A81DECB51CF2DC7447293FE0B70A334F16452AE1B8D6262E374CC68CB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004023F4 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004023F4(short __ebx) {
				short _t7;
				WCHAR* _t8;
				WCHAR* _t17;
				void* _t21;
				void* _t24;

				_t7 =  *0x40a010; // 0xa
				 *(_t21 + 8) = _t7;
				_t8 = E00402DA6(1);
				 *(_t21 - 0x10) = E00402DA6(0x12);
				GetPrivateProfileStringW(_t8,  *(_t21 - 0x10), _t21 + 8, _t17, 0x3ff, E00402DA6(0xffffffdd)); // executed
				_t24 =  *_t17 - 0xa;
				if(_t24 == 0) {
					 *((intOrPtr*)(_t21 - 4)) = 1;
					 *_t17 = __ebx;
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t21 - 4));
				return 0;
			}








                                                                                                                              0x004023f4
                                                                                                                              0x004023fb
                                                                                                                              0x004023fe
                                                                                                                              0x0040240e
                                                                                                                              0x00402425
                                                                                                                              0x0040242b
                                                                                                                              0x00401751
                                                                                                                              0x004028fc
                                                                                                                              0x00402903
                                                                                                                              0x00402903
                                                                                                                              0x00402c2d
                                                                                                                              0x00402c39

                                                                                                                              APIs
                                                                                                                              • GetPrivateProfileStringW.KERNEL32(00000000,?,?,?,000003FF,00000000), ref: 00402425
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: PrivateProfileString
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1096422788-0
                                                                                                                              • Opcode ID: 7d71ac8ddd31db18f378b319f763d6172168bca54096192b0f97eaa7b6b6bd09
                                                                                                                              • Instruction ID: 209997e2e20356d43fdb77e3237b303e11e03b8f2c16ee2f2baf27e4b220ec87
                                                                                                                              • Opcode Fuzzy Hash: 7d71ac8ddd31db18f378b319f763d6172168bca54096192b0f97eaa7b6b6bd09
                                                                                                                              • Instruction Fuzzy Hash: 05E01A30C00229FADB10AFA0CD09EAD3668BF41340F14052AF510AA0D1E7F889409789
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004064D5 Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004064D5(void* __eflags, intOrPtr _a4, short* _a8, int _a12, void** _a16) {
				void* _t7;
				long _t8;
				void* _t9;

				_t7 = E00406454(_a4,  &_a12);
				if(_t7 != 0) {
					_t8 = RegOpenKeyExW(_t7, _a8, 0, _a12, _a16); // executed
					return _t8;
				}
				_t9 = 6;
				return _t9;
			}






                                                                                                                              0x004064df
                                                                                                                              0x004064e6
                                                                                                                              0x004064f9
                                                                                                                              0x00000000
                                                                                                                              0x004064f9
                                                                                                                              0x004064ea
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,?,?,?,?,?,00406563,?,00000000,?,?,C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\xml\xui\titlebar,?), ref: 004064F9
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Open
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 71445658-0
                                                                                                                              • Opcode ID: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                                                                                              • Instruction ID: 5036765eb4ab6e58186d81024f5778724aa2024cd81e2e1d5ca813995cf5404a
                                                                                                                              • Opcode Fuzzy Hash: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                                                                                              • Instruction Fuzzy Hash: BAD0123210020DBBDF115F90AD01FAB375DAB08310F018426FE06A4092D775D534A728
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004045C4 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004045C4(intOrPtr _a12) {
				intOrPtr _v0;
				struct HWND__* _v4;
				int _t7;
				void* _t8;
				void* _t9;
				void* _t10;

				_t7 = SetDlgItemTextW(_v4, _v0 + 0x3e8, E004066A5(_t8, _t9, _t10, 0, _a12)); // executed
				return _t7;
			}









                                                                                                                              0x004045de
                                                                                                                              0x004045e3

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 004066A5: lstrcatW.KERNEL32(C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\xml\xui\titlebar,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                                                                                                • Part of subcall function 004066A5: lstrlenW.KERNEL32(C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\xml\xui\titlebar,00000000,Extract: browser.maki,?,00405701,Extract: browser.maki,00000000), ref: 004068A4
                                                                                                                              • SetDlgItemTextW.USER32 ref: 004045DE
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ItemTextlstrcatlstrlen
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 281422827-0
                                                                                                                              • Opcode ID: 73b3e70f26523695344aa313222f8106b15ff01fe64d2e6c86eba35ea0453547
                                                                                                                              • Instruction ID: ac81fd1055ba0297197cac3df011722fda0f302089e5b839fe348bc6695a069d
                                                                                                                              • Opcode Fuzzy Hash: 73b3e70f26523695344aa313222f8106b15ff01fe64d2e6c86eba35ea0453547
                                                                                                                              • Instruction Fuzzy Hash: 77C04C7554C300BFE641A755CC42F1FB799EF94319F04C92EB19DE11D1C63984309A2A
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00404610 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00404610(int _a4) {
				struct HWND__* _t2;
				long _t3;

				_t2 =  *0x429238;
				if(_t2 != 0) {
					_t3 = SendMessageW(_t2, _a4, 0, 0); // executed
					return _t3;
				}
				return _t2;
			}





                                                                                                                              0x00404610
                                                                                                                              0x00404617
                                                                                                                              0x00404622
                                                                                                                              0x00000000
                                                                                                                              0x00404622
                                                                                                                              0x00404628

                                                                                                                              APIs
                                                                                                                              • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404622
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSend
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3850602802-0
                                                                                                                              • Opcode ID: 8557fc69485774ba4641c6a2d2b4437b1a5152abf7221d5f63999a85994ee7b6
                                                                                                                              • Instruction ID: 1d0f09303225af8c469e983b8f6ba21d59f3f36861eec243a4bc5be8392dea83
                                                                                                                              • Opcode Fuzzy Hash: 8557fc69485774ba4641c6a2d2b4437b1a5152abf7221d5f63999a85994ee7b6
                                                                                                                              • Instruction Fuzzy Hash: 9EC09B71741700FBDE209B509F45F077794A754701F154979B741F60E0D775D410D62D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004035F8 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004035F8(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}




                                                                                                                              0x00403606
                                                                                                                              0x0040360c

                                                                                                                              APIs
                                                                                                                              • SetFilePointer.KERNELBASE(00000000,00000000,00000000,004032F6,?), ref: 00403606
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FilePointer
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 973152223-0
                                                                                                                              • Opcode ID: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                                                              • Instruction ID: 036c8468b6dd2e012b37e6e875261c5f60c7cf4634656b07e897873a541603b6
                                                                                                                              • Opcode Fuzzy Hash: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                                                              • Instruction Fuzzy Hash: 1FB01231140304BFDA214F10DF09F067B21BB94700F20C034B384380F086711435EB0D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004045F9 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004045F9(int _a4) {
				long _t2;

				_t2 = SendMessageW( *0x42a268, 0x28, _a4, 1); // executed
				return _t2;
			}




                                                                                                                              0x00404607
                                                                                                                              0x0040460d

                                                                                                                              APIs
                                                                                                                              • SendMessageW.USER32(00000028,?,00000001,00404424), ref: 00404607
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSend
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3850602802-0
                                                                                                                              • Opcode ID: 70666cfd2db8a5712e0e3ed728d50a5e19955e25533eceda6abdc0f56bdf790a
                                                                                                                              • Instruction ID: 26063d6d883ff380d2e1d7f9fe2b9d631bf033e6200e0a233fd0d302f8c02db7
                                                                                                                              • Opcode Fuzzy Hash: 70666cfd2db8a5712e0e3ed728d50a5e19955e25533eceda6abdc0f56bdf790a
                                                                                                                              • Instruction Fuzzy Hash: 5BB01235286A00FBDE614B00DE09F457E62F764B01F048078F741240F0CAB300B5DF19
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004045E6 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004045E6(int _a4) {
				int _t2;

				_t2 = EnableWindow( *0x423744, _a4); // executed
				return _t2;
			}




                                                                                                                              0x004045f0
                                                                                                                              0x004045f6

                                                                                                                              APIs
                                                                                                                              • KiUserCallbackDispatcher.NTDLL(?,004043BD), ref: 004045F0
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CallbackDispatcherUser
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2492992576-0
                                                                                                                              • Opcode ID: b9cabee76f1705efe6df0b682491f715d60f75bd340f366a7093c5de42737780
                                                                                                                              • Instruction ID: 97f05af551d2e904d84950d91e3a9b28448307360fbef328a82585e9573e9e03
                                                                                                                              • Opcode Fuzzy Hash: b9cabee76f1705efe6df0b682491f715d60f75bd340f366a7093c5de42737780
                                                                                                                              • Instruction Fuzzy Hash: DBA001B6604500ABDE129F61EF09D0ABB72EBA4B02B418579A28590034CA365961FB1D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00401FA4 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 78%
                                                                                                                              			E00401FA4(void* __ecx) {
				void* _t9;
				intOrPtr _t13;
				void* _t15;
				void* _t17;
				void* _t20;
				void* _t22;

				_t17 = __ecx;
				_t19 = E00402DA6(_t15);
				E004056CA(0xffffffeb, _t7); // executed
				_t9 = E00405C4B(_t19); // executed
				_t20 = _t9;
				if(_t20 == _t15) {
					 *((intOrPtr*)(_t22 - 4)) = 1;
				} else {
					if( *((intOrPtr*)(_t22 - 0x28)) != _t15) {
						_t13 = E00406AE0(_t17, _t20); // executed
						if( *((intOrPtr*)(_t22 - 0x2c)) < _t15) {
							if(_t13 != _t15) {
								 *((intOrPtr*)(_t22 - 4)) = 1;
							}
						} else {
							E004065AF( *((intOrPtr*)(_t22 - 0xc)), _t13);
						}
					}
					_push(_t20);
					CloseHandle();
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t22 - 4));
				return 0;
			}









                                                                                                                              0x00401fa4
                                                                                                                              0x00401faa
                                                                                                                              0x00401faf
                                                                                                                              0x00401fb5
                                                                                                                              0x00401fba
                                                                                                                              0x00401fbe
                                                                                                                              0x0040292e
                                                                                                                              0x00401fc4
                                                                                                                              0x00401fc7
                                                                                                                              0x00401fca
                                                                                                                              0x00401fd2
                                                                                                                              0x00401fe1
                                                                                                                              0x00401fe3
                                                                                                                              0x00401fe3
                                                                                                                              0x00401fd4
                                                                                                                              0x00401fd8
                                                                                                                              0x00401fd8
                                                                                                                              0x00401fd2
                                                                                                                              0x00401fea
                                                                                                                              0x00401feb
                                                                                                                              0x00401feb
                                                                                                                              0x00402c2d
                                                                                                                              0x00402c39

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 004056CA: lstrlenW.KERNEL32(Extract: browser.maki,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                                                                                • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,Extract: browser.maki,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                                                                                • Part of subcall function 004056CA: lstrcatW.KERNEL32(Extract: browser.maki,004030A8), ref: 00405725
                                                                                                                                • Part of subcall function 004056CA: SetWindowTextW.USER32(Extract: browser.maki,Extract: browser.maki), ref: 00405737
                                                                                                                                • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                                                                • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                                                                                • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                                                                • Part of subcall function 00405C4B: CreateProcessW.KERNELBASE ref: 00405C74
                                                                                                                                • Part of subcall function 00405C4B: CloseHandle.KERNEL32(?), ref: 00405C81
                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401FEB
                                                                                                                                • Part of subcall function 00406AE0: WaitForSingleObject.KERNEL32(?,00000064), ref: 00406AF1
                                                                                                                                • Part of subcall function 00406AE0: GetExitCodeProcess.KERNELBASE ref: 00406B13
                                                                                                                                • Part of subcall function 004065AF: wsprintfW.USER32 ref: 004065BC
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2972824698-0
                                                                                                                              • Opcode ID: be70b333b8743e6c9d68ceabe193374a022c2ed9f238f46f73b0b0e70594bc10
                                                                                                                              • Instruction ID: 7fe263eab699b123ac8c37dffe14ee58438593542e676086741668bd6549bbba
                                                                                                                              • Opcode Fuzzy Hash: be70b333b8743e6c9d68ceabe193374a022c2ed9f238f46f73b0b0e70594bc10
                                                                                                                              • Instruction Fuzzy Hash: 3DF09072905112EBDF21BBA59AC4DAE76A4DF01318B25453BE102B21E0D77C4E528A6E
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004014D7 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004014D7(intOrPtr __edx) {
				long _t3;
				void* _t7;
				intOrPtr _t10;
				void* _t13;

				_t10 = __edx;
				_t3 = E00402D84(_t7);
				 *((intOrPtr*)(_t13 - 0x10)) = _t10;
				if(_t3 <= 1) {
					_t3 = 1;
				}
				Sleep(_t3); // executed
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t13 - 4));
				return 0;
			}







                                                                                                                              0x004014d7
                                                                                                                              0x004014d8
                                                                                                                              0x004014e1
                                                                                                                              0x004014e4
                                                                                                                              0x004014e8
                                                                                                                              0x004014e8
                                                                                                                              0x004014ea
                                                                                                                              0x00402c2d
                                                                                                                              0x00402c39

                                                                                                                              APIs
                                                                                                                              • Sleep.KERNELBASE(00000000), ref: 004014EA
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Sleep
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3472027048-0
                                                                                                                              • Opcode ID: b1c326c608d934edba5287c2ab9886205131f3591e80fc453df13221f151a9a0
                                                                                                                              • Instruction ID: bbd52a04332822db077aadb4670005be58b9dadf0e212328a8e92bdd2ddecc01
                                                                                                                              • Opcode Fuzzy Hash: b1c326c608d934edba5287c2ab9886205131f3591e80fc453df13221f151a9a0
                                                                                                                              • Instruction Fuzzy Hash: 1BD05E73A141018BD714EBB8BE8545E73A8EB503193208837D442E1191E6788896861C
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 6F5612BB Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E6F5612BB() {
				void* _t3;

				_t3 = GlobalAlloc(0x40,  *0x6f56506c +  *0x6f56506c); // executed
				return _t3;
			}




                                                                                                                              0x6f5612c5
                                                                                                                              0x6f5612cb

                                                                                                                              APIs
                                                                                                                              • GlobalAlloc.KERNELBASE(00000040,?,6F5612DB,?,6F56137F,00000019,6F5611CA,-000000A0), ref: 6F5612C5
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.699435220.000000006F561000.00000020.00000001.01000000.00000004.sdmp, Offset: 6F560000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.699425612.000000006F560000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699447140.000000006F564000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699455238.000000006F566000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6f560000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AllocGlobal
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3761449716-0
                                                                                                                              • Opcode ID: af0dfdbb9d93a205c99e6ec560599cd975a5cddeaa74e2bf8bedef5c7d01ecd1
                                                                                                                              • Instruction ID: f1dfbfeaad9648b8c4933496d568a8a74b21152a25b02ad59c1e8e7342bdb80d
                                                                                                                              • Opcode Fuzzy Hash: af0dfdbb9d93a205c99e6ec560599cd975a5cddeaa74e2bf8bedef5c7d01ecd1
                                                                                                                              • Instruction Fuzzy Hash: 4AB01270A40400DFEE008B6CCE06F353B54F701331F054000F610C4191C120DC248534
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Non-executed Functions

                                                                                                                              Function 004021AA Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 67%
                                                                                                                              			E004021AA(void* __eflags) {
				signed int _t52;
				void* _t56;
				intOrPtr* _t60;
				intOrPtr _t61;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t68;
				intOrPtr* _t70;
				intOrPtr* _t72;
				intOrPtr* _t74;
				intOrPtr* _t76;
				intOrPtr* _t78;
				intOrPtr* _t80;
				void* _t83;
				intOrPtr* _t91;
				signed int _t101;
				signed int _t105;
				void* _t107;

				 *((intOrPtr*)(_t107 - 0x10)) = E00402DA6(0xfffffff0);
				 *((intOrPtr*)(_t107 - 0x44)) = E00402DA6(0xffffffdf);
				 *((intOrPtr*)(_t107 - 8)) = E00402DA6(2);
				 *((intOrPtr*)(_t107 - 0x4c)) = E00402DA6(0xffffffcd);
				 *((intOrPtr*)(_t107 - 0xc)) = E00402DA6(0x45);
				_t52 =  *(_t107 - 0x20);
				 *(_t107 - 0x50) = _t52 & 0x00000fff;
				_t101 = _t52 & 0x00008000;
				_t105 = _t52 >> 0x0000000c & 0x00000007;
				 *(_t107 - 0x40) = _t52 >> 0x00000010 & 0x0000ffff;
				if(E00405FAE( *((intOrPtr*)(_t107 - 0x44))) == 0) {
					E00402DA6(0x21);
				}
				_t56 = _t107 + 8;
				__imp__CoCreateInstance(0x4084e4, _t83, 1, 0x4084d4, _t56);
				if(_t56 < _t83) {
					L14:
					 *((intOrPtr*)(_t107 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t60 =  *((intOrPtr*)(_t107 + 8));
					_t61 =  *((intOrPtr*)( *_t60))(_t60, 0x4084f4, _t107 - 0x38);
					 *((intOrPtr*)(_t107 - 0x18)) = _t61;
					if(_t61 >= _t83) {
						_t64 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)(_t107 - 0x18)) =  *((intOrPtr*)( *_t64 + 0x50))(_t64,  *((intOrPtr*)(_t107 - 0x44)));
						if(_t101 == _t83) {
							_t80 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t80 + 0x24))(_t80, L"C:\\Program Files (x86)\\Winamp\\Plugins\\freeform\\xml\\winamp\\thinger");
						}
						if(_t105 != _t83) {
							_t78 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t78 + 0x3c))(_t78, _t105);
						}
						_t66 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t66 + 0x34))(_t66,  *(_t107 - 0x40));
						_t91 =  *((intOrPtr*)(_t107 - 0x4c));
						if( *_t91 != _t83) {
							_t76 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t76 + 0x44))(_t76, _t91,  *(_t107 - 0x50));
						}
						_t68 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t68 + 0x2c))(_t68,  *((intOrPtr*)(_t107 - 8)));
						_t70 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t70 + 0x1c))(_t70,  *((intOrPtr*)(_t107 - 0xc)));
						if( *((intOrPtr*)(_t107 - 0x18)) >= _t83) {
							_t74 =  *((intOrPtr*)(_t107 - 0x38));
							 *((intOrPtr*)(_t107 - 0x18)) =  *((intOrPtr*)( *_t74 + 0x18))(_t74,  *((intOrPtr*)(_t107 - 0x10)), 1);
						}
						_t72 =  *((intOrPtr*)(_t107 - 0x38));
						 *((intOrPtr*)( *_t72 + 8))(_t72);
					}
					_t62 =  *((intOrPtr*)(_t107 + 8));
					 *((intOrPtr*)( *_t62 + 8))(_t62);
					if( *((intOrPtr*)(_t107 - 0x18)) >= _t83) {
						_push(0xfffffff4);
					} else {
						goto L14;
					}
				}
				E00401423();
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t107 - 4));
				return 0;
			}






















                                                                                                                              0x004021b3
                                                                                                                              0x004021bd
                                                                                                                              0x004021c7
                                                                                                                              0x004021d1
                                                                                                                              0x004021dc
                                                                                                                              0x004021df
                                                                                                                              0x004021f9
                                                                                                                              0x004021fc
                                                                                                                              0x00402202
                                                                                                                              0x00402205
                                                                                                                              0x0040220f
                                                                                                                              0x00402213
                                                                                                                              0x00402213
                                                                                                                              0x00402218
                                                                                                                              0x00402229
                                                                                                                              0x00402231
                                                                                                                              0x004022e8
                                                                                                                              0x004022e8
                                                                                                                              0x004022ef
                                                                                                                              0x00402237
                                                                                                                              0x00402237
                                                                                                                              0x00402246
                                                                                                                              0x0040224a
                                                                                                                              0x0040224d
                                                                                                                              0x00402253
                                                                                                                              0x00402261
                                                                                                                              0x00402264
                                                                                                                              0x00402266
                                                                                                                              0x00402271
                                                                                                                              0x00402271
                                                                                                                              0x00402276
                                                                                                                              0x00402278
                                                                                                                              0x0040227f
                                                                                                                              0x0040227f
                                                                                                                              0x00402282
                                                                                                                              0x0040228b
                                                                                                                              0x0040228e
                                                                                                                              0x00402294
                                                                                                                              0x00402296
                                                                                                                              0x004022a0
                                                                                                                              0x004022a0
                                                                                                                              0x004022a3
                                                                                                                              0x004022ac
                                                                                                                              0x004022af
                                                                                                                              0x004022b8
                                                                                                                              0x004022be
                                                                                                                              0x004022c0
                                                                                                                              0x004022ce
                                                                                                                              0x004022ce
                                                                                                                              0x004022d1
                                                                                                                              0x004022d7
                                                                                                                              0x004022d7
                                                                                                                              0x004022da
                                                                                                                              0x004022e0
                                                                                                                              0x004022e6
                                                                                                                              0x004022fb
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004022e6
                                                                                                                              0x004022f1
                                                                                                                              0x00402c2d
                                                                                                                              0x00402c39

                                                                                                                              APIs
                                                                                                                              • CoCreateInstance.OLE32(004084E4,?,00000001,004084D4,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402229
                                                                                                                              Strings
                                                                                                                              • C:\Program Files (x86)\Winamp\Plugins\freeform\xml\winamp\thinger, xrefs: 00402269
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateInstance
                                                                                                                              • String ID: C:\Program Files (x86)\Winamp\Plugins\freeform\xml\winamp\thinger
                                                                                                                              • API String ID: 542301482-2093909717
                                                                                                                              • Opcode ID: 4e8b9e8d9efc1323b126c51a2f9450484e7b2217165b473e9f4f1a567a0bf10e
                                                                                                                              • Instruction ID: f110e38d5ccd8909b9e85e2ea6b1342c5fae2602ce40754bea02e3b472428d32
                                                                                                                              • Opcode Fuzzy Hash: 4e8b9e8d9efc1323b126c51a2f9450484e7b2217165b473e9f4f1a567a0bf10e
                                                                                                                              • Instruction Fuzzy Hash: BC411771A00209EFCF40DFE4C989E9D7BB5BF49304B20456AF505EB2D1DB799981CB94
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040290B Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 39%
                                                                                                                              			E0040290B(short __ebx, short* __edi) {
				void* _t21;

				if(FindFirstFileW(E00402DA6(2), _t21 - 0x2dc) != 0xffffffff) {
					E004065AF( *((intOrPtr*)(_t21 - 0xc)), _t8);
					_push(_t21 - 0x2b0);
					_push(__edi);
					E00406668();
				} else {
					 *((short*)( *((intOrPtr*)(_t21 - 0xc)))) = __ebx;
					 *__edi = __ebx;
					 *((intOrPtr*)(_t21 - 4)) = 1;
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t21 - 4));
				return 0;
			}




                                                                                                                              0x00402923
                                                                                                                              0x0040293e
                                                                                                                              0x00402949
                                                                                                                              0x0040294a
                                                                                                                              0x00402a94
                                                                                                                              0x00402925
                                                                                                                              0x00402928
                                                                                                                              0x0040292b
                                                                                                                              0x0040292e
                                                                                                                              0x0040292e
                                                                                                                              0x00402c2d
                                                                                                                              0x00402c39

                                                                                                                              APIs
                                                                                                                              • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 0040291A
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FileFindFirst
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1974802433-0
                                                                                                                              • Opcode ID: 81649c9ef60b362743358cc04841f69d280dec374dabcafdd230337d8cd45dd0
                                                                                                                              • Instruction ID: b84bdfeecc4e8c0803ac0e71b8711fc90ef1d688bdc4be786e729a17b55638d3
                                                                                                                              • Opcode Fuzzy Hash: 81649c9ef60b362743358cc04841f69d280dec374dabcafdd230337d8cd45dd0
                                                                                                                              • Instruction Fuzzy Hash: 47F05E71A04105EBDB01DBB4EE49AAEB378EF14314F60457BE101F21D0E7B88E529B29
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 6F551000 Relevance: 49.2, APIs: 25, Strings: 3, Instructions: 216windowstringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 75%
                                                                                                                              			E6F551000(struct HWND__* _a4, intOrPtr _a8, signed short _a12) {
				struct HWND__* _v0;
				int _v4;
				struct tagLOGFONTW _v100;
				intOrPtr _t32;
				void* _t33;
				void* _t37;
				signed int _t39;
				int _t49;
				int _t59;
				void* _t76;
				long _t78;
				struct HWND__* _t85;
				signed int _t88;
				int _t96;
				signed int _t98;
				struct HWND__* _t99;

				_t32 = _a8;
				_v100.lfWidth = 0;
				if(_t32 == 0) {
					_t33 =  *0x6f55302c;
					if(_t33 != 0) {
						DeleteObject(_t33);
					}
					L29:
					return 1;
				}
				_t37 = _t32 - 0x10e;
				if(_t37 == 0) {
					_t39 =  *0x6f553038 - 1;
					_t85 = _a4;
					if(_t39 < 0) {
						L20:
						_push(0);
						_push(0);
						_push(0x14e);
						L21:
						SendDlgItemMessageW(_t85, 0x3ea, ??, ??, ??);
						SetDlgItemTextW(_t85, 0x3ef, 0x6f553060);
						SetWindowTextW(_t85, 0x6f554080);
						SendDlgItemMessageW(_t85, 0x3f0, 0x170, LoadIconW(GetModuleHandleW(0), 0x67), 0);
						if( *0x6f553040 != 0 && E6F55154E(0x6f553860) == 0) {
							_v0 = E6F5515F5(0x6f553860);
							_t49 = E6F55154E(0x6f553860);
							if(_t49 == 0) {
								_v100.lfEscapement = _v100.lfEscapement & _t49;
								_t88 = 0x16;
								_t24 =  &(_v100.lfOrientation); // 0x6f553860
								memset(_t24, _t49, _t88 << 2);
								if(lstrcmpW(0x6f553860, 0x6f553000) != 0) {
									_v100.lfHeight =  ~(MulDiv(_v4, GetDeviceCaps(GetDC(_t85), 0x5a), 0x48));
									lstrcpyW( &(_v100.lfFaceName), 0x6f553860);
									_t59 = CreateFontIndirectW( &_v100);
									_push(1);
									_push(_t59);
									 *0x6f55302c = _t59;
									_t96 = 0x30;
									SendMessageW(_t85, 0x6f553860, ??, ??);
									SendDlgItemMessageW(_t85, 1, 0x6f553860,  *0x6f55302c, 1);
									SendDlgItemMessageW(_t85, 2, 0x6f553860,  *0x6f55302c, 1);
									SendDlgItemMessageW(_t85, 0x3ea, 0x6f553860,  *0x6f55302c, 1);
									SendDlgItemMessageW(_t85, 0x3ef, _t96,  *0x6f55302c, 1);
								}
							}
						}
						ShowWindow(_t85, 5);
						goto L29;
					}
					_t98 = _t39 + _t39 * 2 << 2;
					_a4 = _t39 + 1;
					do {
						SendDlgItemMessageW(_t85, 0x3ea, 0x151, SendDlgItemMessageW(_t85, 0x3ea, 0x143, 0,  *(_t98 +  *0x6f55303c)),  *(_t98 +  *0x6f55303c + 4));
						if(lstrcmpW( *(_t98 +  *0x6f55303c + 4), E6F5515D4(0x18)) == 0) {
							_v100.lfWidth =  *(_t98 +  *0x6f55303c);
						}
						_t98 = _t98 - 0xc;
						_t17 =  &_a4;
						 *_t17 = _a4 - 1;
					} while ( *_t17 != 0);
					if(_v100.lfWidth == 0) {
						goto L20;
					}
					_push(_v100.lfWidth);
					_push(0xffffffff);
					_push(0x14d);
					goto L21;
				}
				if(_t37 != 1) {
					return 0;
				}
				_t76 = (_a12 & 0x0000ffff) - 1;
				if(_t76 == 0) {
					_t99 = _a4;
					_t78 = SendDlgItemMessageW(_t99, 0x3ea, 0x150, SendDlgItemMessageW(_t99, 0x3ea, 0x147, 0, 0), 0);
					if(_t78 == 0xffffffff || _t78 == 0) {
						_push(0x6f55301c);
					} else {
						_push(_t78);
					}
					E6F55158E();
					EndDialog(_t99, 0);
					goto L7;
				} else {
					if(_t76 != 1) {
						goto L29;
					}
					E6F55158E(0x6f55301c);
					EndDialog(_v0, 0);
					L7:
					goto L29;
				}
			}



















                                                                                                                              0x6f55100c
                                                                                                                              0x6f55100e
                                                                                                                              0x6f551012
                                                                                                                              0x6f55125f
                                                                                                                              0x6f551266
                                                                                                                              0x6f551269
                                                                                                                              0x6f551269
                                                                                                                              0x6f55126f
                                                                                                                              0x00000000
                                                                                                                              0x6f551271
                                                                                                                              0x6f551018
                                                                                                                              0x6f55101d
                                                                                                                              0x6f55109f
                                                                                                                              0x6f5510a1
                                                                                                                              0x6f5510ac
                                                                                                                              0x6f551124
                                                                                                                              0x6f551124
                                                                                                                              0x6f551126
                                                                                                                              0x6f551128
                                                                                                                              0x6f55112d
                                                                                                                              0x6f55112f
                                                                                                                              0x6f55113c
                                                                                                                              0x6f551148
                                                                                                                              0x6f55116d
                                                                                                                              0x6f551175
                                                                                                                              0x6f551195
                                                                                                                              0x6f551199
                                                                                                                              0x6f5511a0
                                                                                                                              0x6f5511a6
                                                                                                                              0x6f5511ac
                                                                                                                              0x6f5511ad
                                                                                                                              0x6f5511b1
                                                                                                                              0x6f5511c6
                                                                                                                              0x6f5511eb
                                                                                                                              0x6f5511f5
                                                                                                                              0x6f551200
                                                                                                                              0x6f551206
                                                                                                                              0x6f551208
                                                                                                                              0x6f55120b
                                                                                                                              0x6f551210
                                                                                                                              0x6f551213
                                                                                                                              0x6f551225
                                                                                                                              0x6f551233
                                                                                                                              0x6f551240
                                                                                                                              0x6f551251
                                                                                                                              0x6f551251
                                                                                                                              0x6f5511c6
                                                                                                                              0x6f5511a0
                                                                                                                              0x6f551256
                                                                                                                              0x00000000
                                                                                                                              0x6f55125c
                                                                                                                              0x6f5510b1
                                                                                                                              0x6f5510b5
                                                                                                                              0x6f5510b9
                                                                                                                              0x6f5510de
                                                                                                                              0x6f5510f9
                                                                                                                              0x6f551103
                                                                                                                              0x6f551103
                                                                                                                              0x6f551107
                                                                                                                              0x6f55110a
                                                                                                                              0x6f55110a
                                                                                                                              0x6f55110a
                                                                                                                              0x6f551115
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f551117
                                                                                                                              0x6f55111b
                                                                                                                              0x6f55111d
                                                                                                                              0x00000000
                                                                                                                              0x6f55111d
                                                                                                                              0x6f551020
                                                                                                                              0x00000000
                                                                                                                              0x6f551022
                                                                                                                              0x6f55102e
                                                                                                                              0x6f55102f
                                                                                                                              0x6f551053
                                                                                                                              0x6f551077
                                                                                                                              0x6f55107c
                                                                                                                              0x6f551085
                                                                                                                              0x6f551082
                                                                                                                              0x6f551082
                                                                                                                              0x6f551082
                                                                                                                              0x6f55108a
                                                                                                                              0x6f551048
                                                                                                                              0x00000000
                                                                                                                              0x6f551031
                                                                                                                              0x6f551032
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f55103d
                                                                                                                              0x6f551048
                                                                                                                              0x6f551048
                                                                                                                              0x00000000
                                                                                                                              0x6f551048

                                                                                                                              APIs
                                                                                                                              • EndDialog.USER32(?,00000000), ref: 6F551048
                                                                                                                              • SendDlgItemMessageW.USER32 ref: 6F5510CA
                                                                                                                              • SendDlgItemMessageW.USER32 ref: 6F5510DE
                                                                                                                              • lstrcmpW.KERNEL32(?,00000000,00000018), ref: 6F5510F1
                                                                                                                              • SendDlgItemMessageW.USER32 ref: 6F55112F
                                                                                                                              • SetDlgItemTextW.USER32 ref: 6F55113C
                                                                                                                              • SetWindowTextW.USER32(?,6F554080), ref: 6F551148
                                                                                                                              • GetModuleHandleW.KERNEL32(00000000,00000067,00000000), ref: 6F551154
                                                                                                                              • LoadIconW.USER32(00000000), ref: 6F55115B
                                                                                                                              • SendDlgItemMessageW.USER32 ref: 6F55116D
                                                                                                                              • lstrcmpW.KERNEL32(6F553860,6F553000,6F553860,6F553860,6F553860), ref: 6F5511BE
                                                                                                                              • GetDC.USER32(?), ref: 6F5511D1
                                                                                                                              • GetDeviceCaps.GDI32(00000000), ref: 6F5511D8
                                                                                                                              • DeleteObject.GDI32(?), ref: 6F551269
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.699400709.000000006F551000.00000020.00000001.01000000.00000005.sdmp, Offset: 6F550000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.699392280.000000006F550000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699408399.000000006F552000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699416568.000000006F555000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6f550000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Item$MessageSend$Textlstrcmp$CapsDeleteDeviceDialogHandleIconLoadModuleObjectWindow
                                                                                                                              • String ID: `8Uo$`8Uo$`8Uo`8Uo
                                                                                                                              • API String ID: 2402727592-3260761342
                                                                                                                              • Opcode ID: a3ac8ed48f759013589680ce29cfcb17d961ac0c5482bb76c56a898449e8511c
                                                                                                                              • Instruction ID: 3e3300ad64091c676edfecd5feb268a1daa7ac0e0485f45651956854c3a283f2
                                                                                                                              • Opcode Fuzzy Hash: a3ac8ed48f759013589680ce29cfcb17d961ac0c5482bb76c56a898449e8511c
                                                                                                                              • Instruction Fuzzy Hash: 4E61A171644704BBEA119F75CD49F6B3EAEEB86B60F110526F215D90E0D674EC38CB21
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 6F3A10EF Relevance: 33.4, APIs: 12, Strings: 7, Instructions: 113stringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 58%
                                                                                                                              			E6F3A10EF(void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				short _v16;
				intOrPtr _v40;
				WCHAR* _v48;
				long _v60;
				WCHAR* _v64;
				WCHAR* _v80;
				void _v88;
				char _v92;
				signed int _t33;
				signed char _t34;
				WCHAR* _t35;
				int _t38;
				int _t43;
				signed int _t49;
				void* _t56;

				_t49 = 0x12;
				memset( &_v88, 0, _t49 << 2);
				 *0x6f3a615c = _a8;
				 *0x6f3a6160 = _a16;
				 *0x6f3a6164 = _a12;
				_v88 = _a4;
				_v92 = 0x4c;
				_v80 = 0x6f3a4920;
				_v64 = 0x6f3a5128;
				_v60 = 0x400;
				_v40 = 0x82000;
				E6F3A1E4E( &_v16, 5);
				E6F3A1E4E(0x6f3a5128, 0x400);
				E6F3A1E4E(0x6f3a4920, 0x400);
				_t33 = lstrcmpiW( &_v16, L"save");
				asm("sbb edi, edi");
				_t56 =  ~_t33 + 1;
				_t34 = GetFileAttributesW(0x6f3a5128);
				if(_t34 != 0xffffffff && (_t34 & 0x00000010) != 0) {
					lstrcpyW(0x6f3a5928, 0x6f3a5128);
					 *0x6f3a5128 =  *0x6f3a5128 & 0x00000000;
					_v48 = 0x6f3a5928;
				}
				if( *0x6f3a4920 == 0) {
					lstrcpyW(0x6f3a4920, L"All Files|*.*");
				}
				_t35 = 0x6f3a4920;
				if( *0x6f3a4920 != 0) {
					do {
						if( *_t35 != 0x7c) {
							_t35 = CharNextW(_t35);
						} else {
							 *_t35 =  *_t35 & 0x00000000;
							_t35 =  &(_t35[1]);
						}
					} while ( *_t35 != 0);
				}
				_t35[1] = _t35[1] & 0x00000000;
				GetCurrentDirectoryW(0x400, 0x6f3a4120);
				_push( &_v92);
				if(_t56 == 0) {
					_t38 = GetOpenFileNameW();
				} else {
					_t38 = GetSaveFileNameW();
				}
				if(_t38 != 0) {
					L19:
					_push(0x6f3a5128);
				} else {
					if(CommDlgExtendedError() != 0x3002) {
						L20:
						_push(0x6f3a4118);
					} else {
						 *0x6f3a5128 =  *0x6f3a5128 & 0x00000000;
						_push( &_v92);
						if(_t56 == 0) {
							_t43 = GetOpenFileNameW();
						} else {
							_t43 = GetSaveFileNameW();
						}
						if(_t43 == 0) {
							goto L20;
						} else {
							goto L19;
						}
					}
				}
				E6F3A1E9C();
				return SetCurrentDirectoryW(??);
			}


















                                                                                                                              0x6f3a10fa
                                                                                                                              0x6f3a1105
                                                                                                                              0x6f3a110f
                                                                                                                              0x6f3a1117
                                                                                                                              0x6f3a111f
                                                                                                                              0x6f3a1127
                                                                                                                              0x6f3a1135
                                                                                                                              0x6f3a113c
                                                                                                                              0x6f3a113f
                                                                                                                              0x6f3a1142
                                                                                                                              0x6f3a1145
                                                                                                                              0x6f3a114c
                                                                                                                              0x6f3a1153
                                                                                                                              0x6f3a115a
                                                                                                                              0x6f3a1168
                                                                                                                              0x6f3a1177
                                                                                                                              0x6f3a1179
                                                                                                                              0x6f3a117a
                                                                                                                              0x6f3a1183
                                                                                                                              0x6f3a1193
                                                                                                                              0x6f3a1199
                                                                                                                              0x6f3a11a1
                                                                                                                              0x6f3a11a1
                                                                                                                              0x6f3a11b0
                                                                                                                              0x6f3a11b8
                                                                                                                              0x6f3a11b8
                                                                                                                              0x6f3a11c6
                                                                                                                              0x6f3a11c8
                                                                                                                              0x6f3a11ca
                                                                                                                              0x6f3a11ce
                                                                                                                              0x6f3a11d9
                                                                                                                              0x6f3a11d0
                                                                                                                              0x6f3a11d0
                                                                                                                              0x6f3a11d5
                                                                                                                              0x6f3a11d5
                                                                                                                              0x6f3a11df
                                                                                                                              0x6f3a11ca
                                                                                                                              0x6f3a11e5
                                                                                                                              0x6f3a11f1
                                                                                                                              0x6f3a1202
                                                                                                                              0x6f3a1203
                                                                                                                              0x6f3a120d
                                                                                                                              0x6f3a1205
                                                                                                                              0x6f3a1205
                                                                                                                              0x6f3a1205
                                                                                                                              0x6f3a1211
                                                                                                                              0x6f3a123e
                                                                                                                              0x6f3a123e
                                                                                                                              0x6f3a1213
                                                                                                                              0x6f3a121e
                                                                                                                              0x6f3a1245
                                                                                                                              0x6f3a1245
                                                                                                                              0x6f3a1220
                                                                                                                              0x6f3a1220
                                                                                                                              0x6f3a122d
                                                                                                                              0x6f3a122e
                                                                                                                              0x6f3a1238
                                                                                                                              0x6f3a1230
                                                                                                                              0x6f3a1230
                                                                                                                              0x6f3a1230
                                                                                                                              0x6f3a123c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f3a123c
                                                                                                                              0x6f3a121e
                                                                                                                              0x6f3a124a
                                                                                                                              0x6f3a125a

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 6F3A1E4E: lstrcpynW.KERNEL32(6F3A1054,?,?,?,6F3A1054,?), ref: 6F3A1E7B
                                                                                                                                • Part of subcall function 6F3A1E4E: GlobalFree.KERNEL32 ref: 6F3A1E8B
                                                                                                                              • lstrcmpiW.KERNEL32(?,save,6F3A4920,00000400,6F3A5128,00000400,?,00000005), ref: 6F3A1168
                                                                                                                              • GetFileAttributesW.KERNEL32(6F3A5128), ref: 6F3A117A
                                                                                                                              • lstrcpyW.KERNEL32 ref: 6F3A1193
                                                                                                                              • lstrcpyW.KERNEL32 ref: 6F3A11B8
                                                                                                                              • CharNextW.USER32(6F3A4920), ref: 6F3A11D9
                                                                                                                              • GetCurrentDirectoryW.KERNEL32(00000400,6F3A4120), ref: 6F3A11F1
                                                                                                                              • GetSaveFileNameW.COMDLG32(0000004C), ref: 6F3A1205
                                                                                                                              • GetOpenFileNameW.COMDLG32(0000004C), ref: 6F3A120D
                                                                                                                              • CommDlgExtendedError.COMDLG32 ref: 6F3A1213
                                                                                                                              • GetSaveFileNameW.COMDLG32(0000004C), ref: 6F3A1230
                                                                                                                              • GetOpenFileNameW.COMDLG32(0000004C), ref: 6F3A1238
                                                                                                                              • SetCurrentDirectoryW.KERNEL32(6F3A4120,6F3A5128), ref: 6F3A1250
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.699359362.000000006F3A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6F3A0000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.699351571.000000006F3A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699369720.000000006F3A3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699377071.000000006F3A4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699384845.000000006F3A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6f3a0000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: File$Name$CurrentDirectoryOpenSavelstrcpy$AttributesCharCommErrorExtendedFreeGlobalNextlstrcmpilstrcpyn
                                                                                                                              • String ID: A:o$ I:o$(Q:o$(Y:o$All Files|*.*$L$save
                                                                                                                              • API String ID: 3853173656-2954715484
                                                                                                                              • Opcode ID: 8a6a19b4f948e1dbaf18b3a5cc4a06191681b4f0547c0eca352e859e8567c3e7
                                                                                                                              • Instruction ID: d320677c7907c314f31ed57659c84b4a8540073c571a0e6c1aab31125e7a28eb
                                                                                                                              • Opcode Fuzzy Hash: 8a6a19b4f948e1dbaf18b3a5cc4a06191681b4f0547c0eca352e859e8567c3e7
                                                                                                                              • Instruction Fuzzy Hash: 3441A275900708EBDB45EF6BC849A9E7BBCFB46365F004129E812E6284DB3798648F64
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004062AE Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 130memorystringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004062AE(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t12;
				long _t24;
				char* _t31;
				int _t37;
				void* _t38;
				intOrPtr* _t39;
				long _t42;
				WCHAR* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;

				_t38 = __ecx;
				_t44 =  *(_t52 + 0x14);
				 *0x426de8 = 0x55004e;
				 *0x426dec = 0x4c;
				if(_t44 == 0) {
					L3:
					_t2 = _t52 + 0x1c; // 0x4275e8
					_t12 = GetShortPathNameW( *_t2, 0x4275e8, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						_t37 = wsprintfA(0x4269e8, "%ls=%ls\r\n", 0x426de8, 0x4275e8);
						_t53 = _t52 + 0x10;
						E004066A5(_t37, 0x400, 0x4275e8, 0x4275e8,  *((intOrPtr*)( *0x42a270 + 0x128)));
						_t12 = E00406158(0x4275e8, 0xc0000000, 4);
						_t48 = _t12;
						 *(_t53 + 0x18) = _t48;
						if(_t48 != 0xffffffff) {
							_t42 = GetFileSize(_t48, 0);
							_t6 = _t37 + 0xa; // 0xa
							_t46 = GlobalAlloc(0x40, _t42 + _t6);
							if(_t46 == 0 || E004061DB(_t48, _t46, _t42) == 0) {
								L18:
								return CloseHandle(_t48);
							} else {
								if(E004060BD(_t38, _t46, "[Rename]\r\n") != 0) {
									_t49 = E004060BD(_t38, _t21 + 0xa, "\n[");
									if(_t49 == 0) {
										_t48 =  *(_t53 + 0x18);
										L16:
										_t24 = _t42;
										L17:
										E00406113(_t24 + _t46, 0x4269e8, _t37);
										SetFilePointer(_t48, 0, 0, 0);
										E0040620A(_t48, _t46, _t42 + _t37);
										GlobalFree(_t46);
										goto L18;
									}
									_t39 = _t46 + _t42;
									_t31 = _t39 + _t37;
									while(_t39 > _t49) {
										 *_t31 =  *_t39;
										_t31 = _t31 - 1;
										_t39 = _t39 - 1;
									}
									_t24 = _t49 - _t46 + 1;
									_t48 =  *(_t53 + 0x18);
									goto L17;
								}
								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
								_t42 = _t42 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E00406158(_t44, 0, 1));
					_t12 = GetShortPathNameW(_t44, 0x426de8, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						goto L3;
					}
				}
				return _t12;
			}



















                                                                                                                              0x004062ae
                                                                                                                              0x004062b7
                                                                                                                              0x004062be
                                                                                                                              0x004062c8
                                                                                                                              0x004062dc
                                                                                                                              0x00406304
                                                                                                                              0x0040630b
                                                                                                                              0x0040630f
                                                                                                                              0x00406313
                                                                                                                              0x00406333
                                                                                                                              0x0040633a
                                                                                                                              0x00406344
                                                                                                                              0x00406351
                                                                                                                              0x00406356
                                                                                                                              0x0040635b
                                                                                                                              0x0040635f
                                                                                                                              0x0040636e
                                                                                                                              0x00406370
                                                                                                                              0x0040637d
                                                                                                                              0x00406381
                                                                                                                              0x0040641c
                                                                                                                              0x00000000
                                                                                                                              0x00406397
                                                                                                                              0x004063a4
                                                                                                                              0x004063c8
                                                                                                                              0x004063cc
                                                                                                                              0x004063eb
                                                                                                                              0x004063ef
                                                                                                                              0x004063ef
                                                                                                                              0x004063f1
                                                                                                                              0x004063fa
                                                                                                                              0x00406405
                                                                                                                              0x00406410
                                                                                                                              0x00406416
                                                                                                                              0x00000000
                                                                                                                              0x00406416
                                                                                                                              0x004063ce
                                                                                                                              0x004063d1
                                                                                                                              0x004063dc
                                                                                                                              0x004063d8
                                                                                                                              0x004063da
                                                                                                                              0x004063db
                                                                                                                              0x004063db
                                                                                                                              0x004063e3
                                                                                                                              0x004063e5
                                                                                                                              0x00000000
                                                                                                                              0x004063e5
                                                                                                                              0x004063af
                                                                                                                              0x004063b5
                                                                                                                              0x00000000
                                                                                                                              0x004063b5
                                                                                                                              0x00406381
                                                                                                                              0x0040635f
                                                                                                                              0x004062de
                                                                                                                              0x004062e9
                                                                                                                              0x004062f2
                                                                                                                              0x004062f6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004062f6
                                                                                                                              0x00406427

                                                                                                                              APIs
                                                                                                                              • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,00406449,?,?), ref: 004062E9
                                                                                                                              • GetShortPathNameW.KERNEL32 ref: 004062F2
                                                                                                                                • Part of subcall function 004060BD: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060CD
                                                                                                                                • Part of subcall function 004060BD: lstrlenA.KERNEL32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060FF
                                                                                                                              • GetShortPathNameW.KERNEL32 ref: 0040630F
                                                                                                                              • wsprintfA.USER32 ref: 0040632D
                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,004275E8,C0000000,00000004,004275E8,?,?,?,?,?), ref: 00406368
                                                                                                                              • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00406377
                                                                                                                              • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004063AF
                                                                                                                              • SetFilePointer.KERNEL32(0040A5B0,00000000,00000000,00000000,00000000,004269E8,00000000,-0000000A,0040A5B0,00000000,[Rename],00000000,00000000,00000000), ref: 00406405
                                                                                                                              • GlobalFree.KERNEL32 ref: 00406416
                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0040641D
                                                                                                                                • Part of subcall function 00406158: GetFileAttributesW.KERNELBASE(00000003,00403113,C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe,80000000,00000003), ref: 0040615C
                                                                                                                                • Part of subcall function 00406158: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                              • String ID: %ls=%ls$[Rename]$mB$uB$uB
                                                                                                                              • API String ID: 2171350718-2295842750
                                                                                                                              • Opcode ID: 07ea5d3dd502240bf86d0c298f94c43ad2335bec49c481c59c36197298e6ebad
                                                                                                                              • Instruction ID: df9b4e9fb9d32bd4c250032a1d399944af7a2e4c2f0bdec2b7d3959d12e60cc8
                                                                                                                              • Opcode Fuzzy Hash: 07ea5d3dd502240bf86d0c298f94c43ad2335bec49c481c59c36197298e6ebad
                                                                                                                              • Instruction Fuzzy Hash: B8314331200315BBD2206B619D49F5B3AACEF85704F16003BFD02FA2C2EA7DD82186BD
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 90%
                                                                                                                              			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x42a270;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectW( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextW(_t128, 0x429260, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x42a268;
				}
				return DefWindowProcW(_a4, _a8, _a12, _t102);
			}













                                                                                                                              0x0040100a
                                                                                                                              0x00401039
                                                                                                                              0x00401047
                                                                                                                              0x0040104d
                                                                                                                              0x00401051
                                                                                                                              0x0040105b
                                                                                                                              0x00401061
                                                                                                                              0x00401064
                                                                                                                              0x004010f3
                                                                                                                              0x00401089
                                                                                                                              0x0040108c
                                                                                                                              0x004010a6
                                                                                                                              0x004010bd
                                                                                                                              0x004010cc
                                                                                                                              0x004010cf
                                                                                                                              0x004010d5
                                                                                                                              0x004010d9
                                                                                                                              0x004010e4
                                                                                                                              0x004010ed
                                                                                                                              0x004010ef
                                                                                                                              0x004010ef
                                                                                                                              0x00401100
                                                                                                                              0x00401105
                                                                                                                              0x0040110d
                                                                                                                              0x00401110
                                                                                                                              0x00401112
                                                                                                                              0x00401118
                                                                                                                              0x0040111f
                                                                                                                              0x00401126
                                                                                                                              0x00401130
                                                                                                                              0x00401142
                                                                                                                              0x00401156
                                                                                                                              0x00401160
                                                                                                                              0x00401165
                                                                                                                              0x00401165
                                                                                                                              0x00401110
                                                                                                                              0x0040116e
                                                                                                                              0x00000000
                                                                                                                              0x00401178
                                                                                                                              0x00401010
                                                                                                                              0x00401013
                                                                                                                              0x00401015
                                                                                                                              0x0040101f
                                                                                                                              0x0040101f
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                              • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                              • GetClientRect.USER32 ref: 0040105B
                                                                                                                              • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                              • FillRect.USER32 ref: 004010E4
                                                                                                                              • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                              • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                              • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                              • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                              • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                              • DrawTextW.USER32(00000000,00429260,000000FF,00000010,00000820), ref: 00401156
                                                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                              • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                              • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                              • String ID: F
                                                                                                                              • API String ID: 941294808-1304234792
                                                                                                                              • Opcode ID: 8da9fae8b34351ceae2931000ebd9f39a308799c7d87b7a6dbcfe72b45b7384c
                                                                                                                              • Instruction ID: e2f9fea5dfd6f059ba8eeb08e8d10ac227d01a2162b8a260283931f50cd0bfbf
                                                                                                                              • Opcode Fuzzy Hash: 8da9fae8b34351ceae2931000ebd9f39a308799c7d87b7a6dbcfe72b45b7384c
                                                                                                                              • Instruction Fuzzy Hash: 33418B71800209EFCF058FA5DE459AF7BB9FF45315F00802AF991AA2A0C7349A55DFA4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 6F55127B Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 214stringmemoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 92%
                                                                                                                              			E6F55127B(void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				void* _t54;
				short _t55;
				signed int _t58;
				void* _t62;
				void* _t64;
				WCHAR* _t75;
				WCHAR* _t83;
				void* _t90;
				WCHAR* _t92;
				intOrPtr* _t103;
				signed int _t104;
				struct HWND__* _t112;
				void* _t119;

				 *0x6f554068 = _a4;
				 *0x6f554880 = _a8;
				 *0x6f554884 = _a16;
				 *0x6f554888 = _a12;
				_t112 = 0;
				_a8 = 0;
				_t54 = E6F55154E(0x6f554080);
				if(_t54 == 0) {
					_t54 = E6F55154E(0x6f553060);
					if(_t54 == 0) {
						_t54 = E6F55154E(0x6f553860);
						if(_t54 == 0) {
							_t55 =  *0x6f553860;
							_t92 = 0x6f553860;
							if(_t55 == 0) {
								L20:
								_t54 = E6F5515F5(0x6f553860);
								goto L21;
							} else {
								do {
									if(_t55 == 0x41) {
										_t112 = 1;
									}
									if(_t55 == 0x46) {
										 *0x6f553040 = 1;
									}
									if(_t55 == 0x43) {
										 *0x6f554064 = 1;
									}
									_t92 =  &(_t92[1]);
									_t55 =  *_t92;
								} while (_t55 != 0);
								if(_t112 == 0) {
									goto L20;
								} else {
									_t54 = 0;
									 *0x6f554060 = 0;
									_t103 =  *((intOrPtr*)( *0x6f554884));
									if(_t103 != 0) {
										while( *((intOrPtr*)(_t103 + 4)) != 0) {
											_t54 = _t54 + 1;
											 *0x6f554060 = _t54;
											_t103 =  *_t103;
											if(_t103 != 0) {
												continue;
											}
											break;
										}
										if(_t103 != 0) {
											asm("cdq");
											if( *0x6f554064 == 0) {
												_t54 = _t54 - 1 >> 1;
											} else {
												_t104 = 3;
												_t54 = _t54 / _t104;
											}
											_a8 = 1;
											L21:
											 *0x6f554060 = _t54;
											if(_t54 != 0) {
												 *0x6f553038 = 0;
												_t54 = GlobalAlloc(0x40, _t54 + _t54 * 2 << 2);
												 *0x6f55303c = _t54;
												if(_t54 != 0) {
													_a4 = 0;
													if( *0x6f554060 > 0) {
														while(E6F55154E(0x6f553860) == 0) {
															 *( *0x6f55303c + ( *0x6f553038 +  *0x6f553038 * 2) * 4) = GlobalAlloc(0x40, lstrlenW(0x6f553860) + _t70 + 2);
															_t75 =  *( *0x6f55303c + ( *0x6f553038 +  *0x6f553038 * 2) * 4);
															if(_t75 == 0) {
																break;
															} else {
																lstrcpyW(_t75, 0x6f553860);
																if(E6F55154E(0x6f553860) != 0) {
																	break;
																} else {
																	 *( *0x6f55303c + 4 + ( *0x6f553038 +  *0x6f553038 * 2) * 4) = GlobalAlloc(0x40, lstrlenW(0x6f553860) + _t78 + 2);
																	_t83 =  *( *0x6f55303c + 4 + ( *0x6f553038 +  *0x6f553038 * 2) * 4);
																	if(_t83 == 0) {
																		break;
																	} else {
																		lstrcpyW(_t83, 0x6f553860);
																		if( *0x6f554064 == 0) {
																			L32:
																			 *0x6f553038 =  *0x6f553038 + 1;
																			_a4 = _a4 + 1;
																			if(_a4 <  *0x6f554060) {
																				continue;
																			} else {
																			}
																		} else {
																			if(E6F55154E(0x6f553860) != 0) {
																				break;
																			} else {
																				 *((intOrPtr*)( *0x6f55303c + 8 + ( *0x6f553038 +  *0x6f553038 * 2) * 4)) = E6F5515F5(0x6f553860);
																				goto L32;
																			}
																		}
																	}
																}
															}
															goto L35;
														}
														 *0x6f553038 =  *0x6f553038 & 0x00000000;
													}
													L35:
													if(_a8 != 0 && E6F55154E(0x6f553860) != 0) {
														 *0x6f553038 = 0;
													}
													_t58 =  *0x6f553038;
													if(_t58 <= 1) {
														if(_t58 != 0) {
															_push( *((intOrPtr*)( *0x6f55303c + 4)));
														} else {
															_push(0x6f553030);
														}
														E6F55158E();
													} else {
														DialogBoxParamW( *0x6f553034, 0x65, 0, E6F551000, 0);
													}
													_t90 = 0;
													if( *0x6f553038 > 0) {
														_t119 = 0;
														do {
															_t62 =  *(_t119 +  *0x6f55303c);
															if(_t62 != 0) {
																GlobalFree(_t62);
															}
															_t64 =  *(_t119 +  *0x6f55303c + 4);
															if(_t64 != 0) {
																GlobalFree(_t64);
															}
															_t90 = _t90 + 1;
															_t119 = _t119 + 0xc;
														} while (_t90 <  *0x6f553038);
													}
													_t54 = GlobalFree( *0x6f55303c);
												}
											}
										}
									}
								}
							}
						}
					}
				}
				return _t54;
			}
















                                                                                                                              0x6f551280
                                                                                                                              0x6f551289
                                                                                                                              0x6f551293
                                                                                                                              0x6f5512a4
                                                                                                                              0x6f5512a9
                                                                                                                              0x6f5512ab
                                                                                                                              0x6f5512af
                                                                                                                              0x6f5512b6
                                                                                                                              0x6f5512c1
                                                                                                                              0x6f5512c8
                                                                                                                              0x6f5512d4
                                                                                                                              0x6f5512db
                                                                                                                              0x6f5512e1
                                                                                                                              0x6f5512e6
                                                                                                                              0x6f5512eb
                                                                                                                              0x6f551371
                                                                                                                              0x6f551372
                                                                                                                              0x00000000
                                                                                                                              0x6f5512f1
                                                                                                                              0x6f5512f1
                                                                                                                              0x6f5512f8
                                                                                                                              0x6f5512fa
                                                                                                                              0x6f5512fa
                                                                                                                              0x6f551300
                                                                                                                              0x6f551302
                                                                                                                              0x6f551302
                                                                                                                              0x6f55130c
                                                                                                                              0x6f55130e
                                                                                                                              0x6f55130e
                                                                                                                              0x6f551315
                                                                                                                              0x6f551316
                                                                                                                              0x6f551319
                                                                                                                              0x6f551320
                                                                                                                              0x00000000
                                                                                                                              0x6f551322
                                                                                                                              0x6f551328
                                                                                                                              0x6f55132a
                                                                                                                              0x6f55132f
                                                                                                                              0x6f551333
                                                                                                                              0x6f551339
                                                                                                                              0x6f55133f
                                                                                                                              0x6f551340
                                                                                                                              0x6f551345
                                                                                                                              0x6f551349
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f551349
                                                                                                                              0x6f55134d
                                                                                                                              0x6f551359
                                                                                                                              0x6f55135a
                                                                                                                              0x6f551365
                                                                                                                              0x6f55135c
                                                                                                                              0x6f55135e
                                                                                                                              0x6f55135f
                                                                                                                              0x6f55135f
                                                                                                                              0x6f551367
                                                                                                                              0x6f551377
                                                                                                                              0x6f551379
                                                                                                                              0x6f55137e
                                                                                                                              0x6f551393
                                                                                                                              0x6f551399
                                                                                                                              0x6f55139d
                                                                                                                              0x6f5513a2
                                                                                                                              0x6f5513af
                                                                                                                              0x6f5513b3
                                                                                                                              0x6f5513c5
                                                                                                                              0x6f5513ee
                                                                                                                              0x6f5513ff
                                                                                                                              0x6f551404
                                                                                                                              0x00000000
                                                                                                                              0x6f55140a
                                                                                                                              0x6f55140c
                                                                                                                              0x6f551416
                                                                                                                              0x00000000
                                                                                                                              0x6f55141c
                                                                                                                              0x6f551437
                                                                                                                              0x6f551449
                                                                                                                              0x6f55144f
                                                                                                                              0x00000000
                                                                                                                              0x6f551451
                                                                                                                              0x6f551453
                                                                                                                              0x6f55145c
                                                                                                                              0x6f551481
                                                                                                                              0x6f551481
                                                                                                                              0x6f551487
                                                                                                                              0x6f551495
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f55149b
                                                                                                                              0x6f55145e
                                                                                                                              0x6f551466
                                                                                                                              0x00000000
                                                                                                                              0x6f551468
                                                                                                                              0x6f55147d
                                                                                                                              0x00000000
                                                                                                                              0x6f55147d
                                                                                                                              0x6f551466
                                                                                                                              0x6f55145c
                                                                                                                              0x6f55144f
                                                                                                                              0x6f551416
                                                                                                                              0x00000000
                                                                                                                              0x6f551404
                                                                                                                              0x6f55149d
                                                                                                                              0x6f55149d
                                                                                                                              0x6f5514a4
                                                                                                                              0x6f5514aa
                                                                                                                              0x6f5514b6
                                                                                                                              0x6f5514b6
                                                                                                                              0x6f5514bc
                                                                                                                              0x6f5514c4
                                                                                                                              0x6f5514df
                                                                                                                              0x6f5514ed
                                                                                                                              0x6f5514e1
                                                                                                                              0x6f5514e1
                                                                                                                              0x6f5514e1
                                                                                                                              0x6f5514f0
                                                                                                                              0x6f5514c6
                                                                                                                              0x6f5514d5
                                                                                                                              0x6f5514d5
                                                                                                                              0x6f5514fb
                                                                                                                              0x6f551503
                                                                                                                              0x6f551505
                                                                                                                              0x6f551507
                                                                                                                              0x6f55150c
                                                                                                                              0x6f551511
                                                                                                                              0x6f551514
                                                                                                                              0x6f551514
                                                                                                                              0x6f55151b
                                                                                                                              0x6f551521
                                                                                                                              0x6f551524
                                                                                                                              0x6f551524
                                                                                                                              0x6f551526
                                                                                                                              0x6f551527
                                                                                                                              0x6f55152a
                                                                                                                              0x6f551507
                                                                                                                              0x6f551538
                                                                                                                              0x6f55153a
                                                                                                                              0x6f5513a2
                                                                                                                              0x6f55137e
                                                                                                                              0x6f55134d
                                                                                                                              0x6f551333
                                                                                                                              0x6f551320
                                                                                                                              0x6f5512eb
                                                                                                                              0x6f5512db
                                                                                                                              0x6f5512c8
                                                                                                                              0x6f55153e

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 6F55154E: lstrcpyW.KERNEL32 ref: 6F55156D
                                                                                                                                • Part of subcall function 6F55154E: GlobalFree.KERNEL32 ref: 6F55157D
                                                                                                                              • GlobalAlloc.KERNEL32(00000040,00000000,6F553860,6F553860,6F553060,6F554080), ref: 6F551399
                                                                                                                              • lstrlenW.KERNEL32(6F553860,6F553860), ref: 6F5513D4
                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?), ref: 6F5513DD
                                                                                                                              • lstrcpyW.KERNEL32 ref: 6F55140C
                                                                                                                              • lstrlenW.KERNEL32(6F553860,6F553860), ref: 6F55141D
                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?), ref: 6F551426
                                                                                                                              • lstrcpyW.KERNEL32 ref: 6F551453
                                                                                                                              • DialogBoxParamW.USER32 ref: 6F5514D5
                                                                                                                              • GlobalFree.KERNEL32 ref: 6F551514
                                                                                                                              • GlobalFree.KERNEL32 ref: 6F551524
                                                                                                                              • GlobalFree.KERNEL32 ref: 6F551538
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.699400709.000000006F551000.00000020.00000001.01000000.00000005.sdmp, Offset: 6F550000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.699392280.000000006F550000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699408399.000000006F552000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699416568.000000006F555000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6f550000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Global$Free$Alloclstrcpy$lstrlen$DialogParam
                                                                                                                              • String ID: `8Uo
                                                                                                                              • API String ID: 4207030468-719014383
                                                                                                                              • Opcode ID: 1c09e7bd7608fffa6df55bc3c7c5730dc8305299df8b6e195b918a8dc1f94796
                                                                                                                              • Instruction ID: df6f226c858853228748781061dc8b9aed962bb6a7aeb1edc5a51cb8e4d2d658
                                                                                                                              • Opcode Fuzzy Hash: 1c09e7bd7608fffa6df55bc3c7c5730dc8305299df8b6e195b918a8dc1f94796
                                                                                                                              • Instruction Fuzzy Hash: 74719D75601B019BCB00DF29DA91E6A7FBAFB86364B12403BD50ACB260D730ED79CB51
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 6F3A14D6 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 222windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 93%
                                                                                                                              			E6F3A14D6(struct HWND__* _a4, int _a8, unsigned int _a12, long _a16) {
				struct tagRECT _v20;
				short _v2068;
				int _t67;
				signed int _t71;
				intOrPtr _t80;
				signed int _t81;
				unsigned int _t94;
				void* _t109;
				long _t116;
				intOrPtr _t121;
				intOrPtr _t123;
				unsigned int _t127;
				void* _t128;
				void* _t133;
				signed int _t135;
				signed int* _t138;
				intOrPtr* _t139;

				_t67 = _a8;
				if(_t67 == 2) {
					_t128 = 0;
					if( *0x6f3a6154 <= 0) {
						L49:
						return 0;
					}
					_t133 = 0;
					do {
						RemovePropW( *(_t133 +  *0x6f3a6158), L"NSIS: nsControl pointer property");
						_t128 = _t128 + 1;
						_t133 = _t133 + 0x818;
					} while (_t128 <  *0x6f3a6154);
					goto L49;
				}
				if(_t67 == 0x2b) {
					_t116 = _a16;
					_t71 =  *(_t116 + 0x10);
					_a12 = _t71 & 0x00000100;
					_a16 = _t71 & 0x00000200;
					if(E6F3A13D2( *(_t116 + 0x14)) == 0) {
						goto L49;
					}
					asm("movsd");
					asm("movsd");
					_v2068 = _v2068 & 0x00000000;
					asm("movsd");
					asm("movsd");
					GetWindowTextW( *(_t116 + 0x14),  &_v2068, 0x400);
					DrawTextW( *(_t116 + 0x18),  &_v2068, 0xffffffff,  &_v20, 0x414);
					_t121 =  *((intOrPtr*)(_t116 + 0x24));
					_t80 = _v20.right + 2;
					_v20.right = _t80;
					if(_t80 >= _t121) {
						_v20.right = _t121;
					}
					_t81 =  *0x6f3a614c;
					if(_t81 != 0) {
						_v20.right = _t121;
						_v20.left = _v20.left + _t121 - _v20.right;
					}
					if(( *(_t116 + 0xc) & 0x00000001) != 0) {
						asm("sbb eax, eax");
						_t135 =  ~_t81 & 0x00020000;
						if(_a12 != 0) {
							_t135 = _t135 | 0x00100000;
						}
						if(GetWindowLongW( *(_t116 + 0x14), 0xffffffeb) == 0) {
							SetTextColor( *(_t116 + 0x18), E6F3A17AC());
						}
						DrawTextW( *(_t116 + 0x18),  &_v2068, 0xffffffff,  &_v20, _t135 | 0x00000015);
					}
					if(( *(_t116 + 0x10) & 0x00000010) == 0 || ( *(_t116 + 0xc) & 0x00000001) == 0) {
						if(( *(_t116 + 0xc) & 0x00000004) == 0) {
							goto L45;
						}
						goto L43;
					} else {
						L43:
						if(_a16 == 0) {
							DrawFocusRect( *(_t116 + 0x18),  &_v20);
						}
						L45:
						return 1;
					}
				}
				if(_t67 == 0x4e) {
					_t117 = _a16;
					_t94 = E6F3A13D2( *_a16);
					_a12 = _t94;
					_t138 =  *((intOrPtr*)( *0x6f3a6128)) + 0x20;
					if(_t94 == 0 ||  *((intOrPtr*)(_t94 + 0x810)) == 0) {
						goto L49;
					} else {
						 *_t138 =  *_t138 & 0x00000000;
						E6F3A20B3(_t117);
						E6F3A20B3( *((intOrPtr*)(_t117 + 8)));
						E6F3A20B3( *_t117);
						 *((intOrPtr*)( *0x6f3a6128 + 4))( *((intOrPtr*)(_a12 + 0x810)) - 1, 0);
						if( *_t138 == 0) {
							goto L49;
						}
						return SetWindowLongW(_a4, 0, E6F3A1EE2( *0x6f3a6130)) | 0x00000001;
					}
				}
				if(_t67 == 0x111) {
					_t118 = GetDlgItem(_a4, _a12 & 0x0000ffff);
					_t109 = E6F3A13D2(_t108);
					if(_t109 == 0) {
						goto L49;
					}
					_t127 = _a12 >> 0x10;
					if(_t127 != 0) {
						L12:
						if(_t127 != 0x300 ||  *((intOrPtr*)(_t109 + 4)) != 2) {
							if(_t127 != 1 ||  *((intOrPtr*)(_t109 + 4)) != 4) {
								if(_t127 == 6 || _t127 == 1) {
									if( *((intOrPtr*)(_t109 + 4)) != 3) {
										goto L22;
									}
									goto L19;
								} else {
									L22:
									if(_t127 != 0 ||  *((intOrPtr*)(_t109 + 4)) != 7) {
										goto L49;
									} else {
										L24:
										_t14 = _t109 + 0x808; // 0x808
										_t139 = _t14;
										goto L20;
									}
								}
							} else {
								goto L19;
							}
						} else {
							L19:
							_t11 = _t109 + 0x80c; // 0x80c
							_t139 = _t11;
							L20:
							if( *_t139 != 0) {
								E6F3A20B3(_t118);
								 *((intOrPtr*)( *0x6f3a6128 + 4))( *_t139 - 1, 0);
							}
							goto L49;
						}
					}
					_t123 =  *((intOrPtr*)(_t109 + 4));
					if(_t123 == 1 || _t123 == 8) {
						goto L24;
					} else {
						goto L12;
					}
				}
				if(_t67 > 0x132 && (_t67 <= 0x136 || _t67 == 0x138)) {
					return SendMessageW( *0x6f3a6144, _t67, _a12, _a16);
				}
				goto L49;
			}




















                                                                                                                              0x6f3a14df
                                                                                                                              0x6f3a14e8
                                                                                                                              0x6f3a1775
                                                                                                                              0x6f3a177d
                                                                                                                              0x6f3a17a3
                                                                                                                              0x00000000
                                                                                                                              0x6f3a17a3
                                                                                                                              0x6f3a177f
                                                                                                                              0x6f3a1781
                                                                                                                              0x6f3a178e
                                                                                                                              0x6f3a1794
                                                                                                                              0x6f3a1795
                                                                                                                              0x6f3a179b
                                                                                                                              0x00000000
                                                                                                                              0x6f3a1781
                                                                                                                              0x6f3a14f1
                                                                                                                              0x6f3a1666
                                                                                                                              0x6f3a1669
                                                                                                                              0x6f3a167c
                                                                                                                              0x6f3a167f
                                                                                                                              0x6f3a1689
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f3a1695
                                                                                                                              0x6f3a1696
                                                                                                                              0x6f3a1697
                                                                                                                              0x6f3a16a5
                                                                                                                              0x6f3a16af
                                                                                                                              0x6f3a16b0
                                                                                                                              0x6f3a16d1
                                                                                                                              0x6f3a16d6
                                                                                                                              0x6f3a16d9
                                                                                                                              0x6f3a16de
                                                                                                                              0x6f3a16e1
                                                                                                                              0x6f3a16e3
                                                                                                                              0x6f3a16e3
                                                                                                                              0x6f3a16e6
                                                                                                                              0x6f3a16ed
                                                                                                                              0x6f3a16f4
                                                                                                                              0x6f3a16f7
                                                                                                                              0x6f3a16f7
                                                                                                                              0x6f3a16fe
                                                                                                                              0x6f3a1702
                                                                                                                              0x6f3a170d
                                                                                                                              0x6f3a170f
                                                                                                                              0x6f3a1711
                                                                                                                              0x6f3a1711
                                                                                                                              0x6f3a1724
                                                                                                                              0x6f3a172f
                                                                                                                              0x6f3a172f
                                                                                                                              0x6f3a1749
                                                                                                                              0x6f3a1749
                                                                                                                              0x6f3a174f
                                                                                                                              0x6f3a175b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f3a175d
                                                                                                                              0x6f3a175d
                                                                                                                              0x6f3a1761
                                                                                                                              0x6f3a176a
                                                                                                                              0x6f3a176a
                                                                                                                              0x6f3a1770
                                                                                                                              0x00000000
                                                                                                                              0x6f3a1772
                                                                                                                              0x6f3a174f
                                                                                                                              0x6f3a14fa
                                                                                                                              0x6f3a15e0
                                                                                                                              0x6f3a15e5
                                                                                                                              0x6f3a15f0
                                                                                                                              0x6f3a15f5
                                                                                                                              0x6f3a15fa
                                                                                                                              0x00000000
                                                                                                                              0x6f3a160d
                                                                                                                              0x6f3a160f
                                                                                                                              0x6f3a1613
                                                                                                                              0x6f3a161b
                                                                                                                              0x6f3a1622
                                                                                                                              0x6f3a1639
                                                                                                                              0x6f3a1642
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f3a165f
                                                                                                                              0x6f3a15fa
                                                                                                                              0x6f3a1505
                                                                                                                              0x6f3a154a
                                                                                                                              0x6f3a154d
                                                                                                                              0x6f3a1556
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f3a155f
                                                                                                                              0x6f3a1565
                                                                                                                              0x6f3a1574
                                                                                                                              0x6f3a1579
                                                                                                                              0x6f3a1585
                                                                                                                              0x6f3a1591
                                                                                                                              0x6f3a159d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f3a15c5
                                                                                                                              0x6f3a15c5
                                                                                                                              0x6f3a15c8
                                                                                                                              0x00000000
                                                                                                                              0x6f3a15d8
                                                                                                                              0x6f3a15d8
                                                                                                                              0x6f3a15d8
                                                                                                                              0x6f3a15d8
                                                                                                                              0x00000000
                                                                                                                              0x6f3a15d8
                                                                                                                              0x6f3a15c8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f3a159f
                                                                                                                              0x6f3a159f
                                                                                                                              0x6f3a159f
                                                                                                                              0x6f3a159f
                                                                                                                              0x6f3a15a5
                                                                                                                              0x6f3a15a7
                                                                                                                              0x6f3a15ae
                                                                                                                              0x6f3a15bd
                                                                                                                              0x6f3a15bd
                                                                                                                              0x00000000
                                                                                                                              0x6f3a15a7
                                                                                                                              0x6f3a1579
                                                                                                                              0x6f3a1567
                                                                                                                              0x6f3a156d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f3a156d
                                                                                                                              0x6f3a150c
                                                                                                                              0x00000000
                                                                                                                              0x6f3a1531
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • SendMessageW.USER32(?,?,?), ref: 6F3A1531
                                                                                                                              • GetDlgItem.USER32 ref: 6F3A1544
                                                                                                                              • SetWindowLongW.USER32 ref: 6F3A1659
                                                                                                                              • GetWindowTextW.USER32 ref: 6F3A16B0
                                                                                                                              • DrawTextW.USER32(?,00000000,000000FF,?,00000414), ref: 6F3A16D1
                                                                                                                              • GetWindowLongW.USER32(?,000000EB), ref: 6F3A171C
                                                                                                                              • SetTextColor.GDI32(?,00000000), ref: 6F3A172F
                                                                                                                              • DrawTextW.USER32(?,00000000,000000FF,00000000,?), ref: 6F3A1749
                                                                                                                              • DrawFocusRect.USER32 ref: 6F3A176A
                                                                                                                              • RemovePropW.USER32 ref: 6F3A178E
                                                                                                                              Strings
                                                                                                                              • NSIS: nsControl pointer property, xrefs: 6F3A1786
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.699359362.000000006F3A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6F3A0000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.699351571.000000006F3A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699369720.000000006F3A3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699377071.000000006F3A4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699384845.000000006F3A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6f3a0000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Text$DrawWindow$Long$ColorFocusItemMessagePropRectRemoveSend
                                                                                                                              • String ID: NSIS: nsControl pointer property
                                                                                                                              • API String ID: 2008169532-1714965683
                                                                                                                              • Opcode ID: 7ad349cf2fd7a204e0bdd330574f7111216513b2fc869e4e15b871558e5018c8
                                                                                                                              • Instruction ID: 1fd64eb9181cb98fa9ae4afb63f7abf80a92d2543ffae7fcf08db737334a33bb
                                                                                                                              • Opcode Fuzzy Hash: 7ad349cf2fd7a204e0bdd330574f7111216513b2fc869e4e15b871558e5018c8
                                                                                                                              • Instruction Fuzzy Hash: 888190719006059FDF11EF56CC84BAE7BE9FF06310F00856AE8519A1A6C773E8A1CF91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 6F562655 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 109COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 88%
                                                                                                                              			E6F562655() {
				intOrPtr _t24;
				void* _t26;
				intOrPtr _t27;
				signed int _t39;
				void* _t40;
				void* _t43;
				intOrPtr _t44;
				void* _t45;

				_t40 = E6F5612BB();
				_t24 =  *((intOrPtr*)(_t45 + 0x18));
				_t44 =  *((intOrPtr*)(_t24 + 0x1014));
				_t43 = (_t44 + 0x81 << 5) + _t24;
				do {
					if( *((intOrPtr*)(_t43 - 4)) >= 0) {
					}
					_t39 =  *(_t43 - 8) & 0x000000ff;
					if(_t39 <= 7) {
						switch( *((intOrPtr*)(_t39 * 4 +  &M6F562784))) {
							case 0:
								 *_t40 = 0;
								goto L17;
							case 1:
								__eax =  *__eax;
								if(__ecx > __ebx) {
									 *(__esp + 0x10) = __ecx;
									__ecx =  *(0x6f56407c + __edx * 4);
									__edx =  *(__esp + 0x10);
									__ecx = __ecx * __edx;
									asm("sbb edx, edx");
									__edx = __edx & __ecx;
									__eax = __eax &  *(0x6f56409c + __edx * 4);
								}
								_push(__eax);
								goto L15;
							case 2:
								__eax = E6F561510(__edx,  *__eax,  *((intOrPtr*)(__eax + 4)), __edi);
								goto L16;
							case 3:
								__ecx =  *0x6f56506c;
								__edx = __ecx - 1;
								__eax = MultiByteToWideChar(__ebx, __ebx,  *__eax, __ecx, __edi, __edx);
								__eax =  *0x6f56506c;
								 *((short*)(__edi + __eax * 2 - 2)) = __bx;
								goto L17;
							case 4:
								__eax = lstrcpynW(__edi,  *__eax,  *0x6f56506c);
								goto L17;
							case 5:
								_push( *0x6f56506c);
								_push(__edi);
								_push( *__eax);
								" {]w@u]w"();
								goto L17;
							case 6:
								_push( *__esi);
								L15:
								__eax = wsprintfW(__edi, 0x6f565000);
								L16:
								__esp = __esp + 0xc;
								goto L17;
						}
					}
					L17:
					_t26 =  *(_t43 + 0x14);
					if(_t26 != 0 && ( *((intOrPtr*)( *((intOrPtr*)(_t45 + 0x18)))) != 2 ||  *((intOrPtr*)(_t43 - 4)) > 0)) {
						GlobalFree(_t26);
					}
					_t27 =  *((intOrPtr*)(_t43 + 0xc));
					if(_t27 != 0) {
						if(_t27 != 0xffffffff) {
							if(_t27 > 0) {
								E6F561381(_t27 - 1, _t40);
								goto L26;
							}
						} else {
							E6F561312(_t40);
							L26:
						}
					}
					_t44 = _t44 - 1;
					_t43 = _t43 - 0x20;
				} while (_t44 >= 0);
				return GlobalFree(_t40);
			}











                                                                                                                              0x6f56265f
                                                                                                                              0x6f562661
                                                                                                                              0x6f562665
                                                                                                                              0x6f562674
                                                                                                                              0x6f562678
                                                                                                                              0x6f56267d
                                                                                                                              0x6f56267d
                                                                                                                              0x6f562685
                                                                                                                              0x6f56268c
                                                                                                                              0x6f562692
                                                                                                                              0x00000000
                                                                                                                              0x6f562699
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f5626a1
                                                                                                                              0x6f5626a5
                                                                                                                              0x6f5626a8
                                                                                                                              0x6f5626ac
                                                                                                                              0x6f5626b3
                                                                                                                              0x6f5626b7
                                                                                                                              0x6f5626bd
                                                                                                                              0x6f5626bf
                                                                                                                              0x6f5626c1
                                                                                                                              0x6f5626c1
                                                                                                                              0x6f5626c8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f5626d1
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f5626d8
                                                                                                                              0x6f5626de
                                                                                                                              0x6f5626e8
                                                                                                                              0x6f5626ee
                                                                                                                              0x6f5626f3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f562714
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f5626fa
                                                                                                                              0x6f562700
                                                                                                                              0x6f562701
                                                                                                                              0x6f562703
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f56271c
                                                                                                                              0x6f56271e
                                                                                                                              0x6f562724
                                                                                                                              0x6f56272a
                                                                                                                              0x6f56272a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f562692
                                                                                                                              0x6f56272d
                                                                                                                              0x6f56272d
                                                                                                                              0x6f562732
                                                                                                                              0x6f562743
                                                                                                                              0x6f562743
                                                                                                                              0x6f562749
                                                                                                                              0x6f56274e
                                                                                                                              0x6f562753
                                                                                                                              0x6f56275f
                                                                                                                              0x6f562764
                                                                                                                              0x00000000
                                                                                                                              0x6f562769
                                                                                                                              0x6f562755
                                                                                                                              0x6f562756
                                                                                                                              0x6f56276a
                                                                                                                              0x6f56276a
                                                                                                                              0x6f562753
                                                                                                                              0x6f56276b
                                                                                                                              0x6f56276c
                                                                                                                              0x6f56276f
                                                                                                                              0x6f562783

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 6F5612BB: GlobalAlloc.KERNELBASE(00000040,?,6F5612DB,?,6F56137F,00000019,6F5611CA,-000000A0), ref: 6F5612C5
                                                                                                                              • GlobalFree.KERNEL32 ref: 6F562743
                                                                                                                              • GlobalFree.KERNEL32 ref: 6F562778
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.699435220.000000006F561000.00000020.00000001.01000000.00000004.sdmp, Offset: 6F560000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.699425612.000000006F560000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699447140.000000006F564000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699455238.000000006F566000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6f560000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Global$Free$Alloc
                                                                                                                              • String ID: {]w@u]w
                                                                                                                              • API String ID: 1780285237-2172857112
                                                                                                                              • Opcode ID: 45a037cdb8f7d5ed5a7a3cb40707eca9e17557c93c10fb0f2cb84022815a3255
                                                                                                                              • Instruction ID: 98e1323e39b79eafc30205c0c028c47b5a66ca4c21426f4eec19a74bd0679f59
                                                                                                                              • Opcode Fuzzy Hash: 45a037cdb8f7d5ed5a7a3cb40707eca9e17557c93c10fb0f2cb84022815a3255
                                                                                                                              • Instruction Fuzzy Hash: F631CD31208601EFCF258F68CA94C3A7BBAFF873647154639F12187A70DB30AC658B61
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040462B Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E0040462B(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t39;
				long _t41;
				void* _t44;
				signed char _t50;
				long* _t54;

				if(_a4 + 0xfffffecd > 5) {
					L18:
					return 0;
				}
				_t54 = GetWindowLongW(_a12, 0xffffffeb);
				if(_t54 == 0 || _t54[2] > 1 || _t54[4] > 2) {
					goto L18;
				} else {
					_t50 = _t54[5];
					if((_t50 & 0xffffffe0) != 0) {
						goto L18;
					}
					_t39 =  *_t54;
					if((_t50 & 0x00000002) != 0) {
						_t39 = GetSysColor(_t39);
					}
					if((_t54[5] & 0x00000001) != 0) {
						SetTextColor(_a8, _t39);
					}
					SetBkMode(_a8, _t54[4]);
					_t41 = _t54[1];
					_v16.lbColor = _t41;
					if((_t54[5] & 0x00000008) != 0) {
						_t41 = GetSysColor(_t41);
						_v16.lbColor = _t41;
					}
					if((_t54[5] & 0x00000004) != 0) {
						SetBkColor(_a8, _t41);
					}
					if((_t54[5] & 0x00000010) != 0) {
						_v16.lbStyle = _t54[2];
						_t44 = _t54[3];
						if(_t44 != 0) {
							DeleteObject(_t44);
						}
						_t54[3] = CreateBrushIndirect( &_v16);
					}
					return _t54[3];
				}
			}









                                                                                                                              0x0040463d
                                                                                                                              0x004046f3
                                                                                                                              0x00000000
                                                                                                                              0x004046f3
                                                                                                                              0x0040464e
                                                                                                                              0x00404652
                                                                                                                              0x00000000
                                                                                                                              0x0040466c
                                                                                                                              0x0040466c
                                                                                                                              0x00404675
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00404677
                                                                                                                              0x00404683
                                                                                                                              0x00404686
                                                                                                                              0x00404686
                                                                                                                              0x0040468c
                                                                                                                              0x00404692
                                                                                                                              0x00404692
                                                                                                                              0x0040469e
                                                                                                                              0x004046a4
                                                                                                                              0x004046ab
                                                                                                                              0x004046ae
                                                                                                                              0x004046b1
                                                                                                                              0x004046b3
                                                                                                                              0x004046b3
                                                                                                                              0x004046bb
                                                                                                                              0x004046c1
                                                                                                                              0x004046c1
                                                                                                                              0x004046cb
                                                                                                                              0x004046d0
                                                                                                                              0x004046d3
                                                                                                                              0x004046d8
                                                                                                                              0x004046db
                                                                                                                              0x004046db
                                                                                                                              0x004046eb
                                                                                                                              0x004046eb
                                                                                                                              0x00000000
                                                                                                                              0x004046ee

                                                                                                                              APIs
                                                                                                                              • GetWindowLongW.USER32(?,000000EB), ref: 00404648
                                                                                                                              • GetSysColor.USER32(00000000), ref: 00404686
                                                                                                                              • SetTextColor.GDI32(?,00000000), ref: 00404692
                                                                                                                              • SetBkMode.GDI32(?,?), ref: 0040469E
                                                                                                                              • GetSysColor.USER32(?), ref: 004046B1
                                                                                                                              • SetBkColor.GDI32(?,?), ref: 004046C1
                                                                                                                              • DeleteObject.GDI32(?), ref: 004046DB
                                                                                                                              • CreateBrushIndirect.GDI32(?), ref: 004046E5
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2320649405-0
                                                                                                                              • Opcode ID: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                                                              • Instruction ID: e78b8cc9c8042372c9a7340b9b8aa9b23ded286a9f8ddc7240a2e2d8bd1f46c0
                                                                                                                              • Opcode Fuzzy Hash: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                                                              • Instruction Fuzzy Hash: DE2197715007049FC7309F28D908B5BBBF8AF42714F008D2EE992A22E1D739D944DB58
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004026EC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 87%
                                                                                                                              			E004026EC(intOrPtr __ebx, intOrPtr __edx, void* __edi) {
				intOrPtr _t65;
				intOrPtr _t66;
				intOrPtr _t72;
				void* _t76;
				void* _t79;

				_t72 = __edx;
				 *((intOrPtr*)(_t76 - 8)) = __ebx;
				_t65 = 2;
				 *((intOrPtr*)(_t76 - 0x4c)) = _t65;
				_t66 = E00402D84(_t65);
				_t79 = _t66 - 1;
				 *((intOrPtr*)(_t76 - 0x10)) = _t72;
				 *((intOrPtr*)(_t76 - 0x44)) = _t66;
				if(_t79 < 0) {
					L36:
					 *0x42a2e8 =  *0x42a2e8 +  *(_t76 - 4);
				} else {
					__ecx = 0x3ff;
					if(__eax > 0x3ff) {
						 *(__ebp - 0x44) = 0x3ff;
					}
					if( *__edi == __bx) {
						L34:
						__ecx =  *(__ebp - 0xc);
						__eax =  *(__ebp - 8);
						 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __bx;
						if(_t79 == 0) {
							 *(_t76 - 4) = 1;
						}
						goto L36;
					} else {
						 *(__ebp - 0x38) = __ebx;
						 *(__ebp - 0x18) = E004065C8(__ecx, __edi);
						if( *(__ebp - 0x44) > __ebx) {
							do {
								if( *((intOrPtr*)(__ebp - 0x34)) != 0x39) {
									if( *((intOrPtr*)(__ebp - 0x24)) != __ebx ||  *(__ebp - 8) != __ebx || E00406239( *(__ebp - 0x18), __ebx) >= 0) {
										__eax = __ebp - 0x50;
										if(E004061DB( *(__ebp - 0x18), __ebp - 0x50, 2) == 0) {
											goto L34;
										} else {
											goto L21;
										}
									} else {
										goto L34;
									}
								} else {
									__eax = __ebp - 0x40;
									_push(__ebx);
									_push(__ebp - 0x40);
									__eax = 2;
									__ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)) = __ebp + 0xa;
									__eax = ReadFile( *(__ebp - 0x18), __ebp + 0xa, __ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)), ??, ??);
									if(__eax == 0) {
										goto L34;
									} else {
										__ecx =  *(__ebp - 0x40);
										if(__ecx == __ebx) {
											goto L34;
										} else {
											__ax =  *(__ebp + 0xa) & 0x000000ff;
											 *(__ebp - 0x4c) = __ecx;
											 *(__ebp - 0x50) = __eax;
											if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
												L28:
												__ax & 0x0000ffff = E004065AF( *(__ebp - 0xc), __ax & 0x0000ffff);
											} else {
												__ebp - 0x50 = __ebp + 0xa;
												if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa, __ecx, __ebp - 0x50, 1) != 0) {
													L21:
													__eax =  *(__ebp - 0x50);
												} else {
													__edi =  *(__ebp - 0x4c);
													__edi =  ~( *(__ebp - 0x4c));
													while(1) {
														_t22 = __ebp - 0x40;
														 *_t22 =  *(__ebp - 0x40) - 1;
														__eax = 0xfffd;
														 *(__ebp - 0x50) = 0xfffd;
														if( *_t22 == 0) {
															goto L22;
														}
														 *(__ebp - 0x4c) =  *(__ebp - 0x4c) - 1;
														__edi = __edi + 1;
														SetFilePointer( *(__ebp - 0x18), __edi, __ebx, 1) = __ebp - 0x50;
														__eax = __ebp + 0xa;
														if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa,  *(__ebp - 0x40), __ebp - 0x50, 1) == 0) {
															continue;
														} else {
															goto L21;
														}
														goto L22;
													}
												}
												L22:
												if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
													goto L28;
												} else {
													if( *(__ebp - 0x38) == 0xd ||  *(__ebp - 0x38) == 0xa) {
														if( *(__ebp - 0x38) == __ax || __ax != 0xd && __ax != 0xa) {
															 *(__ebp - 0x4c) =  ~( *(__ebp - 0x4c));
															__eax = SetFilePointer( *(__ebp - 0x18),  ~( *(__ebp - 0x4c)), __ebx, 1);
														} else {
															__ecx =  *(__ebp - 0xc);
															__edx =  *(__ebp - 8);
															 *(__ebp - 8) =  *(__ebp - 8) + 1;
															 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														}
														goto L34;
													} else {
														__ecx =  *(__ebp - 0xc);
														__edx =  *(__ebp - 8);
														 *(__ebp - 8) =  *(__ebp - 8) + 1;
														 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														 *(__ebp - 0x38) = __eax;
														if(__ax == __bx) {
															goto L34;
														} else {
															goto L26;
														}
													}
												}
											}
										}
									}
								}
								goto L37;
								L26:
								__eax =  *(__ebp - 8);
							} while ( *(__ebp - 8) <  *(__ebp - 0x44));
						}
						goto L34;
					}
				}
				L37:
				return 0;
			}








                                                                                                                              0x004026ec
                                                                                                                              0x004026ee
                                                                                                                              0x004026f1
                                                                                                                              0x004026f3
                                                                                                                              0x004026f6
                                                                                                                              0x004026fb
                                                                                                                              0x004026ff
                                                                                                                              0x00402702
                                                                                                                              0x00402705
                                                                                                                              0x00402c2a
                                                                                                                              0x00402c2d
                                                                                                                              0x0040270b
                                                                                                                              0x0040270b
                                                                                                                              0x00402712
                                                                                                                              0x00402714
                                                                                                                              0x00402714
                                                                                                                              0x0040271a
                                                                                                                              0x0040287e
                                                                                                                              0x0040287e
                                                                                                                              0x00402881
                                                                                                                              0x00402886
                                                                                                                              0x004015b6
                                                                                                                              0x0040292e
                                                                                                                              0x0040292e
                                                                                                                              0x00000000
                                                                                                                              0x00402720
                                                                                                                              0x00402721
                                                                                                                              0x0040272c
                                                                                                                              0x0040272f
                                                                                                                              0x0040273b
                                                                                                                              0x0040273f
                                                                                                                              0x004027d7
                                                                                                                              0x004027ef
                                                                                                                              0x004027ff
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00402745
                                                                                                                              0x00402745
                                                                                                                              0x00402748
                                                                                                                              0x00402749
                                                                                                                              0x0040274c
                                                                                                                              0x00402751
                                                                                                                              0x00402758
                                                                                                                              0x00402760
                                                                                                                              0x00000000
                                                                                                                              0x00402766
                                                                                                                              0x00402766
                                                                                                                              0x0040276b
                                                                                                                              0x00000000
                                                                                                                              0x00402771
                                                                                                                              0x00402771
                                                                                                                              0x00402779
                                                                                                                              0x0040277c
                                                                                                                              0x0040277f
                                                                                                                              0x0040283a
                                                                                                                              0x00402841
                                                                                                                              0x00402785
                                                                                                                              0x0040278b
                                                                                                                              0x00402797
                                                                                                                              0x00402801
                                                                                                                              0x00402801
                                                                                                                              0x00402799
                                                                                                                              0x00402799
                                                                                                                              0x0040279c
                                                                                                                              0x0040279e
                                                                                                                              0x0040279e
                                                                                                                              0x0040279e
                                                                                                                              0x004027a1
                                                                                                                              0x004027a6
                                                                                                                              0x004027a9
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004027ab
                                                                                                                              0x004027ae
                                                                                                                              0x004027bc
                                                                                                                              0x004027c2
                                                                                                                              0x004027d0
                                                                                                                              0x00000000
                                                                                                                              0x004027d2
                                                                                                                              0x00000000
                                                                                                                              0x004027d2
                                                                                                                              0x00000000
                                                                                                                              0x004027d0
                                                                                                                              0x0040279e
                                                                                                                              0x00402804
                                                                                                                              0x00402807
                                                                                                                              0x00000000
                                                                                                                              0x00402809
                                                                                                                              0x0040280e
                                                                                                                              0x0040284f
                                                                                                                              0x00402871
                                                                                                                              0x00402878
                                                                                                                              0x0040285d
                                                                                                                              0x0040285d
                                                                                                                              0x00402860
                                                                                                                              0x00402863
                                                                                                                              0x00402866
                                                                                                                              0x00402866
                                                                                                                              0x00000000
                                                                                                                              0x00402817
                                                                                                                              0x00402817
                                                                                                                              0x0040281a
                                                                                                                              0x0040281d
                                                                                                                              0x00402823
                                                                                                                              0x00402827
                                                                                                                              0x0040282a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040282a
                                                                                                                              0x0040280e
                                                                                                                              0x00402807
                                                                                                                              0x0040277f
                                                                                                                              0x0040276b
                                                                                                                              0x00402760
                                                                                                                              0x00000000
                                                                                                                              0x0040282c
                                                                                                                              0x0040282c
                                                                                                                              0x0040282f
                                                                                                                              0x00402838
                                                                                                                              0x00000000
                                                                                                                              0x0040272f
                                                                                                                              0x0040271a
                                                                                                                              0x00402c33
                                                                                                                              0x00402c39

                                                                                                                              APIs
                                                                                                                              • ReadFile.KERNEL32(?,?,?,?), ref: 00402758
                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402793
                                                                                                                              • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027B6
                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027CC
                                                                                                                                • Part of subcall function 00406239: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 0040624F
                                                                                                                              • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 00402878
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                                                              • String ID: 9
                                                                                                                              • API String ID: 163830602-2366072709
                                                                                                                              • Opcode ID: c494a9c5f1831dca55446a6dfc25bb45b63b896379fbbdb0ec38153142a3ac1c
                                                                                                                              • Instruction ID: 581cf2785626502de532f206a1de9da9d9b8d20bcd24121b7f7bd1133decb9a2
                                                                                                                              • Opcode Fuzzy Hash: c494a9c5f1831dca55446a6dfc25bb45b63b896379fbbdb0ec38153142a3ac1c
                                                                                                                              • Instruction Fuzzy Hash: CE51FB75D00219AADF20EF95CA88AAEBB75FF04304F50417BE541B62D4D7B49D82CB58
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 6F562480 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 135memoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 85%
                                                                                                                              			E6F562480(void* __edx) {
				void* _t37;
				signed int _t38;
				void* _t39;
				void* _t41;
				signed char* _t42;
				signed char* _t51;
				void* _t52;
				void* _t54;

				 *(_t54 + 0x10) = 0 |  *((intOrPtr*)( *((intOrPtr*)(_t54 + 8)) + 0x1014)) > 0x00000000;
				while(1) {
					_t9 =  *((intOrPtr*)(_t54 + 0x18)) + 0x1018; // 0x1018
					_t51 = ( *(_t54 + 0x10) << 5) + _t9;
					_t52 = _t51[0x18];
					if(_t52 == 0) {
						goto L9;
					}
					_t41 = 0x1a;
					if(_t52 == _t41) {
						goto L9;
					}
					if(_t52 != 0xffffffff) {
						if(_t52 <= 0 || _t52 > 0x19) {
							_t51[0x18] = _t41;
							goto L12;
						} else {
							_t37 = E6F56135A(_t52 - 1);
							L10:
							goto L11;
						}
					} else {
						_t37 = E6F5612E3();
						L11:
						_t52 = _t37;
						L12:
						_t13 =  &(_t51[8]); // 0x1020
						_t42 = _t13;
						if(_t51[4] >= 0) {
						}
						_t38 =  *_t51 & 0x000000ff;
						_t51[0x1c] = 0;
						if(_t38 > 7) {
							L27:
							_t39 = GlobalFree(_t52);
							if( *(_t54 + 0x10) == 0) {
								return _t39;
							}
							if( *(_t54 + 0x10) !=  *((intOrPtr*)( *((intOrPtr*)(_t54 + 0x18)) + 0x1014))) {
								 *(_t54 + 0x10) =  *(_t54 + 0x10) + 1;
							} else {
								 *(_t54 + 0x10) =  *(_t54 + 0x10) & 0x00000000;
							}
							continue;
						} else {
							switch( *((intOrPtr*)(_t38 * 4 +  &M6F5625F8))) {
								case 0:
									 *_t42 = 0;
									goto L27;
								case 1:
									__eax = E6F5613B1(__ebp);
									goto L21;
								case 2:
									 *__edi = E6F5613B1(__ebp);
									__edi[1] = __edx;
									goto L27;
								case 3:
									__eax = GlobalAlloc(0x40,  *0x6f56506c);
									 *(__esi + 0x1c) = __eax;
									__edx = 0;
									 *__edi = __eax;
									__eax = WideCharToMultiByte(0, 0, __ebp,  *0x6f56506c, __eax,  *0x6f56506c, 0, 0);
									goto L27;
								case 4:
									__eax = E6F5612CC(__ebp);
									 *(__esi + 0x1c) = __eax;
									L21:
									 *__edi = __eax;
									goto L27;
								case 5:
									__eax = GlobalAlloc(0x40, 0x10);
									_push(__eax);
									 *(__esi + 0x1c) = __eax;
									_push(__ebp);
									 *__edi = __eax;
									__imp__CLSIDFromString();
									goto L27;
								case 6:
									if( *__ebp != __cx) {
										__eax = E6F5613B1(__ebp);
										 *__ebx = __eax;
									}
									goto L27;
								case 7:
									 *(__esi + 0x18) =  *(__esi + 0x18) - 1;
									( *(__esi + 0x18) - 1) *  *0x6f56506c =  *0x6f565074 + ( *(__esi + 0x18) - 1) *  *0x6f56506c * 2 + 0x18;
									 *__ebx =  *0x6f565074 + ( *(__esi + 0x18) - 1) *  *0x6f56506c * 2 + 0x18;
									asm("cdq");
									__eax = E6F561510(__edx,  *0x6f565074 + ( *(__esi + 0x18) - 1) *  *0x6f56506c * 2 + 0x18, __edx,  *0x6f565074 + ( *(__esi + 0x18) - 1) *  *0x6f56506c * 2);
									goto L27;
							}
						}
					}
					L9:
					_t37 = E6F5612CC(0x6f565044);
					goto L10;
				}
			}











                                                                                                                              0x6f562494
                                                                                                                              0x6f562498
                                                                                                                              0x6f5624a3
                                                                                                                              0x6f5624a3
                                                                                                                              0x6f5624aa
                                                                                                                              0x6f5624af
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f5624b3
                                                                                                                              0x6f5624b6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f5624bb
                                                                                                                              0x6f5624c6
                                                                                                                              0x6f5624d6
                                                                                                                              0x00000000
                                                                                                                              0x6f5624cd
                                                                                                                              0x6f5624cf
                                                                                                                              0x6f5624e5
                                                                                                                              0x00000000
                                                                                                                              0x6f5624e5
                                                                                                                              0x6f5624bd
                                                                                                                              0x6f5624bd
                                                                                                                              0x6f5624e6
                                                                                                                              0x6f5624e6
                                                                                                                              0x6f5624e8
                                                                                                                              0x6f5624ec
                                                                                                                              0x6f5624ec
                                                                                                                              0x6f5624ef
                                                                                                                              0x6f5624ef
                                                                                                                              0x6f5624f7
                                                                                                                              0x6f5624ff
                                                                                                                              0x6f562502
                                                                                                                              0x6f5625c1
                                                                                                                              0x6f5625c2
                                                                                                                              0x6f5625cd
                                                                                                                              0x6f5625f7
                                                                                                                              0x6f5625f7
                                                                                                                              0x6f5625dd
                                                                                                                              0x6f5625e9
                                                                                                                              0x6f5625df
                                                                                                                              0x6f5625df
                                                                                                                              0x6f5625df
                                                                                                                              0x00000000
                                                                                                                              0x6f562508
                                                                                                                              0x6f562508
                                                                                                                              0x00000000
                                                                                                                              0x6f56250f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f562517
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f562525
                                                                                                                              0x6f562527
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f562548
                                                                                                                              0x6f56254e
                                                                                                                              0x6f562551
                                                                                                                              0x6f562553
                                                                                                                              0x6f562563
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f562530
                                                                                                                              0x6f562535
                                                                                                                              0x6f562538
                                                                                                                              0x6f562539
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f56256f
                                                                                                                              0x6f562575
                                                                                                                              0x6f562576
                                                                                                                              0x6f562579
                                                                                                                              0x6f56257a
                                                                                                                              0x6f56257c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f562588
                                                                                                                              0x6f56258b
                                                                                                                              0x6f562597
                                                                                                                              0x6f562599
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f5625a5
                                                                                                                              0x6f5625b1
                                                                                                                              0x6f5625b4
                                                                                                                              0x6f5625b6
                                                                                                                              0x6f5625b9
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f562508
                                                                                                                              0x6f562502
                                                                                                                              0x6f5624db
                                                                                                                              0x6f5624e0
                                                                                                                              0x00000000
                                                                                                                              0x6f5624e0

                                                                                                                              APIs
                                                                                                                              • GlobalFree.KERNEL32 ref: 6F5625C2
                                                                                                                                • Part of subcall function 6F5612CC: lstrcpynW.KERNEL32(00000000,?,6F56137F,00000019,6F5611CA,-000000A0), ref: 6F5612DC
                                                                                                                              • GlobalAlloc.KERNEL32(00000040), ref: 6F562548
                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 6F562563
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.699435220.000000006F561000.00000020.00000001.01000000.00000004.sdmp, Offset: 6F560000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.699425612.000000006F560000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699447140.000000006F564000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699455238.000000006F566000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6f560000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
                                                                                                                              • String ID: @u]w
                                                                                                                              • API String ID: 4216380887-689891868
                                                                                                                              • Opcode ID: 86c2046146093359405b0371bd5e2cefab1cd5379690ecefb57661570bd9ea38
                                                                                                                              • Instruction ID: a77cb8ccf7c885db5b12ec8c1cc8424af8ed06a707c3600ecd4b41f4efad266a
                                                                                                                              • Opcode Fuzzy Hash: 86c2046146093359405b0371bd5e2cefab1cd5379690ecefb57661570bd9ea38
                                                                                                                              • Instruction Fuzzy Hash: 2E41B1B0148705DFDF24DF28D950A267BB8FB95325F008A3EE47A8A5A1E730AD44CB61
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004068EF Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 91%
                                                                                                                              			E004068EF(WCHAR* _a4) {
				short _t5;
				short _t7;
				WCHAR* _t19;
				WCHAR* _t20;
				WCHAR* _t21;

				_t20 = _a4;
				if( *_t20 == 0x5c && _t20[1] == 0x5c && _t20[2] == 0x3f && _t20[3] == 0x5c) {
					_t20 =  &(_t20[4]);
				}
				if( *_t20 != 0 && E00405FAE(_t20) != 0) {
					_t20 =  &(_t20[2]);
				}
				_t5 =  *_t20;
				_t21 = _t20;
				_t19 = _t20;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((short*)(E00405F64(L"*?|<>/\":", _t5))) == 0) {
							E00406113(_t19, _t20, CharNextW(_t20) - _t20 >> 1);
							_t19 = CharNextW(_t19);
						}
						_t20 = CharNextW(_t20);
						_t5 =  *_t20;
					} while (_t5 != 0);
				}
				 *_t19 =  *_t19 & 0x00000000;
				while(1) {
					_push(_t19);
					_push(_t21);
					_t19 = CharPrevW();
					_t7 =  *_t19;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t19 =  *_t19 & 0x00000000;
					if(_t21 < _t19) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                                                                                              0x004068f1
                                                                                                                              0x004068fa
                                                                                                                              0x00406911
                                                                                                                              0x00406911
                                                                                                                              0x00406918
                                                                                                                              0x00406924
                                                                                                                              0x00406924
                                                                                                                              0x00406927
                                                                                                                              0x0040692a
                                                                                                                              0x0040692f
                                                                                                                              0x00406931
                                                                                                                              0x0040693a
                                                                                                                              0x0040693e
                                                                                                                              0x0040695b
                                                                                                                              0x00406963
                                                                                                                              0x00406963
                                                                                                                              0x00406968
                                                                                                                              0x0040696a
                                                                                                                              0x0040696d
                                                                                                                              0x00406972
                                                                                                                              0x00406973
                                                                                                                              0x00406977
                                                                                                                              0x00406977
                                                                                                                              0x00406978
                                                                                                                              0x0040697f
                                                                                                                              0x00406981
                                                                                                                              0x00406988
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406990
                                                                                                                              0x00406996
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406996
                                                                                                                              0x0040699b

                                                                                                                              APIs
                                                                                                                              • CharNextW.USER32(?,*?|<>/":,00000000,00000000,76DDFAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406952
                                                                                                                              • CharNextW.USER32(?,?,?,00000000,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406961
                                                                                                                              • CharNextW.USER32(?,00000000,76DDFAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406966
                                                                                                                              • CharPrevW.USER32(?,?,76DDFAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406979
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Char$Next$Prev
                                                                                                                              • String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                              • API String ID: 589700163-1201062745
                                                                                                                              • Opcode ID: 4a25a2118415850d7bb15acf585ec7f7b5de772317bec8c7d00468289de3f440
                                                                                                                              • Instruction ID: d28fb8c2eefe6f61a155ceb01790bbf8b21f4710aa7989e54d8eeb8481a577c9
                                                                                                                              • Opcode Fuzzy Hash: 4a25a2118415850d7bb15acf585ec7f7b5de772317bec8c7d00468289de3f440
                                                                                                                              • Instruction Fuzzy Hash: 2611089580061295DB303B18CC40BB762F8AF99B50F12403FE98A776C1E77C4C9286BD
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00404F7F Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00404F7F(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageW(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageW(_t28, 0x113e, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageW(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                                                                                              0x00404f8d
                                                                                                                              0x00404f9a
                                                                                                                              0x00404fa0
                                                                                                                              0x00404fde
                                                                                                                              0x00404fde
                                                                                                                              0x00404fed
                                                                                                                              0x00404ff4
                                                                                                                              0x00000000
                                                                                                                              0x00404ff6
                                                                                                                              0x00404fa2
                                                                                                                              0x00404fb1
                                                                                                                              0x00404fb9
                                                                                                                              0x00404fbc
                                                                                                                              0x00404fce
                                                                                                                              0x00404fd4
                                                                                                                              0x00404fdb
                                                                                                                              0x00000000
                                                                                                                              0x00404fdb
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404F9A
                                                                                                                              • GetMessagePos.USER32 ref: 00404FA2
                                                                                                                              • ScreenToClient.USER32 ref: 00404FBC
                                                                                                                              • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404FCE
                                                                                                                              • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404FF4
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Message$Send$ClientScreen
                                                                                                                              • String ID: f
                                                                                                                              • API String ID: 41195575-1993550816
                                                                                                                              • Opcode ID: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                                                              • Instruction ID: ce4c7d6d39dceca23aa6ebdb29af7737867007859e7bede0b388bd4d525dd41f
                                                                                                                              • Opcode Fuzzy Hash: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                                                              • Instruction Fuzzy Hash: 3C014C71940219BADB00DBA4DD85BFEBBB8AF54711F10012BBB50B61C0D6B49A058BA5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00401E4E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 73%
                                                                                                                              			E00401E4E(intOrPtr __edx) {
				void* __edi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				void* _t31;
				struct HDC__* _t33;
				void* _t35;

				_t30 = __edx;
				_t33 = GetDC( *(_t35 - 8));
				_t9 = E00402D84(2);
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				0x40cdf8->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t33, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t33);
				 *0x40ce08 = E00402D84(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x20));
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				 *0x40ce0f = 1;
				 *0x40ce0c = _t15 & 0x00000001;
				 *0x40ce0d = _t15 & 0x00000002;
				 *0x40ce0e = _t15 & 0x00000004;
				E004066A5(_t9, _t31, _t33, "MS Shell Dlg",  *((intOrPtr*)(_t35 - 0x2c)));
				_t18 = CreateFontIndirectW(0x40cdf8);
				_push(_t18);
				_push(_t31);
				E004065AF();
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}











                                                                                                                              0x00401e4e
                                                                                                                              0x00401e59
                                                                                                                              0x00401e5b
                                                                                                                              0x00401e68
                                                                                                                              0x00401e7f
                                                                                                                              0x00401e84
                                                                                                                              0x00401e91
                                                                                                                              0x00401e96
                                                                                                                              0x00401e9a
                                                                                                                              0x00401ea5
                                                                                                                              0x00401eac
                                                                                                                              0x00401ebe
                                                                                                                              0x00401ec4
                                                                                                                              0x00401ec9
                                                                                                                              0x00401ed3
                                                                                                                              0x00402638
                                                                                                                              0x0040156d
                                                                                                                              0x00402ba4
                                                                                                                              0x00402c2d
                                                                                                                              0x00402c39

                                                                                                                              APIs
                                                                                                                              • GetDC.USER32(?), ref: 00401E51
                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E6B
                                                                                                                              • MulDiv.KERNEL32(00000000,00000000), ref: 00401E73
                                                                                                                              • ReleaseDC.USER32 ref: 00401E84
                                                                                                                                • Part of subcall function 004066A5: lstrcatW.KERNEL32(C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\xml\xui\titlebar,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                                                                                                • Part of subcall function 004066A5: lstrlenW.KERNEL32(C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\xml\xui\titlebar,00000000,Extract: browser.maki,?,00405701,Extract: browser.maki,00000000), ref: 004068A4
                                                                                                                              • CreateFontIndirectW.GDI32(0040CDF8), ref: 00401ED3
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CapsCreateDeviceFontIndirectReleaselstrcatlstrlen
                                                                                                                              • String ID: MS Shell Dlg
                                                                                                                              • API String ID: 2584051700-76309092
                                                                                                                              • Opcode ID: e128970cf71a0b284ce18b21917758e509e5717976d06807f88455f58f814df6
                                                                                                                              • Instruction ID: b9cc094806d22c325402cb6ccb5f5134c2025175c414775df3ff87de861ccae2
                                                                                                                              • Opcode Fuzzy Hash: e128970cf71a0b284ce18b21917758e509e5717976d06807f88455f58f814df6
                                                                                                                              • Instruction Fuzzy Hash: 8401B571900241EFEB005BB4EE89A9A3FB0AB15301F208939F541B71D2C6B904459BED
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00402F93 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00402F93(struct HWND__* _a4, intOrPtr _a8) {
				short _v132;
				void* _t11;
				WCHAR* _t19;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t11 = E00403012();
					_t19 = L"unpacking data: %d%%";
					if( *0x42a270 == 0) {
						_t19 = L"verifying installer: %d%%";
					}
					wsprintfW( &_v132, _t19, _t11);
					SetWindowTextW(_a4,  &_v132);
					SetDlgItemTextW(_a4, 0x406,  &_v132);
				}
				return 0;
			}






                                                                                                                              0x00402fa3
                                                                                                                              0x00402fb1
                                                                                                                              0x00402fb7
                                                                                                                              0x00402fb7
                                                                                                                              0x00402fc5
                                                                                                                              0x00402fc7
                                                                                                                              0x00402fd3
                                                                                                                              0x00402fd8
                                                                                                                              0x00402fda
                                                                                                                              0x00402fda
                                                                                                                              0x00402fe5
                                                                                                                              0x00402ff5
                                                                                                                              0x00403007
                                                                                                                              0x00403007
                                                                                                                              0x0040300f

                                                                                                                              APIs
                                                                                                                              • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FB1
                                                                                                                              • wsprintfW.USER32 ref: 00402FE5
                                                                                                                              • SetWindowTextW.USER32(?,?), ref: 00402FF5
                                                                                                                              • SetDlgItemTextW.USER32 ref: 00403007
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                              • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                                                                              • API String ID: 1451636040-1158693248
                                                                                                                              • Opcode ID: b65fa6b26e28fa793ab4966251e07a6fe500b79f9b1e2f9c66e5bc42e84335f7
                                                                                                                              • Instruction ID: 34ad84b97f90b05cf42cbebec4ee1aaae98efe268bf46a139428006d78f28757
                                                                                                                              • Opcode Fuzzy Hash: b65fa6b26e28fa793ab4966251e07a6fe500b79f9b1e2f9c66e5bc42e84335f7
                                                                                                                              • Instruction Fuzzy Hash: 25F0497050020DABEF246F60DD49BEA3B69FB00309F00803AFA05B51D0DFBD9A559F59
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00402950 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 93%
                                                                                                                              			E00402950(void* __ebx, void* __eflags) {
				WCHAR* _t26;
				void* _t29;
				long _t37;
				void* _t49;
				void* _t52;
				void* _t54;
				void* _t56;
				void* _t59;
				void* _t60;
				void* _t61;

				_t49 = __ebx;
				_t52 = 0xfffffd66;
				_t26 = E00402DA6(0xfffffff0);
				_t55 = _t26;
				 *(_t61 - 0x40) = _t26;
				if(E00405FAE(_t26) == 0) {
					E00402DA6(0xffffffed);
				}
				E00406133(_t55);
				_t29 = E00406158(_t55, 0x40000000, 2);
				 *(_t61 + 8) = _t29;
				if(_t29 != 0xffffffff) {
					 *(_t61 - 0x38) =  *(_t61 - 0x2c);
					if( *(_t61 - 0x28) != _t49) {
						_t37 =  *0x42a274;
						 *(_t61 - 0x44) = _t37;
						_t54 = GlobalAlloc(0x40, _t37);
						if(_t54 != _t49) {
							E004035F8(_t49);
							E004035E2(_t54,  *(_t61 - 0x44));
							_t59 = GlobalAlloc(0x40,  *(_t61 - 0x28));
							 *(_t61 - 0x10) = _t59;
							if(_t59 != _t49) {
								E00403371(_t51,  *(_t61 - 0x2c), _t49, _t59,  *(_t61 - 0x28));
								while( *_t59 != _t49) {
									_t51 =  *_t59;
									_t60 = _t59 + 8;
									 *(_t61 - 0x3c) =  *_t59;
									E00406113( *((intOrPtr*)(_t59 + 4)) + _t54, _t60,  *_t59);
									_t59 = _t60 +  *(_t61 - 0x3c);
								}
								GlobalFree( *(_t61 - 0x10));
							}
							E0040620A( *(_t61 + 8), _t54,  *(_t61 - 0x44));
							GlobalFree(_t54);
							 *(_t61 - 0x38) =  *(_t61 - 0x38) | 0xffffffff;
						}
					}
					_t52 = E00403371(_t51,  *(_t61 - 0x38),  *(_t61 + 8), _t49, _t49);
					CloseHandle( *(_t61 + 8));
				}
				_t56 = 0xfffffff3;
				if(_t52 < _t49) {
					_t56 = 0xffffffef;
					DeleteFileW( *(_t61 - 0x40));
					 *((intOrPtr*)(_t61 - 4)) = 1;
				}
				_push(_t56);
				E00401423();
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t61 - 4));
				return 0;
			}













                                                                                                                              0x00402950
                                                                                                                              0x00402952
                                                                                                                              0x00402957
                                                                                                                              0x0040295c
                                                                                                                              0x0040295f
                                                                                                                              0x00402969
                                                                                                                              0x0040296d
                                                                                                                              0x0040296d
                                                                                                                              0x00402973
                                                                                                                              0x00402980
                                                                                                                              0x00402988
                                                                                                                              0x0040298b
                                                                                                                              0x00402997
                                                                                                                              0x0040299a
                                                                                                                              0x004029a0
                                                                                                                              0x004029ae
                                                                                                                              0x004029b3
                                                                                                                              0x004029b7
                                                                                                                              0x004029ba
                                                                                                                              0x004029c3
                                                                                                                              0x004029cf
                                                                                                                              0x004029d3
                                                                                                                              0x004029d6
                                                                                                                              0x004029e0
                                                                                                                              0x004029ff
                                                                                                                              0x004029e7
                                                                                                                              0x004029ec
                                                                                                                              0x004029f4
                                                                                                                              0x004029f7
                                                                                                                              0x004029fc
                                                                                                                              0x004029fc
                                                                                                                              0x00402a06
                                                                                                                              0x00402a06
                                                                                                                              0x00402a13
                                                                                                                              0x00402a19
                                                                                                                              0x00402a1f
                                                                                                                              0x00402a1f
                                                                                                                              0x004029b7
                                                                                                                              0x00402a33
                                                                                                                              0x00402a35
                                                                                                                              0x00402a35
                                                                                                                              0x00402a3f
                                                                                                                              0x00402a40
                                                                                                                              0x00402a44
                                                                                                                              0x00402a48
                                                                                                                              0x00402a4e
                                                                                                                              0x00402a4e
                                                                                                                              0x00402a55
                                                                                                                              0x004022f1
                                                                                                                              0x00402c2d
                                                                                                                              0x00402c39

                                                                                                                              APIs
                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029B1
                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029CD
                                                                                                                              • GlobalFree.KERNEL32 ref: 00402A06
                                                                                                                              • GlobalFree.KERNEL32 ref: 00402A19
                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A35
                                                                                                                              • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A48
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2667972263-0
                                                                                                                              • Opcode ID: cc682eb677fc0cdddcbf9664361c627099a0f91e8e9c012db3e8b517a211182c
                                                                                                                              • Instruction ID: 78b93316678d616cb595922dcd62a83f4062aa2fb33f08fb70827f98fa9650ab
                                                                                                                              • Opcode Fuzzy Hash: cc682eb677fc0cdddcbf9664361c627099a0f91e8e9c012db3e8b517a211182c
                                                                                                                              • Instruction Fuzzy Hash: E131B171D00124BBCF216FA9CE89D9EBE79AF09364F10023AF461762E1CB794D429B58
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 6F3A1021 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 59COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 16%
                                                                                                                              			E6F3A1021(void* __eflags, char _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				char* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char* _v24;
				char* _v28;
				signed int _v32;
				char _v36;
				char _v556;
				char _v1076;
				char _v3124;
				char* _t35;
				char* _t36;
				void* _t37;
				char* _t39;

				 *0x6f3a615c = _a8;
				 *0x6f3a6160 = _a16;
				 *0x6f3a6164 = _a12;
				if(E6F3A1E4E( &_v3124, 0x104) != 0 || E6F3A1E4E( &_v1076, 0x400) != 0) {
					L3:
					return E6F3A1E9C(L"error");
				} else {
					_v32 = _v32 & 0x00000000;
					_v36 = _a4;
					_v28 =  &_v556;
					_v8 = _v8 & 0x00000000;
					_v24 =  &_v3124;
					_v20 = 0x45;
					_v12 =  &_v1076;
					_t35 =  &_v36;
					_v16 = E6F3A1000;
					__imp__SHBrowseForFolderW(_t35);
					_t39 = _t35;
					if(_t39 != 0) {
						_t36 =  &_v556;
						__imp__SHGetPathFromIDListW(_t39, _t36);
						if(_t36 == 0) {
							_push(L"error");
						} else {
							_push( &_v556);
						}
						_t37 = E6F3A1E9C();
						__imp__CoTaskMemFree();
						return _t37;
					}
					goto L3;
				}
			}


















                                                                                                                              0x6f3a102e
                                                                                                                              0x6f3a1036
                                                                                                                              0x6f3a103e
                                                                                                                              0x6f3a1056
                                                                                                                              0x6f3a10b4
                                                                                                                              0x00000000
                                                                                                                              0x6f3a106d
                                                                                                                              0x6f3a1070
                                                                                                                              0x6f3a1074
                                                                                                                              0x6f3a107d
                                                                                                                              0x6f3a1086
                                                                                                                              0x6f3a108a
                                                                                                                              0x6f3a1093
                                                                                                                              0x6f3a109a
                                                                                                                              0x6f3a109d
                                                                                                                              0x6f3a10a1
                                                                                                                              0x6f3a10a8
                                                                                                                              0x6f3a10ae
                                                                                                                              0x6f3a10b2
                                                                                                                              0x6f3a10c0
                                                                                                                              0x6f3a10c8
                                                                                                                              0x6f3a10d0
                                                                                                                              0x6f3a10db
                                                                                                                              0x6f3a10d2
                                                                                                                              0x6f3a10d8
                                                                                                                              0x6f3a10d8
                                                                                                                              0x6f3a10e0
                                                                                                                              0x6f3a10e6
                                                                                                                              0x00000000
                                                                                                                              0x6f3a10e6
                                                                                                                              0x00000000
                                                                                                                              0x6f3a10b2

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 6F3A1E4E: lstrcpynW.KERNEL32(6F3A1054,?,?,?,6F3A1054,?), ref: 6F3A1E7B
                                                                                                                                • Part of subcall function 6F3A1E4E: GlobalFree.KERNEL32 ref: 6F3A1E8B
                                                                                                                              • SHBrowseForFolderW.SHELL32(?), ref: 6F3A10A8
                                                                                                                              • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 6F3A10C8
                                                                                                                              • CoTaskMemFree.OLE32(00000000,error), ref: 6F3A10E6
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.699359362.000000006F3A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6F3A0000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.699351571.000000006F3A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699369720.000000006F3A3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699377071.000000006F3A4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699384845.000000006F3A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6f3a0000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Free$BrowseFolderFromGlobalListPathTasklstrcpyn
                                                                                                                              • String ID: E$error
                                                                                                                              • API String ID: 1728609016-2359134700
                                                                                                                              • Opcode ID: 9045ed188e54335f704b6f6bdac9631a30f7b77ee185aa57969bd378c8f93e69
                                                                                                                              • Instruction ID: 8b5a386f6f8db5e7ebc865c70a71ecaef77df6b8707498815b10b257ad604a72
                                                                                                                              • Opcode Fuzzy Hash: 9045ed188e54335f704b6f6bdac9631a30f7b77ee185aa57969bd378c8f93e69
                                                                                                                              • Instruction Fuzzy Hash: 25215BB5900218ABDB11EFA6C944BDEB7BCEB09354F004256E505E6240EB36DB648F95
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 6F561979 Relevance: 7.7, APIs: 5, Instructions: 194COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 97%
                                                                                                                              			E6F561979(signed int __edx, void* __eflags, void* _a8, void* _a16) {
				void* _v8;
				signed int _v12;
				signed int _v20;
				signed int _v24;
				char _v76;
				void _t45;
				signed int _t46;
				signed int _t47;
				signed int _t48;
				signed int _t57;
				signed int _t58;
				signed int _t59;
				signed int _t60;
				signed int _t61;
				void* _t67;
				void* _t68;
				void* _t69;
				void* _t70;
				void* _t71;
				signed int _t77;
				void* _t81;
				signed int _t83;
				signed int _t85;
				signed int _t87;
				signed int _t90;
				void* _t101;

				_t85 = __edx;
				 *0x6f56506c = _a8;
				_t77 = 0;
				 *0x6f565070 = _a16;
				_v12 = 0;
				_v8 = E6F5612E3();
				_t90 = E6F5613B1(_t42);
				_t87 = _t85;
				_t81 = E6F5612E3();
				_a8 = _t81;
				_t45 =  *_t81;
				if(_t45 != 0x7e && _t45 != 0x21) {
					_a16 = E6F5612E3();
					_t77 = E6F5613B1(_t74);
					_v12 = _t85;
					GlobalFree(_a16);
					_t81 = _a8;
				}
				_t46 =  *_t81 & 0x0000ffff;
				_t101 = _t46 - 0x2f;
				if(_t101 > 0) {
					_t47 = _t46 - 0x3c;
					__eflags = _t47;
					if(_t47 == 0) {
						__eflags =  *((short*)(_t81 + 2)) - 0x3c;
						if( *((short*)(_t81 + 2)) != 0x3c) {
							__eflags = _t87 - _v12;
							if(__eflags > 0) {
								L56:
								_t48 = 0;
								__eflags = 0;
								L57:
								asm("cdq");
								L58:
								_t90 = _t48;
								_t87 = _t85;
								L59:
								E6F561510(_t85, _t90, _t87,  &_v76);
								E6F561312( &_v76);
								GlobalFree(_v8);
								return GlobalFree(_a8);
							}
							if(__eflags < 0) {
								L49:
								__eflags = 0;
								L50:
								_t48 = 1;
								goto L57;
							}
							__eflags = _t90 - _t77;
							if(_t90 < _t77) {
								goto L49;
							}
							goto L56;
						}
						_t85 = _t87;
						_t48 = E6F563050(_t90, _t77, _t85);
						goto L58;
					}
					_t57 = _t47 - 1;
					__eflags = _t57;
					if(_t57 == 0) {
						__eflags = _t90 - _t77;
						if(_t90 != _t77) {
							goto L56;
						}
						__eflags = _t87 - _v12;
						if(_t87 != _v12) {
							goto L56;
						}
						goto L49;
					}
					_t58 = _t57 - 1;
					__eflags = _t58;
					if(_t58 == 0) {
						__eflags =  *((short*)(_t81 + 2)) - 0x3e;
						if( *((short*)(_t81 + 2)) != 0x3e) {
							__eflags = _t87 - _v12;
							if(__eflags < 0) {
								goto L56;
							}
							if(__eflags > 0) {
								goto L49;
							}
							__eflags = _t90 - _t77;
							if(_t90 <= _t77) {
								goto L56;
							}
							goto L49;
						}
						__eflags =  *((short*)(_t81 + 4)) - 0x3e;
						_t85 = _t87;
						_t59 = _t90;
						_t83 = _t77;
						if( *((short*)(_t81 + 4)) != 0x3e) {
							_t48 = E6F563070(_t59, _t83, _t85);
						} else {
							_t48 = E6F5630A0(_t59, _t83, _t85);
						}
						goto L58;
					}
					_t60 = _t58 - 0x20;
					__eflags = _t60;
					if(_t60 == 0) {
						_t90 = _t90 ^ _t77;
						_t87 = _t87 ^ _v12;
						goto L59;
					}
					_t61 = _t60 - 0x1e;
					__eflags = _t61;
					if(_t61 == 0) {
						__eflags =  *((short*)(_t81 + 2)) - 0x7c;
						if( *((short*)(_t81 + 2)) != 0x7c) {
							_t90 = _t90 | _t77;
							_t87 = _t87 | _v12;
							goto L59;
						}
						__eflags = _t90 | _t87;
						if((_t90 | _t87) != 0) {
							goto L49;
						}
						__eflags = _t77 | _v12;
						if((_t77 | _v12) != 0) {
							goto L49;
						}
						goto L56;
					}
					__eflags = _t61 == 0;
					if(_t61 == 0) {
						_t90 =  !_t90;
						_t87 =  !_t87;
					}
					goto L59;
				}
				if(_t101 == 0) {
					L21:
					__eflags = _t77 | _v12;
					if((_t77 | _v12) != 0) {
						_v24 = E6F562EE0(_t90, _t87, _t77, _v12);
						_v20 = _t85;
						_t48 = E6F562F90(_t90, _t87, _t77, _v12);
						_t81 = _a8;
					} else {
						_v24 = _v24 & 0x00000000;
						_v20 = _v20 & 0x00000000;
						_t48 = _t90;
						_t85 = _t87;
					}
					__eflags =  *_t81 - 0x2f;
					if( *_t81 != 0x2f) {
						goto L58;
					} else {
						_t90 = _v24;
						_t87 = _v20;
						goto L59;
					}
				}
				_t67 = _t46 - 0x21;
				if(_t67 == 0) {
					_t48 = 0;
					__eflags = _t90 | _t87;
					if((_t90 | _t87) != 0) {
						goto L57;
					}
					goto L50;
				}
				_t68 = _t67 - 4;
				if(_t68 == 0) {
					goto L21;
				}
				_t69 = _t68 - 1;
				if(_t69 == 0) {
					__eflags =  *((short*)(_t81 + 2)) - 0x26;
					if( *((short*)(_t81 + 2)) != 0x26) {
						_t90 = _t90 & _t77;
						_t87 = _t87 & _v12;
						goto L59;
					}
					__eflags = _t90 | _t87;
					if((_t90 | _t87) == 0) {
						goto L56;
					}
					__eflags = _t77 | _v12;
					if((_t77 | _v12) == 0) {
						goto L56;
					}
					goto L49;
				}
				_t70 = _t69 - 4;
				if(_t70 == 0) {
					_t48 = E6F562EA0(_t90, _t87, _t77, _v12);
					goto L58;
				} else {
					_t71 = _t70 - 1;
					if(_t71 == 0) {
						_t90 = _t90 + _t77;
						asm("adc edi, [ebp-0x8]");
					} else {
						if(_t71 == 0) {
							_t90 = _t90 - _t77;
							asm("sbb edi, [ebp-0x8]");
						}
					}
					goto L59;
				}
			}





























                                                                                                                              0x6f561979
                                                                                                                              0x6f561983
                                                                                                                              0x6f56198c
                                                                                                                              0x6f56198f
                                                                                                                              0x6f561994
                                                                                                                              0x6f56199d
                                                                                                                              0x6f5619a6
                                                                                                                              0x6f5619a8
                                                                                                                              0x6f5619af
                                                                                                                              0x6f5619b1
                                                                                                                              0x6f5619b4
                                                                                                                              0x6f5619bb
                                                                                                                              0x6f5619c9
                                                                                                                              0x6f5619d2
                                                                                                                              0x6f5619d7
                                                                                                                              0x6f5619da
                                                                                                                              0x6f5619e0
                                                                                                                              0x6f5619e0
                                                                                                                              0x6f5619e3
                                                                                                                              0x6f5619e6
                                                                                                                              0x6f5619e9
                                                                                                                              0x6f561ab1
                                                                                                                              0x6f561ab1
                                                                                                                              0x6f561ab4
                                                                                                                              0x6f561b34
                                                                                                                              0x6f561b39
                                                                                                                              0x6f561b48
                                                                                                                              0x6f561b4b
                                                                                                                              0x6f561b53
                                                                                                                              0x6f561b53
                                                                                                                              0x6f561b53
                                                                                                                              0x6f561b55
                                                                                                                              0x6f561b55
                                                                                                                              0x6f561b56
                                                                                                                              0x6f561b56
                                                                                                                              0x6f561b58
                                                                                                                              0x6f561b5a
                                                                                                                              0x6f561b60
                                                                                                                              0x6f561b69
                                                                                                                              0x6f561b7a
                                                                                                                              0x6f561b85
                                                                                                                              0x6f561b85
                                                                                                                              0x6f561b4d
                                                                                                                              0x6f561b2f
                                                                                                                              0x6f561b2f
                                                                                                                              0x6f561b31
                                                                                                                              0x6f561b31
                                                                                                                              0x00000000
                                                                                                                              0x6f561b31
                                                                                                                              0x6f561b4f
                                                                                                                              0x6f561b51
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f561b51
                                                                                                                              0x6f561b3d
                                                                                                                              0x6f561b41
                                                                                                                              0x00000000
                                                                                                                              0x6f561b41
                                                                                                                              0x6f561ab6
                                                                                                                              0x6f561ab6
                                                                                                                              0x6f561ab7
                                                                                                                              0x6f561b26
                                                                                                                              0x6f561b28
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f561b2a
                                                                                                                              0x6f561b2d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f561b2d
                                                                                                                              0x6f561ab9
                                                                                                                              0x6f561ab9
                                                                                                                              0x6f561aba
                                                                                                                              0x6f561af7
                                                                                                                              0x6f561afc
                                                                                                                              0x6f561b19
                                                                                                                              0x6f561b1c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f561b1e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f561b20
                                                                                                                              0x6f561b22
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f561b24
                                                                                                                              0x6f561afe
                                                                                                                              0x6f561b03
                                                                                                                              0x6f561b05
                                                                                                                              0x6f561b07
                                                                                                                              0x6f561b09
                                                                                                                              0x6f561b12
                                                                                                                              0x6f561b0b
                                                                                                                              0x6f561b0b
                                                                                                                              0x6f561b0b
                                                                                                                              0x00000000
                                                                                                                              0x6f561b09
                                                                                                                              0x6f561abc
                                                                                                                              0x6f561abc
                                                                                                                              0x6f561abf
                                                                                                                              0x6f561af0
                                                                                                                              0x6f561af2
                                                                                                                              0x00000000
                                                                                                                              0x6f561af2
                                                                                                                              0x6f561ac1
                                                                                                                              0x6f561ac1
                                                                                                                              0x6f561ac4
                                                                                                                              0x6f561ad7
                                                                                                                              0x6f561adc
                                                                                                                              0x6f561ae9
                                                                                                                              0x6f561aeb
                                                                                                                              0x00000000
                                                                                                                              0x6f561aeb
                                                                                                                              0x6f561ade
                                                                                                                              0x6f561ae0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f561ae2
                                                                                                                              0x6f561ae5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f561ae7
                                                                                                                              0x6f561ac7
                                                                                                                              0x6f561ac8
                                                                                                                              0x6f561ace
                                                                                                                              0x6f561ad0
                                                                                                                              0x6f561ad0
                                                                                                                              0x00000000
                                                                                                                              0x6f561ac8
                                                                                                                              0x6f5619ef
                                                                                                                              0x6f561a68
                                                                                                                              0x6f561a6a
                                                                                                                              0x6f561a6d
                                                                                                                              0x6f561a8b
                                                                                                                              0x6f561a8e
                                                                                                                              0x6f561a94
                                                                                                                              0x6f561a99
                                                                                                                              0x6f561a6f
                                                                                                                              0x6f561a6f
                                                                                                                              0x6f561a73
                                                                                                                              0x6f561a77
                                                                                                                              0x6f561a79
                                                                                                                              0x6f561a79
                                                                                                                              0x6f561a9c
                                                                                                                              0x6f561aa0
                                                                                                                              0x00000000
                                                                                                                              0x6f561aa6
                                                                                                                              0x6f561aa6
                                                                                                                              0x6f561aa9
                                                                                                                              0x00000000
                                                                                                                              0x6f561aa9
                                                                                                                              0x6f561aa0
                                                                                                                              0x6f5619f1
                                                                                                                              0x6f5619f4
                                                                                                                              0x6f561a59
                                                                                                                              0x6f561a5b
                                                                                                                              0x6f561a5d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f561a63
                                                                                                                              0x6f5619f6
                                                                                                                              0x6f5619f9
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f5619fb
                                                                                                                              0x6f5619fc
                                                                                                                              0x6f561a32
                                                                                                                              0x6f561a37
                                                                                                                              0x6f561a4f
                                                                                                                              0x6f561a51
                                                                                                                              0x00000000
                                                                                                                              0x6f561a51
                                                                                                                              0x6f561a39
                                                                                                                              0x6f561a3b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f561a41
                                                                                                                              0x6f561a44
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f561a4a
                                                                                                                              0x6f5619fe
                                                                                                                              0x6f561a01
                                                                                                                              0x6f561a28
                                                                                                                              0x00000000
                                                                                                                              0x6f561a03
                                                                                                                              0x6f561a03
                                                                                                                              0x6f561a04
                                                                                                                              0x6f561a18
                                                                                                                              0x6f561a1a
                                                                                                                              0x6f561a06
                                                                                                                              0x6f561a08
                                                                                                                              0x6f561a0e
                                                                                                                              0x6f561a10
                                                                                                                              0x6f561a10
                                                                                                                              0x6f561a08
                                                                                                                              0x00000000
                                                                                                                              0x6f561a04

                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.699435220.000000006F561000.00000020.00000001.01000000.00000004.sdmp, Offset: 6F560000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.699425612.000000006F560000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699447140.000000006F564000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699455238.000000006F566000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6f560000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FreeGlobal
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2979337801-0
                                                                                                                              • Opcode ID: a320ed57e62679d751692dd0814a43bc9ebd6488aa78f331b5f396012c34da56
                                                                                                                              • Instruction ID: f3d5ee8798b5f4ed1a8cf34bf4d7a66f6370099e3f27d41c470042ec5611773e
                                                                                                                              • Opcode Fuzzy Hash: a320ed57e62679d751692dd0814a43bc9ebd6488aa78f331b5f396012c34da56
                                                                                                                              • Instruction Fuzzy Hash: CB51C232D04118AACB10DFB8C5405BEBBB5EF89B14F01967BD430A7272E771BD8587A1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00402EA9 Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 48%
                                                                                                                              			E00402EA9(void* __eflags, void* _a4, short* _a8, signed int _a12) {
				void* _v8;
				int _v12;
				short _v536;
				void* _t27;
				signed int _t33;
				intOrPtr* _t35;
				signed int _t45;
				signed int _t46;
				signed int _t47;

				_t46 = _a12;
				_t47 = _t46 & 0x00000300;
				_t45 = _t46 & 0x00000001;
				_t27 = E004064D5(__eflags, _a4, _a8, _t47 | 0x00000009,  &_v8);
				if(_t27 == 0) {
					if((_a12 & 0x00000002) == 0) {
						L3:
						_push(0x105);
						_push( &_v536);
						_push(0);
						while(RegEnumKeyW(_v8, ??, ??, ??) == 0) {
							__eflags = _t45;
							if(__eflags != 0) {
								L10:
								RegCloseKey(_v8);
								return 0x3eb;
							}
							_t33 = E00402EA9(__eflags, _v8,  &_v536, _a12);
							__eflags = _t33;
							if(_t33 != 0) {
								break;
							}
							_push(0x105);
							_push( &_v536);
							_push(_t45);
						}
						RegCloseKey(_v8);
						_t35 = E00406A35(3);
						if(_t35 != 0) {
							return  *_t35(_a4, _a8, _t47, 0);
						}
						return RegDeleteKeyW(_a4, _a8);
					}
					_v12 = 0;
					if(RegEnumValueW(_v8, 0,  &_v536,  &_v12, 0, 0, 0, 0) != 0x103) {
						goto L10;
					}
					goto L3;
				}
				return _t27;
			}












                                                                                                                              0x00402eb4
                                                                                                                              0x00402ebd
                                                                                                                              0x00402ec6
                                                                                                                              0x00402ed2
                                                                                                                              0x00402edb
                                                                                                                              0x00402ee5
                                                                                                                              0x00402f0a
                                                                                                                              0x00402f10
                                                                                                                              0x00402f15
                                                                                                                              0x00402f16
                                                                                                                              0x00402f46
                                                                                                                              0x00402f1f
                                                                                                                              0x00402f21
                                                                                                                              0x00402f71
                                                                                                                              0x00402f74
                                                                                                                              0x00000000
                                                                                                                              0x00402f7a
                                                                                                                              0x00402f30
                                                                                                                              0x00402f35
                                                                                                                              0x00402f37
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00402f3f
                                                                                                                              0x00402f44
                                                                                                                              0x00402f45
                                                                                                                              0x00402f45
                                                                                                                              0x00402f52
                                                                                                                              0x00402f5a
                                                                                                                              0x00402f61
                                                                                                                              0x00000000
                                                                                                                              0x00402f8a
                                                                                                                              0x00000000
                                                                                                                              0x00402f69
                                                                                                                              0x00402ef5
                                                                                                                              0x00402f08
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00402f08
                                                                                                                              0x00402f90

                                                                                                                              APIs
                                                                                                                              • RegEnumValueW.ADVAPI32 ref: 00402EFD
                                                                                                                              • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F49
                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F52
                                                                                                                              • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F69
                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F74
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseEnum$DeleteValue
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1354259210-0
                                                                                                                              • Opcode ID: 2f5760c81b9bdb573da93a40119b3bcbbfe2770e9a6cbc48a05e82d61b54c679
                                                                                                                              • Instruction ID: 37c7ba0f9c491dd7f389852fcb35a119484072d927876f68e32cbd91f0a54eef
                                                                                                                              • Opcode Fuzzy Hash: 2f5760c81b9bdb573da93a40119b3bcbbfe2770e9a6cbc48a05e82d61b54c679
                                                                                                                              • Instruction Fuzzy Hash: 6D216B7150010ABBDF11AF94CE89EEF7B7DEB50384F110076F909B21E0D7B49E54AA68
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 6F5616BD Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E6F5616BD(struct HINSTANCE__* _a4, short* _a8) {
				_Unknown_base(*)()* _t7;
				void* _t10;
				int _t14;

				_t14 = WideCharToMultiByte(0, 0, _a8, 0xffffffff, 0, 0, 0, 0);
				_t10 = GlobalAlloc(0x40, _t14);
				WideCharToMultiByte(0, 0, _a8, 0xffffffff, _t10, _t14, 0, 0);
				_t7 = GetProcAddress(_a4, _t10);
				GlobalFree(_t10);
				return _t7;
			}






                                                                                                                              0x6f5616d7
                                                                                                                              0x6f5616e3
                                                                                                                              0x6f5616f0
                                                                                                                              0x6f5616f7
                                                                                                                              0x6f561700
                                                                                                                              0x6f56170c

                                                                                                                              APIs
                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,6F5622D8,?,00000808), ref: 6F5616D5
                                                                                                                              • GlobalAlloc.KERNEL32(00000040,00000000,?,00000000,6F5622D8,?,00000808), ref: 6F5616DC
                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,6F5622D8,?,00000808), ref: 6F5616F0
                                                                                                                              • GetProcAddress.KERNEL32(6F5622D8,00000000), ref: 6F5616F7
                                                                                                                              • GlobalFree.KERNEL32 ref: 6F561700
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.699435220.000000006F561000.00000020.00000001.01000000.00000004.sdmp, Offset: 6F560000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.699425612.000000006F560000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699447140.000000006F564000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699455238.000000006F566000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6f560000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1148316912-0
                                                                                                                              • Opcode ID: 80ed3b03315c75553e71b9a3560f3705eeca380c9fb8cda1a217dc8296c707a3
                                                                                                                              • Instruction ID: b233919db243203be7c0837accf5e15482e1f6e63d031a6f18cb26b26e6ccb01
                                                                                                                              • Opcode Fuzzy Hash: 80ed3b03315c75553e71b9a3560f3705eeca380c9fb8cda1a217dc8296c707a3
                                                                                                                              • Instruction Fuzzy Hash: 43F01C722065387BDA2016EA8D4CCABBE9CEF8B2F5B120211F628921A0C6619C11D7F1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 6F3A148C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 24COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E6F3A148C(void* __eflags, struct HWND__* _a4, int _a8, int _a12, long _a16) {
				void* _t8;

				_t8 = E6F3A13D2(_a4);
				if(_t8 != 0) {
					if(_a8 != 0x20) {
						return CallWindowProcW( *(_t8 + 0x814), _a4, _a8, _a12, _a16);
					}
					SetCursor(LoadCursorW(0, 0x7f89));
					return 1;
				}
				return _t8;
			}




                                                                                                                              0x6f3a1492
                                                                                                                              0x6f3a1499
                                                                                                                              0x6f3a149f
                                                                                                                              0x00000000
                                                                                                                              0x6f3a14cc
                                                                                                                              0x6f3a14af
                                                                                                                              0x00000000
                                                                                                                              0x6f3a14b7
                                                                                                                              0x6f3a14d3

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 6F3A13D2: GetPropW.USER32(?,NSIS: nsControl pointer property), ref: 6F3A13DB
                                                                                                                              • LoadCursorW.USER32(00000000,00007F89), ref: 6F3A14A8
                                                                                                                              • SetCursor.USER32(00000000,?,?,?), ref: 6F3A14AF
                                                                                                                              • CallWindowProcW.USER32(?,?,00000020,?,?), ref: 6F3A14CC
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.699359362.000000006F3A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6F3A0000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.699351571.000000006F3A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699369720.000000006F3A3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699377071.000000006F3A4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699384845.000000006F3A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6f3a0000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Cursor$CallLoadProcPropWindow
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1635134901-3916222277
                                                                                                                              • Opcode ID: c5f85563914b6461ade4cda6b6f9dfb7373b91a5860e6962276a748edc17d1dd
                                                                                                                              • Instruction ID: f46cfa799368a53d4eb61f900226955cf33c00135d82801dea58a148cea83471
                                                                                                                              • Opcode Fuzzy Hash: c5f85563914b6461ade4cda6b6f9dfb7373b91a5860e6962276a748edc17d1dd
                                                                                                                              • Instruction Fuzzy Hash: C3E0C972144609BBDF41AFA6CD0599A3B6DEF09361F05C524FA1A880A0C77794709F61
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405F37 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 58%
                                                                                                                              			E00405F37(WCHAR* _a4) {
				WCHAR* _t9;

				_t9 = _a4;
				_push( &(_t9[lstrlenW(_t9)]));
				_push(_t9);
				if( *(CharPrevW()) != 0x5c) {
					lstrcatW(_t9, 0x40a014);
				}
				return _t9;
			}




                                                                                                                              0x00405f38
                                                                                                                              0x00405f45
                                                                                                                              0x00405f46
                                                                                                                              0x00405f51
                                                                                                                              0x00405f59
                                                                                                                              0x00405f59
                                                                                                                              0x00405f61

                                                                                                                              APIs
                                                                                                                              • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040362D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405F3D
                                                                                                                              • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040362D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405F47
                                                                                                                              • lstrcatW.KERNEL32(?,0040A014), ref: 00405F59
                                                                                                                              Strings
                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00405F37
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CharPrevlstrcatlstrlen
                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                              • API String ID: 2659869361-823278215
                                                                                                                              • Opcode ID: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                                                              • Instruction ID: 9007417a49851ea4d61da9c71e51c63d156abd36d345156a737e00ee84923012
                                                                                                                              • Opcode Fuzzy Hash: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                                                              • Instruction Fuzzy Hash: 59D05E611019246AC111AB548D04DDB63ACAE85304742046AF601B60A0CB7E196287ED
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 6F5610E1 Relevance: 6.4, APIs: 5, Instructions: 145memoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 91%
                                                                                                                              			E6F5610E1(signed int _a8, intOrPtr* _a12, void* _a16, void* _a20) {
				void* _v0;
				void* _t27;
				signed int _t29;
				void* _t30;
				void* _t34;
				void* _t36;
				void* _t38;
				void* _t40;
				void* _t48;
				void* _t54;
				void* _t63;
				void* _t64;
				signed int _t66;
				void* _t67;
				void* _t73;
				void* _t74;
				void* _t77;
				void* _t80;
				void _t81;
				void _t82;
				intOrPtr _t84;
				void* _t86;
				void* _t88;

				 *0x6f56506c = _a8;
				 *0x6f565070 = _a16;
				 *0x6f565074 = _a12;
				_a12( *0x6f565048, E6F561651, _t73);
				_t66 =  *0x6f56506c +  *0x6f56506c * 4 << 3;
				_t27 = E6F5612E3();
				_v0 = _t27;
				_t74 = _t27;
				if( *_t27 == 0) {
					L28:
					return GlobalFree(_t27);
				}
				do {
					_t29 =  *_t74 & 0x0000ffff;
					_t67 = 2;
					_t74 = _t74 + _t67;
					_t88 = _t29 - 0x66;
					if(_t88 > 0) {
						_t30 = _t29 - 0x6c;
						if(_t30 == 0) {
							L23:
							_t31 =  *0x6f565040;
							if( *0x6f565040 == 0) {
								goto L26;
							}
							E6F561603( *0x6f565074, _t31 + 4, _t66);
							_t34 =  *0x6f565040;
							_t86 = _t86 + 0xc;
							 *0x6f565040 =  *_t34;
							L25:
							GlobalFree(_t34);
							goto L26;
						}
						_t36 = _t30 - 4;
						if(_t36 == 0) {
							L13:
							_t38 = ( *_t74 & 0x0000ffff) - 0x30;
							_t74 = _t74 + _t67;
							_t34 = E6F561312(E6F56135A(_t38));
							L14:
							goto L25;
						}
						_t40 = _t36 - _t67;
						if(_t40 == 0) {
							L11:
							_t80 = ( *_t74 & 0x0000ffff) - 0x30;
							_t74 = _t74 + _t67;
							_t34 = E6F561381(_t80, E6F5612E3());
							goto L14;
						}
						L8:
						if(_t40 == 1) {
							_t81 = GlobalAlloc(0x40, _t66 + 4);
							_t10 = _t81 + 4; // 0x4
							E6F561603(_t10,  *0x6f565074, _t66);
							_t86 = _t86 + 0xc;
							 *_t81 =  *0x6f565040;
							 *0x6f565040 = _t81;
						}
						goto L26;
					}
					if(_t88 == 0) {
						_t48 =  *0x6f565070;
						_t77 =  *_t48;
						 *_t48 =  *_t77;
						_t49 = _v0;
						_t84 =  *((intOrPtr*)(_v0 + 0xc));
						if( *((short*)(_t77 + 4)) == 0x2691) {
							E6F561603(_t49, _t77 + 8, 0x38);
							_t86 = _t86 + 0xc;
						}
						 *((intOrPtr*)( *_a12 + 0xc)) = _t84;
						GlobalFree(_t77);
						goto L26;
					}
					_t54 = _t29 - 0x46;
					if(_t54 == 0) {
						_t82 = GlobalAlloc(0x40,  *0x6f56506c +  *0x6f56506c + 8);
						 *((intOrPtr*)(_t82 + 4)) = 0x2691;
						_t14 = _t82 + 8; // 0x8
						E6F561603(_t14, _v0, 0x38);
						_t86 = _t86 + 0xc;
						 *_t82 =  *( *0x6f565070);
						 *( *0x6f565070) = _t82;
						goto L26;
					}
					_t63 = _t54 - 6;
					if(_t63 == 0) {
						goto L23;
					}
					_t64 = _t63 - 4;
					if(_t64 == 0) {
						 *_t74 =  *_t74 + 0xa;
						goto L13;
					}
					_t40 = _t64 - _t67;
					if(_t40 == 0) {
						 *_t74 =  *_t74 + 0xa;
						goto L11;
					}
					goto L8;
					L26:
				} while ( *_t74 != 0);
				_t27 = _v0;
				goto L28;
			}


























                                                                                                                              0x6f5610eb
                                                                                                                              0x6f561100
                                                                                                                              0x6f561109
                                                                                                                              0x6f56110e
                                                                                                                              0x6f561119
                                                                                                                              0x6f56111c
                                                                                                                              0x6f561125
                                                                                                                              0x6f561129
                                                                                                                              0x6f56112b
                                                                                                                              0x6f5612b0
                                                                                                                              0x6f5612ba
                                                                                                                              0x6f5612ba
                                                                                                                              0x6f561132
                                                                                                                              0x6f561132
                                                                                                                              0x6f561137
                                                                                                                              0x6f561138
                                                                                                                              0x6f56113a
                                                                                                                              0x6f56113d
                                                                                                                              0x6f561256
                                                                                                                              0x6f561259
                                                                                                                              0x6f561271
                                                                                                                              0x6f561271
                                                                                                                              0x6f561278
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f561285
                                                                                                                              0x6f56128a
                                                                                                                              0x6f56128f
                                                                                                                              0x6f561294
                                                                                                                              0x6f56129a
                                                                                                                              0x6f56129b
                                                                                                                              0x00000000
                                                                                                                              0x6f56129b
                                                                                                                              0x6f56125b
                                                                                                                              0x6f56125e
                                                                                                                              0x6f5611bc
                                                                                                                              0x6f5611bf
                                                                                                                              0x6f5611c2
                                                                                                                              0x6f5611cb
                                                                                                                              0x6f5611d0
                                                                                                                              0x00000000
                                                                                                                              0x6f5611d1
                                                                                                                              0x6f561264
                                                                                                                              0x6f561266
                                                                                                                              0x6f5611a2
                                                                                                                              0x6f5611a5
                                                                                                                              0x6f5611a8
                                                                                                                              0x6f5611b1
                                                                                                                              0x00000000
                                                                                                                              0x6f5611b1
                                                                                                                              0x6f561164
                                                                                                                              0x6f561165
                                                                                                                              0x6f561177
                                                                                                                              0x6f561180
                                                                                                                              0x6f561184
                                                                                                                              0x6f56118e
                                                                                                                              0x6f561191
                                                                                                                              0x6f561193
                                                                                                                              0x6f561193
                                                                                                                              0x00000000
                                                                                                                              0x6f561165
                                                                                                                              0x6f561143
                                                                                                                              0x6f561218
                                                                                                                              0x6f56121d
                                                                                                                              0x6f561221
                                                                                                                              0x6f561223
                                                                                                                              0x6f56122c
                                                                                                                              0x6f56122f
                                                                                                                              0x6f561238
                                                                                                                              0x6f56123d
                                                                                                                              0x6f56123d
                                                                                                                              0x6f561247
                                                                                                                              0x6f56124a
                                                                                                                              0x00000000
                                                                                                                              0x6f561250
                                                                                                                              0x6f561149
                                                                                                                              0x6f56114c
                                                                                                                              0x6f5611e9
                                                                                                                              0x6f5611ed
                                                                                                                              0x6f5611f7
                                                                                                                              0x6f5611fb
                                                                                                                              0x6f561205
                                                                                                                              0x6f56120a
                                                                                                                              0x6f561211
                                                                                                                              0x00000000
                                                                                                                              0x6f561211
                                                                                                                              0x6f561152
                                                                                                                              0x6f561155
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f56115b
                                                                                                                              0x6f56115e
                                                                                                                              0x6f5611b8
                                                                                                                              0x00000000
                                                                                                                              0x6f5611b8
                                                                                                                              0x6f561160
                                                                                                                              0x6f561162
                                                                                                                              0x6f56119e
                                                                                                                              0x00000000
                                                                                                                              0x6f56119e
                                                                                                                              0x00000000
                                                                                                                              0x6f5612a1
                                                                                                                              0x6f5612a1
                                                                                                                              0x6f5612ab
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.699435220.000000006F561000.00000020.00000001.01000000.00000004.sdmp, Offset: 6F560000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.699425612.000000006F560000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699447140.000000006F564000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699455238.000000006F566000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6f560000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Global$Free$Alloc
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1780285237-0
                                                                                                                              • Opcode ID: 6d2d81c4885d5a75141ab2b7d4e0c15d45bcb510e450567b4d4206994075acde
                                                                                                                              • Instruction ID: 84038680fa7e6144353e5169681b18c75adecf61865c77c4059fe6a9a789d745
                                                                                                                              • Opcode Fuzzy Hash: 6d2d81c4885d5a75141ab2b7d4e0c15d45bcb510e450567b4d4206994075acde
                                                                                                                              • Instruction Fuzzy Hash: 4E51AD75944601DFDB00CF7DCA48A767BA8FB4AB29B01462AE924DB271EB30ED50CB50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040263E Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 65stringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 92%
                                                                                                                              			E0040263E(void* __ebx, void* __edx, intOrPtr* __edi) {
				signed int _t14;
				int _t17;
				void* _t24;
				intOrPtr* _t29;
				void* _t31;
				signed int _t32;
				void* _t35;
				void* _t40;
				signed int _t42;

				_t29 = __edi;
				_t24 = __ebx;
				_t14 =  *(_t35 - 0x28);
				_t40 = __edx - 0x38;
				 *(_t35 - 0x10) = _t14;
				_t27 = 0 | _t40 == 0x00000000;
				_t32 = _t40 == 0;
				if(_t14 == __ebx) {
					if(__edx != 0x38) {
						_t17 = lstrlenW(E00402DA6(0x11)) + _t16;
					} else {
						E00402DA6(0x21);
						E0040668A("Interactive User", "C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\fonts", 0x400);
						_t17 = lstrlenA("C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\fonts");
					}
				} else {
					E00402D84(1);
					 *0x40adf8 = __ax;
					 *((intOrPtr*)(__ebp - 0x44)) = __edx;
				}
				 *(_t35 + 8) = _t17;
				if( *_t29 == _t24) {
					L13:
					 *((intOrPtr*)(_t35 - 4)) = 1;
				} else {
					_t31 = E004065C8(_t27, _t29);
					if((_t32 |  *(_t35 - 0x10)) != 0 ||  *((intOrPtr*)(_t35 - 0x24)) == _t24 || E00406239(_t31, _t31) >= 0) {
						_t14 = E0040620A(_t31, "C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\fonts",  *(_t35 + 8));
						_t42 = _t14;
						if(_t42 == 0) {
							goto L13;
						}
					} else {
						goto L13;
					}
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}












                                                                                                                              0x0040263e
                                                                                                                              0x0040263e
                                                                                                                              0x0040263e
                                                                                                                              0x00402643
                                                                                                                              0x00402646
                                                                                                                              0x00402649
                                                                                                                              0x0040264e
                                                                                                                              0x00402650
                                                                                                                              0x00402670
                                                                                                                              0x004026aa
                                                                                                                              0x00402672
                                                                                                                              0x00402674
                                                                                                                              0x00402688
                                                                                                                              0x00402695
                                                                                                                              0x00402695
                                                                                                                              0x00402652
                                                                                                                              0x00402654
                                                                                                                              0x00402659
                                                                                                                              0x00402667
                                                                                                                              0x0040266a
                                                                                                                              0x004026af
                                                                                                                              0x004026b2
                                                                                                                              0x0040292e
                                                                                                                              0x0040292e
                                                                                                                              0x004026b8
                                                                                                                              0x004026c1
                                                                                                                              0x004026c3
                                                                                                                              0x004026e2
                                                                                                                              0x004015b4
                                                                                                                              0x004015b6
                                                                                                                              0x00000000
                                                                                                                              0x004015bc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004026c3
                                                                                                                              0x00402c2d
                                                                                                                              0x00402c39

                                                                                                                              APIs
                                                                                                                              • lstrlenA.KERNEL32(C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\fonts), ref: 00402695
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: lstrlen
                                                                                                                              • String ID: C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\fonts$Interactive User
                                                                                                                              • API String ID: 1659193697-2829723512
                                                                                                                              • Opcode ID: 8c6554b53cfcec5e2f07c2cef93b4325bcb2464f26661cdf6029d648463e49ea
                                                                                                                              • Instruction ID: f1e3379d491753f9d96dc3c217618d2e64da59e9cc8309568291ba5d2d488428
                                                                                                                              • Opcode Fuzzy Hash: 8c6554b53cfcec5e2f07c2cef93b4325bcb2464f26661cdf6029d648463e49ea
                                                                                                                              • Instruction Fuzzy Hash: D511C472A00205EBCB10BBB18E4AA9E76619F44758F21483FE402B61C1DAFD8891965F
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 6F3A1332 Relevance: 6.1, APIs: 4, Instructions: 63stringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 69%
                                                                                                                              			E6F3A1332(WCHAR* _a4, int _a8, intOrPtr _a12) {
				struct tagRECT _v20;
				long _t31;
				short _t32;
				WCHAR* _t34;
				int _t35;

				_t34 = _a4;
				_push( &(_t34[lstrlenW(_t34)]));
				_push(_t34);
				_t32 =  *(CharPrevW());
				_t35 = E6F3A1EE2(_t34);
				if(_t32 != 0x25) {
					if(_t32 != 0x75) {
						if(_t35 >= 0) {
							return _t35;
						}
						return _a8 + _t35;
					}
					_v20.top = _t35;
					_v20.left = _t35;
					_v20.bottom = 0;
					_v20.right = 0;
					MapDialogRect( *0x6f3a6144,  &_v20);
					if(_a12 == 0) {
						if(_t35 < 0) {
							_t31 = _v20.left;
							L12:
							return _a8 + _t31;
						}
						return _v20.left;
					}
					if(_t35 < 0) {
						_t31 = _v20.top;
						goto L12;
					}
					return _v20.top;
				}
				_push(0x64);
				if(_t35 < 0) {
					_t35 = _t35 + 0x64;
				}
				return MulDiv(_a8, _t35, ??);
			}








                                                                                                                              0x6f3a1339
                                                                                                                              0x6f3a1347
                                                                                                                              0x6f3a1348
                                                                                                                              0x6f3a134f
                                                                                                                              0x6f3a135c
                                                                                                                              0x6f3a135e
                                                                                                                              0x6f3a1379
                                                                                                                              0x6f3a13c1
                                                                                                                              0x00000000
                                                                                                                              0x6f3a13ca
                                                                                                                              0x00000000
                                                                                                                              0x6f3a13c6
                                                                                                                              0x6f3a1381
                                                                                                                              0x6f3a138a
                                                                                                                              0x6f3a138d
                                                                                                                              0x6f3a1390
                                                                                                                              0x6f3a1393
                                                                                                                              0x6f3a139c
                                                                                                                              0x6f3a13ae
                                                                                                                              0x6f3a13b5
                                                                                                                              0x6f3a13b8
                                                                                                                              0x00000000
                                                                                                                              0x6f3a13bb
                                                                                                                              0x00000000
                                                                                                                              0x6f3a13b0
                                                                                                                              0x6f3a13a0
                                                                                                                              0x6f3a13a7
                                                                                                                              0x00000000
                                                                                                                              0x6f3a13a7
                                                                                                                              0x00000000
                                                                                                                              0x6f3a13a2
                                                                                                                              0x6f3a1362
                                                                                                                              0x6f3a1364
                                                                                                                              0x6f3a1366
                                                                                                                              0x6f3a1366
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • lstrlenW.KERNEL32(76D84F20,?,00000400,00000400,?,76D84F20,00000000), ref: 6F3A133E
                                                                                                                              • CharPrevW.USER32(76D84F20,00000000,?,76D84F20,00000000), ref: 6F3A1349
                                                                                                                              • MulDiv.KERNEL32(?,00000000,00000064), ref: 6F3A136D
                                                                                                                              • MapDialogRect.USER32(76D84F20,76D84F20), ref: 6F3A1393
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.699359362.000000006F3A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6F3A0000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.699351571.000000006F3A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699369720.000000006F3A3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699377071.000000006F3A4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699384845.000000006F3A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6f3a0000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CharDialogPrevRectlstrlen
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3411278111-0
                                                                                                                              • Opcode ID: 4fab86e6106cbb9308228437368d4a347d4ab24af262c4816032a083f4befabc
                                                                                                                              • Instruction ID: 01078c15b66bc0381bbd039e55ca19d54be31b374aee8f2b35f44fbfb0e99c89
                                                                                                                              • Opcode Fuzzy Hash: 4fab86e6106cbb9308228437368d4a347d4ab24af262c4816032a083f4befabc
                                                                                                                              • Instruction Fuzzy Hash: 3F11B235E04D25EB8B10EF5EC9089DFBBBDEF42750B004516E81597680E3339A14CF90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00403C25 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 20COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00403C25() {
				void* _t1;
				void* _t2;
				signed int _t11;

				_t1 =  *0x40a018; // 0x2c0
				if(_t1 != 0xffffffff) {
					CloseHandle(_t1);
					 *0x40a018 =  *0x40a018 | 0xffffffff;
				}
				_t2 =  *0x40a01c; // 0x2d4
				if(_t2 != 0xffffffff) {
					CloseHandle(_t2);
					 *0x40a01c =  *0x40a01c | 0xffffffff;
					_t11 =  *0x40a01c;
				}
				E00403C82();
				return E00405D74(_t11, L"C:\\Users\\alfons\\AppData\\Local\\Temp\\nsc8CF0.tmp", 7);
			}






                                                                                                                              0x00403c25
                                                                                                                              0x00403c34
                                                                                                                              0x00403c37
                                                                                                                              0x00403c39
                                                                                                                              0x00403c39
                                                                                                                              0x00403c40
                                                                                                                              0x00403c48
                                                                                                                              0x00403c4b
                                                                                                                              0x00403c4d
                                                                                                                              0x00403c4d
                                                                                                                              0x00403c4d
                                                                                                                              0x00403c54
                                                                                                                              0x00403c66

                                                                                                                              APIs
                                                                                                                              • CloseHandle.KERNEL32(000002C0,C:\Users\user\AppData\Local\Temp\,00403B71,?), ref: 00403C37
                                                                                                                              • CloseHandle.KERNEL32(000002D4,C:\Users\user\AppData\Local\Temp\,00403B71,?), ref: 00403C4B
                                                                                                                              Strings
                                                                                                                              • C:\Users\user\AppData\Local\Temp\nsc8CF0.tmp, xrefs: 00403C5B
                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00403C2A
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseHandle
                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsc8CF0.tmp
                                                                                                                              • API String ID: 2962429428-607023903
                                                                                                                              • Opcode ID: 3450910aa3eb4a83e9339ad550daa728f038e8843dee50fd20da138f79135bda
                                                                                                                              • Instruction ID: ab9e488bef71b432d29da19662b82269d7b8f1628316f3e3d8f7e3aa77a32ace
                                                                                                                              • Opcode Fuzzy Hash: 3450910aa3eb4a83e9339ad550daa728f038e8843dee50fd20da138f79135bda
                                                                                                                              • Instruction Fuzzy Hash: 3BE0863244471496E5246F7DAF4D9853B285F413357248726F178F60F0C7389A9B4A9D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 6FED160E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24synchronizationCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 50%
                                                                                                                              			E6FED160E(void* __eflags) {
				char _v36;
				void* _t6;
				long _t8;
				char* _t9;

				E6FED18C6( &_v36);
				_t6 = E6FED1947( &_v36);
				if(_t6 == 0) {
					_push(L"-1");
				} else {
					_t8 = WaitForSingleObject(_t6, 0);
					_t9 = "0";
					if(_t8 != 0x102) {
						_t9 = "1";
					}
					_push(_t9);
				}
				return E6FED1901();
			}







                                                                                                                              0x6fed1618
                                                                                                                              0x6fed1621
                                                                                                                              0x6fed1628
                                                                                                                              0x6fed1647
                                                                                                                              0x6fed162a
                                                                                                                              0x6fed162d
                                                                                                                              0x6fed1638
                                                                                                                              0x6fed163d
                                                                                                                              0x6fed163f
                                                                                                                              0x6fed163f
                                                                                                                              0x6fed1644
                                                                                                                              0x6fed1644
                                                                                                                              0x6fed1652

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 6FED18C6: lstrcpyW.KERNEL32 ref: 6FED18DF
                                                                                                                                • Part of subcall function 6FED18C6: GlobalFree.KERNEL32 ref: 6FED18F0
                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,00000000,?,?), ref: 6FED162D
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.699472199.000000006FED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FED0000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.699464369.000000006FED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699480141.000000006FED2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.699488485.000000006FED4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6fed0000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FreeGlobalObjectSingleWaitlstrcpy
                                                                                                                              • String ID: $!o$(!o
                                                                                                                              • API String ID: 3961860277-1680030305
                                                                                                                              • Opcode ID: 2cf1df04b4215906376eba5d82720ee00155e4209fae73e39261400a1e66352c
                                                                                                                              • Instruction ID: e4df080a41377e2a196bc87f5e9f513ea72a277464b99d94eb6b89345736754c
                                                                                                                              • Opcode Fuzzy Hash: 2cf1df04b4215906376eba5d82720ee00155e4209fae73e39261400a1e66352c
                                                                                                                              • Instruction Fuzzy Hash: 2FE08CB05042086AFF04A2F44D4BEDE3E9D9B1A20CF34042AF620E6E80D62CE4038274
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405F83 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 77%
                                                                                                                              			E00405F83(WCHAR* _a4) {
				WCHAR* _t5;
				WCHAR* _t7;

				_t7 = _a4;
				_t5 =  &(_t7[lstrlenW(_t7)]);
				while( *_t5 != 0x5c) {
					_push(_t5);
					_push(_t7);
					_t5 = CharPrevW();
					if(_t5 > _t7) {
						continue;
					}
					break;
				}
				 *_t5 =  *_t5 & 0x00000000;
				return  &(_t5[1]);
			}





                                                                                                                              0x00405f84
                                                                                                                              0x00405f8e
                                                                                                                              0x00405f91
                                                                                                                              0x00405f97
                                                                                                                              0x00405f98
                                                                                                                              0x00405f99
                                                                                                                              0x00405fa1
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405fa1
                                                                                                                              0x00405fa3
                                                                                                                              0x00405fab

                                                                                                                              APIs
                                                                                                                              • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,0040313C,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe,C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe,80000000,00000003), ref: 00405F89
                                                                                                                              • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,0040313C,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe,C:\Users\user\Desktop\winamp59_9999_rc1_full_en-us.exe,80000000,00000003), ref: 00405F99
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CharPrevlstrlen
                                                                                                                              • String ID: C:\Users\user\Desktop
                                                                                                                              • API String ID: 2709904686-1246513382
                                                                                                                              • Opcode ID: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                                                                                              • Instruction ID: bd974b3f77e4b05eb9372a1ad14375fba7b947cfa10dd8d614d5bb7090e452f7
                                                                                                                              • Opcode Fuzzy Hash: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                                                                                              • Instruction Fuzzy Hash: 6CD05EB2401D219EC3126B04DC00D9F63ACEF51301B4A4866E441AB1A0DB7C5D9186A9
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004060BD Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004060BD(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}









                                                                                                                              0x004060cd
                                                                                                                              0x004060cf
                                                                                                                              0x004060d2
                                                                                                                              0x004060fe
                                                                                                                              0x004060d7
                                                                                                                              0x004060e0
                                                                                                                              0x004060e5
                                                                                                                              0x004060f0
                                                                                                                              0x004060f3
                                                                                                                              0x0040610f
                                                                                                                              0x004060f5
                                                                                                                              0x004060fc
                                                                                                                              0x00000000
                                                                                                                              0x004060fc
                                                                                                                              0x00406108
                                                                                                                              0x0040610c
                                                                                                                              0x0040610c
                                                                                                                              0x00406106
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060CD
                                                                                                                              • lstrcmpiA.KERNEL32(00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060E5
                                                                                                                              • CharNextA.USER32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060F6
                                                                                                                              • lstrlenA.KERNEL32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060FF
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.686204255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.686188535.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686239156.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686258885.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686347561.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686353668.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686371883.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686387489.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686406981.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686439286.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686461099.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.686482979.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_winamp59_9999_rc1_full_en-us.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 190613189-0
                                                                                                                              • Opcode ID: 4f145c51a58837bd7eda372618efc6ab74ada67201017ca859b4805a40dfc06b
                                                                                                                              • Instruction ID: 2f06b96f93541eceebcae48a9adfe7aedd37cb678349478f8cad11de2473fd3e
                                                                                                                              • Opcode Fuzzy Hash: 4f145c51a58837bd7eda372618efc6ab74ada67201017ca859b4805a40dfc06b
                                                                                                                              • Instruction Fuzzy Hash: 0BF0F631104054FFDB12DFA4CD00D9EBBA8EF06350B2640BAE841FB321D674DE11A798
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Execution Graph

                                                                                                                              Execution Coverage:3.7%
                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                              Signature Coverage:3.3%
                                                                                                                              Total number of Nodes:1342
                                                                                                                              Total number of Limit Nodes:42
                                                                                                                              execution_graph 11193 408bc2 11196 408b49 11193->11196 11197 408b55 ___scrt_is_nonwritable_in_current_image 11196->11197 11204 40c848 EnterCriticalSection 11197->11204 11199 408b8d 11205 408bab 11199->11205 11201 408b5f 11201->11199 11203 40d26d __fassign 14 API calls 11201->11203 11203->11201 11204->11201 11208 40c890 LeaveCriticalSection 11205->11208 11207 408b99 11208->11207 10016 403959 10021 403fee SetUnhandledExceptionFilter 10016->10021 10018 40395e 10022 408c52 10018->10022 10020 403969 10021->10018 10023 408c78 10022->10023 10024 408c5e 10022->10024 10023->10020 10024->10023 10025 409bd1 _free 14 API calls 10024->10025 10026 408c68 10025->10026 10027 409b14 __fassign 25 API calls 10026->10027 10028 408c73 10027->10028 10028->10020 10029 40396b 10030 403977 ___scrt_is_nonwritable_in_current_image 10029->10030 10057 403b6c 10030->10057 10032 403ad1 10121 403e5a IsProcessorFeaturePresent 10032->10121 10033 40397e 10033->10032 10042 4039a8 ___scrt_is_nonwritable_in_current_image __fassign ___scrt_release_startup_lock 10033->10042 10035 403ad8 10103 408af6 10035->10103 10038 408aba __fassign 23 API calls 10039 403ae6 10038->10039 10040 4039c7 10041 403a48 10068 403f75 10041->10068 10042->10040 10042->10041 10106 408ad0 10042->10106 10050 403fab __fassign GetModuleHandleW 10051 403a6a 10050->10051 10051->10035 10052 403a6e 10051->10052 10053 403a77 10052->10053 10112 408aab 10052->10112 10115 403cdd 10053->10115 10058 403b75 10057->10058 10125 4040f5 IsProcessorFeaturePresent 10058->10125 10062 403b86 10067 403b8a 10062->10067 10135 4090f5 10062->10135 10065 403ba1 10065->10033 10067->10033 10262 404680 10068->10262 10071 403a4e 10072 408794 10071->10072 10073 40c2c2 47 API calls 10072->10073 10074 40879d 10073->10074 10075 403a56 10074->10075 10264 40c5e8 10074->10264 10077 4016ff 10075->10077 10078 401712 10077->10078 10079 401813 GetModuleHandleW MessageBoxIndirectW 10077->10079 10078->10079 10080 40171b 10078->10080 10081 401806 10079->10081 10270 407fd2 10080->10270 10081->10050 10083 401726 10084 401809 10083->10084 10085 407fd2 37 API calls 10083->10085 10280 401416 10084->10280 10087 40173b 10085->10087 10087->10084 10088 401745 10087->10088 10089 407fd2 37 API calls 10088->10089 10090 401750 10089->10090 10091 4017fe 10090->10091 10092 407fd2 37 API calls 10090->10092 10284 4015ac 10091->10284 10094 401765 10092->10094 10094->10091 10095 40176f CoInitialize 10094->10095 10096 401783 10095->10096 10097 4017a2 CoRegisterClassObject 10096->10097 10098 4017f6 CoUninitialize 10096->10098 10099 4017d8 GetMessageW 10097->10099 10098->10081 10100 4017c4 TranslateMessage DispatchMessageW 10099->10100 10101 4017e5 CoRevokeClassObject 10099->10101 10100->10099 10283 40189d 10101->10283 10104 408994 __fassign 23 API calls 10103->10104 10105 403ade 10104->10105 10105->10038 10107 408ae6 ___scrt_is_nonwritable_in_current_image _free 10106->10107 10107->10041 10108 40a14b __fassign 37 API calls 10107->10108 10111 4091a7 10108->10111 10109 40922c __fassign 37 API calls 10110 4091d1 10109->10110 10111->10109 10113 408994 __fassign 23 API calls 10112->10113 10114 408ab6 10113->10114 10114->10053 10116 403ce9 10115->10116 10117 403a7f 10116->10117 10519 409107 10116->10519 10117->10040 10119 403cf7 10120 4058ad ___scrt_uninitialize_crt 7 API calls 10119->10120 10120->10117 10122 403e70 __fassign 10121->10122 10123 403f1b IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 10122->10123 10124 403f66 __fassign 10123->10124 10124->10035 10126 403b81 10125->10126 10127 40588e 10126->10127 10144 405db1 10127->10144 10131 40589f 10132 4058aa 10131->10132 10158 405ded 10131->10158 10132->10062 10134 405897 10134->10062 10200 40d775 10135->10200 10138 4058ad 10139 4058c0 10138->10139 10140 4058b6 10138->10140 10139->10067 10141 405d96 ___vcrt_uninitialize_ptd 6 API calls 10140->10141 10142 4058bb 10141->10142 10143 405ded ___vcrt_uninitialize_locks DeleteCriticalSection 10142->10143 10143->10139 10145 405dba 10144->10145 10147 405de3 10145->10147 10148 405893 10145->10148 10162 406015 10145->10162 10149 405ded ___vcrt_uninitialize_locks DeleteCriticalSection 10147->10149 10148->10134 10150 405d63 10148->10150 10149->10148 10181 405f26 10150->10181 10153 405d78 10153->10131 10156 405d93 10156->10131 10159 405e17 10158->10159 10160 405df8 10158->10160 10159->10134 10161 405e02 DeleteCriticalSection 10160->10161 10161->10159 10161->10161 10167 405edd 10162->10167 10165 40604d InitializeCriticalSectionAndSpinCount 10166 406038 10165->10166 10166->10145 10168 405f18 10167->10168 10169 405ef5 10167->10169 10168->10165 10168->10166 10169->10168 10173 405e43 10169->10173 10172 405f0a GetProcAddress 10172->10168 10178 405e4f ___vcrt_InitializeCriticalSectionEx 10173->10178 10174 405ec3 10174->10168 10174->10172 10175 405e65 LoadLibraryExW 10176 405e83 GetLastError 10175->10176 10177 405eca 10175->10177 10176->10178 10177->10174 10179 405ed2 FreeLibrary 10177->10179 10178->10174 10178->10175 10180 405ea5 LoadLibraryExW 10178->10180 10179->10174 10180->10177 10180->10178 10182 405edd ___vcrt_InitializeCriticalSectionEx 5 API calls 10181->10182 10183 405f40 10182->10183 10184 405f59 TlsAlloc 10183->10184 10185 405d6d 10183->10185 10185->10153 10186 405fd7 10185->10186 10187 405edd ___vcrt_InitializeCriticalSectionEx 5 API calls 10186->10187 10188 405ff1 10187->10188 10189 40600c TlsSetValue 10188->10189 10190 405d86 10188->10190 10189->10190 10190->10156 10191 405d96 10190->10191 10192 405da0 10191->10192 10193 405da6 10191->10193 10195 405f61 10192->10195 10193->10153 10196 405edd ___vcrt_InitializeCriticalSectionEx 5 API calls 10195->10196 10197 405f7b 10196->10197 10198 405f93 TlsFree 10197->10198 10199 405f87 10197->10199 10198->10199 10199->10193 10201 403b93 10200->10201 10202 40d785 10200->10202 10201->10065 10201->10138 10202->10201 10204 40b1e8 10202->10204 10205 40b1f4 ___scrt_is_nonwritable_in_current_image 10204->10205 10216 40c848 EnterCriticalSection 10205->10216 10207 40b1fb 10217 40c988 10207->10217 10210 40b219 10241 40b23f 10210->10241 10216->10207 10218 40c994 ___scrt_is_nonwritable_in_current_image 10217->10218 10219 40c99d 10218->10219 10220 40c9be 10218->10220 10221 409bd1 _free 14 API calls 10219->10221 10244 40c848 EnterCriticalSection 10220->10244 10223 40c9a2 10221->10223 10224 409b14 __fassign 25 API calls 10223->10224 10225 40b20a 10224->10225 10225->10210 10230 40b07e GetStartupInfoW 10225->10230 10226 40c9f6 10252 40ca1d 10226->10252 10228 40c9ca 10228->10226 10245 40c8d8 10228->10245 10231 40b09b 10230->10231 10233 40b12f 10230->10233 10232 40c988 26 API calls 10231->10232 10231->10233 10234 40b0c3 10232->10234 10236 40b134 10233->10236 10234->10233 10235 40b0f3 GetFileType 10234->10235 10235->10234 10237 40b13b 10236->10237 10238 40b17e GetStdHandle 10237->10238 10239 40b1e4 10237->10239 10240 40b191 GetFileType 10237->10240 10238->10237 10239->10210 10240->10237 10261 40c890 LeaveCriticalSection 10241->10261 10243 40b22a 10243->10202 10244->10228 10246 40b378 _free 14 API calls 10245->10246 10248 40c8ea 10246->10248 10247 40c8f7 10249 409be4 _free 14 API calls 10247->10249 10248->10247 10255 40d5b3 10248->10255 10251 40c94c 10249->10251 10251->10228 10260 40c890 LeaveCriticalSection 10252->10260 10254 40ca24 10254->10225 10256 40d3d2 _free 5 API calls 10255->10256 10257 40d5cf 10256->10257 10258 40d5ed InitializeCriticalSectionAndSpinCount 10257->10258 10259 40d5d8 10257->10259 10258->10259 10259->10248 10260->10254 10261->10243 10263 403f88 GetStartupInfoW 10262->10263 10263->10071 10267 40c591 10264->10267 10268 406adf __fassign 37 API calls 10267->10268 10269 40c5a5 10268->10269 10269->10074 10271 407fe0 10270->10271 10272 408009 10270->10272 10275 409bd1 _free 14 API calls 10271->10275 10279 407f99 10271->10279 10287 40801b 10272->10287 10276 407feb 10275->10276 10277 409b14 __fassign 25 API calls 10276->10277 10278 407ff6 10277->10278 10278->10083 10279->10083 10300 4010c5 10280->10300 10283->10098 10498 4014f8 10284->10498 10286 4015c0 10286->10081 10288 408042 10287->10288 10289 40802b 10287->10289 10290 408061 10288->10290 10291 40804a 10288->10291 10292 409bd1 _free 14 API calls 10289->10292 10295 406adf __fassign 37 API calls 10290->10295 10294 409bd1 _free 14 API calls 10291->10294 10293 408030 10292->10293 10296 409b14 __fassign 25 API calls 10293->10296 10297 40804f 10294->10297 10299 408016 10295->10299 10296->10299 10298 409b14 __fassign 25 API calls 10297->10298 10298->10299 10299->10083 10301 4010e3 __fassign 10300->10301 10302 4010f5 StringFromGUID2 10301->10302 10303 401118 10302->10303 10304 40110e 10302->10304 10353 40145f 10303->10353 10304->10081 10309 40115c GetModuleFileNameW 10309->10304 10310 401175 RegCreateKeyExW ConvertStringSecurityDescriptorToSecurityDescriptorW 10309->10310 10311 4011c5 ConvertStringSecurityDescriptorToSecurityDescriptorW 10310->10311 10312 4011aa GetSecurityDescriptorLength RegSetValueExA 10310->10312 10313 4011f9 10311->10313 10314 4011db GetSecurityDescriptorLength RegSetValueExA 10311->10314 10312->10311 10363 40163f RegOpenKeyExW 10313->10363 10314->10313 10317 40163f 4 API calls 10318 40124b RegCloseKey 10317->10318 10319 401266 __fassign 10318->10319 10368 40143a 10319->10368 10321 401281 10322 4015c4 4 API calls 10321->10322 10323 40129a 10322->10323 10324 401351 RegCloseKey 10323->10324 10325 40163f 4 API calls 10323->10325 10326 40135a RegCloseKey 10324->10326 10327 40135f 10324->10327 10328 4012b8 10325->10328 10326->10327 10327->10304 10329 4015c4 4 API calls 10327->10329 10328->10324 10330 4015c4 4 API calls 10328->10330 10331 40137b 10329->10331 10332 4012d2 10330->10332 10331->10304 10333 4015c4 4 API calls 10331->10333 10332->10324 10335 4015c4 4 API calls 10332->10335 10334 40139d 10333->10334 10336 4013b5 RegCloseKey 10334->10336 10338 4015c4 4 API calls 10334->10338 10337 4012e8 10335->10337 10336->10304 10340 4013cc 10336->10340 10337->10324 10341 40163f 4 API calls 10337->10341 10338->10336 10342 4015c4 4 API calls 10340->10342 10343 401302 10341->10343 10344 4013e0 10342->10344 10343->10324 10345 40163f 4 API calls 10343->10345 10344->10304 10347 4015c4 4 API calls 10344->10347 10346 40131a 10345->10346 10346->10324 10349 4015c4 4 API calls 10346->10349 10348 4013fc RegCloseKey 10347->10348 10348->10304 10350 40132e 10349->10350 10350->10324 10373 4016a7 RegOpenKeyExW 10350->10373 10354 401138 10353->10354 10355 401469 10353->10355 10357 4015c4 RegCreateKeyExW 10354->10357 10355->10354 10378 40149b 10355->10378 10358 401151 10357->10358 10359 4015ec 10357->10359 10358->10304 10358->10309 10359->10358 10360 4015f8 lstrlenW RegSetValueExW 10359->10360 10361 40161e 10359->10361 10360->10361 10361->10358 10362 401625 RegCloseKey 10361->10362 10362->10358 10364 40120c RegCloseKey RegCreateKeyExW 10363->10364 10365 40165e 10363->10365 10364->10317 10365->10364 10366 401692 RegCloseKey 10365->10366 10367 40166a lstrlenW RegSetValueExW 10365->10367 10366->10364 10367->10366 10369 401444 10368->10369 10370 40144b 10368->10370 10369->10321 10371 40149b 42 API calls 10370->10371 10372 40145d 10371->10372 10372->10321 10374 4016c6 10373->10374 10375 401347 10373->10375 10374->10375 10376 4016d2 RegSetValueExW 10374->10376 10377 4016ea RegCloseKey 10374->10377 10375->10324 10376->10377 10377->10375 10381 401862 10378->10381 10382 401879 10381->10382 10385 4079ed 10382->10385 10388 4065e0 10385->10388 10389 406620 10388->10389 10390 406608 10388->10390 10389->10390 10392 406628 10389->10392 10391 409bd1 _free 14 API calls 10390->10391 10393 40660d 10391->10393 10394 406adf __fassign 37 API calls 10392->10394 10395 409b14 __fassign 25 API calls 10393->10395 10397 406638 10394->10397 10396 406618 10395->10396 10398 4042d2 _ValidateLocalCookies 5 API calls 10396->10398 10403 406d3b 10397->10403 10399 4014b8 10398->10399 10399->10354 10419 40786d 10403->10419 10405 4066bf 10416 406b62 10405->10416 10406 406d5b 10407 409bd1 _free 14 API calls 10406->10407 10408 406d60 10407->10408 10409 409b14 __fassign 25 API calls 10408->10409 10409->10405 10410 406d4c 10410->10405 10410->10406 10426 406e94 10410->10426 10433 4072ca 10410->10433 10438 406ece 10410->10438 10443 406ef5 10410->10443 10474 40706d 10410->10474 10417 409be4 _free 14 API calls 10416->10417 10418 406b72 10417->10418 10418->10396 10420 407872 10419->10420 10421 407885 10419->10421 10422 409bd1 _free 14 API calls 10420->10422 10421->10410 10423 407877 10422->10423 10424 409b14 __fassign 25 API calls 10423->10424 10425 407882 10424->10425 10425->10410 10428 406e99 10426->10428 10427 406eb0 10427->10410 10428->10427 10429 409bd1 _free 14 API calls 10428->10429 10430 406ea2 10429->10430 10431 409b14 __fassign 25 API calls 10430->10431 10432 406ead 10431->10432 10432->10410 10434 4072d4 10433->10434 10435 4072db 10433->10435 10436 406cc5 38 API calls 10434->10436 10435->10410 10437 4072da 10436->10437 10437->10410 10439 406ed8 10438->10439 10440 406edf 10438->10440 10441 406cc5 38 API calls 10439->10441 10440->10410 10442 406ede 10441->10442 10442->10410 10444 406f01 10443->10444 10445 406f1c 10443->10445 10447 407094 10444->10447 10448 4070ff 10444->10448 10449 406f4e 10444->10449 10446 409bd1 _free 14 API calls 10445->10446 10445->10449 10450 406f39 10446->10450 10459 4070a0 10447->10459 10462 4070d6 10447->10462 10451 407145 10448->10451 10452 407106 10448->10452 10448->10462 10449->10410 10453 409b14 __fassign 25 API calls 10450->10453 10457 40779b 26 API calls 10451->10457 10454 40710b 10452->10454 10455 4070ad 10452->10455 10456 406f44 10453->10456 10458 407110 10454->10458 10454->10462 10461 4073b6 40 API calls 10455->10461 10472 4070bb 10455->10472 10473 4070cf 10455->10473 10456->10410 10457->10472 10464 407123 10458->10464 10465 407115 10458->10465 10459->10455 10463 4070e6 10459->10463 10459->10472 10460 4075b3 26 API calls 10460->10472 10461->10472 10462->10460 10462->10472 10462->10473 10468 40751d 38 API calls 10463->10468 10463->10473 10467 407708 25 API calls 10464->10467 10469 40777c 26 API calls 10465->10469 10465->10473 10466 4042d2 _ValidateLocalCookies 5 API calls 10470 4072c8 10466->10470 10467->10472 10468->10472 10469->10472 10470->10410 10471 4078cd 38 API calls 10471->10473 10472->10471 10472->10473 10473->10466 10475 407094 10474->10475 10476 4070ff 10474->10476 10477 4070d6 10475->10477 10480 4070a0 10475->10480 10476->10477 10478 407145 10476->10478 10479 407106 10476->10479 10483 4075b3 26 API calls 10477->10483 10496 4070bb 10477->10496 10497 4070cf 10477->10497 10482 40779b 26 API calls 10478->10482 10481 40710b 10479->10481 10489 4070ad 10479->10489 10486 4070e6 10480->10486 10480->10489 10480->10496 10481->10477 10485 407110 10481->10485 10482->10496 10483->10496 10484 4073b6 40 API calls 10484->10496 10487 407123 10485->10487 10488 407115 10485->10488 10492 40751d 38 API calls 10486->10492 10486->10497 10491 407708 25 API calls 10487->10491 10493 40777c 26 API calls 10488->10493 10488->10497 10489->10484 10489->10496 10489->10497 10490 4042d2 _ValidateLocalCookies 5 API calls 10494 4072c8 10490->10494 10491->10496 10492->10496 10493->10496 10494->10410 10495 4078cd 38 API calls 10495->10497 10496->10495 10496->10497 10497->10490 10499 401514 __fassign 10498->10499 10500 401524 StringFromGUID2 10499->10500 10501 401541 10500->10501 10502 40153a 10500->10502 10503 40145f 42 API calls 10501->10503 10502->10286 10504 40155c 10503->10504 10511 401010 10504->10511 10507 401597 10507->10286 10508 401010 5 API calls 10509 401583 10508->10509 10509->10507 10510 401010 5 API calls 10509->10510 10510->10507 10512 404680 __fassign 10511->10512 10513 401036 RegOpenKeyExW 10512->10513 10514 4010ad 10513->10514 10517 401057 10513->10517 10514->10507 10514->10508 10515 401078 RegEnumKeyExW 10516 401098 RegCloseKey RegDeleteKeyW 10515->10516 10515->10517 10516->10514 10517->10515 10518 4010b1 RegCloseKey 10517->10518 10518->10514 10521 409112 10519->10521 10522 409124 ___scrt_uninitialize_crt 10519->10522 10520 409120 10520->10119 10521->10520 10524 40de36 10521->10524 10522->10119 10527 40dce4 10524->10527 10530 40dc38 10527->10530 10531 40dc44 ___scrt_is_nonwritable_in_current_image 10530->10531 10538 40c848 EnterCriticalSection 10531->10538 10533 40dcba 10547 40dcd8 10533->10547 10537 40dc4e ___scrt_uninitialize_crt 10537->10533 10539 40dbac 10537->10539 10538->10537 10540 40dbb8 ___scrt_is_nonwritable_in_current_image 10539->10540 10550 40b041 EnterCriticalSection 10540->10550 10542 40dbc2 ___scrt_uninitialize_crt 10543 40dc0e 10542->10543 10551 40ddee 10542->10551 10561 40dc2c 10543->10561 10694 40c890 LeaveCriticalSection 10547->10694 10549 40dcc6 10549->10520 10550->10542 10552 40de04 10551->10552 10553 40ddfb 10551->10553 10564 40dd89 10552->10564 10554 40dce4 ___scrt_uninitialize_crt 66 API calls 10553->10554 10557 40de01 10554->10557 10557->10543 10559 40de20 10577 410cbf 10559->10577 10693 40b055 LeaveCriticalSection 10561->10693 10563 40dc1a 10563->10537 10565 40ddc6 10564->10565 10566 40dda1 10564->10566 10565->10557 10570 40af06 10565->10570 10566->10565 10567 40af06 ___scrt_uninitialize_crt 25 API calls 10566->10567 10568 40ddbf 10567->10568 10588 4114b7 10568->10588 10571 40af12 10570->10571 10572 40af27 10570->10572 10573 409bd1 _free 14 API calls 10571->10573 10572->10559 10574 40af17 10573->10574 10575 409b14 __fassign 25 API calls 10574->10575 10576 40af22 10575->10576 10576->10559 10578 410cd0 10577->10578 10579 410cdd 10577->10579 10581 409bd1 _free 14 API calls 10578->10581 10580 410d26 10579->10580 10583 410d04 10579->10583 10582 409bd1 _free 14 API calls 10580->10582 10587 410cd5 10581->10587 10584 410d2b 10582->10584 10662 410c1d 10583->10662 10586 409b14 __fassign 25 API calls 10584->10586 10586->10587 10587->10557 10589 4114c3 ___scrt_is_nonwritable_in_current_image 10588->10589 10590 4114e3 10589->10590 10591 4114cb 10589->10591 10593 41157e 10590->10593 10597 411515 10590->10597 10613 409bbe 10591->10613 10595 409bbe __dosmaperr 14 API calls 10593->10595 10598 411583 10595->10598 10596 409bd1 _free 14 API calls 10612 4114d8 10596->10612 10616 40ca26 EnterCriticalSection 10597->10616 10600 409bd1 _free 14 API calls 10598->10600 10602 41158b 10600->10602 10601 41151b 10603 411537 10601->10603 10604 41154c 10601->10604 10605 409b14 __fassign 25 API calls 10602->10605 10607 409bd1 _free 14 API calls 10603->10607 10617 4115a9 10604->10617 10605->10612 10608 41153c 10607->10608 10610 409bbe __dosmaperr 14 API calls 10608->10610 10609 411547 10659 411576 10609->10659 10610->10609 10612->10565 10614 40a2a2 _free 14 API calls 10613->10614 10615 409bc3 10614->10615 10615->10596 10616->10601 10618 4115cb 10617->10618 10656 4115e7 10617->10656 10619 4115cf 10618->10619 10622 41161f 10618->10622 10620 409bbe __dosmaperr 14 API calls 10619->10620 10621 4115d4 10620->10621 10623 409bd1 _free 14 API calls 10621->10623 10624 411635 10622->10624 10627 41239f ___scrt_uninitialize_crt 27 API calls 10622->10627 10626 4115dc 10623->10626 10625 411150 ___scrt_uninitialize_crt 38 API calls 10624->10625 10628 41163e 10625->10628 10629 409b14 __fassign 25 API calls 10626->10629 10627->10624 10630 411643 10628->10630 10631 41167c 10628->10631 10629->10656 10632 411647 10630->10632 10633 411669 10630->10633 10634 411690 10631->10634 10635 4116d6 WriteFile 10631->10635 10636 411743 10632->10636 10643 4110e8 ___scrt_uninitialize_crt 6 API calls 10632->10643 10637 410d3c ___scrt_uninitialize_crt 43 API calls 10633->10637 10639 4116c6 10634->10639 10640 411698 10634->10640 10638 4116f9 GetLastError 10635->10638 10645 41165f 10635->10645 10647 409bd1 _free 14 API calls 10636->10647 10636->10656 10637->10645 10638->10645 10644 4111c1 ___scrt_uninitialize_crt 7 API calls 10639->10644 10641 4116b6 10640->10641 10642 41169d 10640->10642 10646 411385 ___scrt_uninitialize_crt 8 API calls 10641->10646 10642->10636 10648 41129c ___scrt_uninitialize_crt 7 API calls 10642->10648 10643->10645 10644->10645 10645->10636 10650 411719 10645->10650 10645->10656 10646->10645 10649 411764 10647->10649 10648->10645 10653 409bbe __dosmaperr 14 API calls 10649->10653 10651 411720 10650->10651 10652 411737 10650->10652 10654 409bd1 _free 14 API calls 10651->10654 10655 409b9b __dosmaperr 14 API calls 10652->10655 10653->10656 10657 411725 10654->10657 10655->10656 10656->10609 10658 409bbe __dosmaperr 14 API calls 10657->10658 10658->10656 10660 40ca49 ___scrt_uninitialize_crt LeaveCriticalSection 10659->10660 10661 41157c 10660->10661 10661->10612 10663 410c29 ___scrt_is_nonwritable_in_current_image 10662->10663 10676 40ca26 EnterCriticalSection 10663->10676 10665 410c38 10666 410c7f 10665->10666 10677 40cafd 10665->10677 10668 409bd1 _free 14 API calls 10666->10668 10669 410c84 10668->10669 10690 410cb3 10669->10690 10670 410c64 FlushFileBuffers 10670->10669 10671 410c70 10670->10671 10673 409bbe __dosmaperr 14 API calls 10671->10673 10675 410c75 GetLastError 10673->10675 10675->10666 10676->10665 10678 40cb0a 10677->10678 10679 40cb1f 10677->10679 10680 409bbe __dosmaperr 14 API calls 10678->10680 10682 409bbe __dosmaperr 14 API calls 10679->10682 10684 40cb44 10679->10684 10681 40cb0f 10680->10681 10683 409bd1 _free 14 API calls 10681->10683 10685 40cb4f 10682->10685 10686 40cb17 10683->10686 10684->10670 10687 409bd1 _free 14 API calls 10685->10687 10686->10670 10688 40cb57 10687->10688 10689 409b14 __fassign 25 API calls 10688->10689 10689->10686 10691 40ca49 ___scrt_uninitialize_crt LeaveCriticalSection 10690->10691 10692 410c9c 10691->10692 10692->10587 10693->10563 10694->10549 10852 40d76c 10853 40d7a3 10852->10853 10854 40d785 10852->10854 10854->10853 10855 40b1e8 30 API calls 10854->10855 10855->10854 11451 40aff5 11452 40de36 ___scrt_uninitialize_crt 66 API calls 11451->11452 11453 40affd 11452->11453 11461 41009c 11453->11461 11455 40b002 11471 410147 11455->11471 11458 40b02c 11459 409be4 _free 14 API calls 11458->11459 11460 40b037 11459->11460 11462 4100a8 ___scrt_is_nonwritable_in_current_image 11461->11462 11475 40c848 EnterCriticalSection 11462->11475 11464 41011f 11489 41013e 11464->11489 11465 4100b3 11465->11464 11467 4100f3 DeleteCriticalSection 11465->11467 11476 412431 11465->11476 11470 409be4 _free 14 API calls 11467->11470 11470->11465 11472 40b011 DeleteCriticalSection 11471->11472 11473 41015e 11471->11473 11472->11455 11472->11458 11473->11472 11474 409be4 _free 14 API calls 11473->11474 11474->11472 11475->11465 11477 41243d ___scrt_is_nonwritable_in_current_image 11476->11477 11478 412447 11477->11478 11479 41245c 11477->11479 11480 409bd1 _free 14 API calls 11478->11480 11486 412457 11479->11486 11492 40b041 EnterCriticalSection 11479->11492 11481 41244c 11480->11481 11483 409b14 __fassign 25 API calls 11481->11483 11483->11486 11484 412479 11493 4123ba 11484->11493 11486->11465 11487 412484 11509 4124ab 11487->11509 11573 40c890 LeaveCriticalSection 11489->11573 11491 41012b 11491->11455 11492->11484 11494 4123c7 11493->11494 11495 4123dc 11493->11495 11496 409bd1 _free 14 API calls 11494->11496 11498 40dd89 ___scrt_uninitialize_crt 62 API calls 11495->11498 11507 4123d7 11495->11507 11497 4123cc 11496->11497 11499 409b14 __fassign 25 API calls 11497->11499 11500 4123f1 11498->11500 11499->11507 11501 410147 14 API calls 11500->11501 11502 4123f9 11501->11502 11503 40af06 ___scrt_uninitialize_crt 25 API calls 11502->11503 11504 4123ff 11503->11504 11512 413138 11504->11512 11507->11487 11508 409be4 _free 14 API calls 11508->11507 11572 40b055 LeaveCriticalSection 11509->11572 11511 4124b3 11511->11486 11513 413149 11512->11513 11514 41315e 11512->11514 11516 409bbe __dosmaperr 14 API calls 11513->11516 11515 4131a7 11514->11515 11520 413185 11514->11520 11518 409bbe __dosmaperr 14 API calls 11515->11518 11517 41314e 11516->11517 11519 409bd1 _free 14 API calls 11517->11519 11521 4131ac 11518->11521 11524 412405 11519->11524 11527 4130ac 11520->11527 11523 409bd1 _free 14 API calls 11521->11523 11525 4131b4 11523->11525 11524->11507 11524->11508 11526 409b14 __fassign 25 API calls 11525->11526 11526->11524 11528 4130b8 ___scrt_is_nonwritable_in_current_image 11527->11528 11538 40ca26 EnterCriticalSection 11528->11538 11530 4130c6 11531 4130f8 11530->11531 11532 4130ed 11530->11532 11534 409bd1 _free 14 API calls 11531->11534 11539 4131c5 11532->11539 11535 4130f3 11534->11535 11554 41312c 11535->11554 11538->11530 11540 40cafd ___scrt_uninitialize_crt 25 API calls 11539->11540 11542 4131d5 11540->11542 11541 4131db 11557 40ca6c 11541->11557 11542->11541 11544 40cafd ___scrt_uninitialize_crt 25 API calls 11542->11544 11553 41320d 11542->11553 11547 413204 11544->11547 11545 40cafd ___scrt_uninitialize_crt 25 API calls 11548 413219 CloseHandle 11545->11548 11551 40cafd ___scrt_uninitialize_crt 25 API calls 11547->11551 11548->11541 11552 413225 GetLastError 11548->11552 11549 413255 11549->11535 11551->11553 11552->11541 11553->11541 11553->11545 11571 40ca49 LeaveCriticalSection 11554->11571 11556 413115 11556->11524 11558 40cae2 11557->11558 11559 40ca7b 11557->11559 11560 409bd1 _free 14 API calls 11558->11560 11559->11558 11565 40caa5 11559->11565 11561 40cae7 11560->11561 11562 409bbe __dosmaperr 14 API calls 11561->11562 11563 40cad2 11562->11563 11563->11549 11566 409b9b 11563->11566 11564 40cacc SetStdHandle 11564->11563 11565->11563 11565->11564 11567 409bbe __dosmaperr 14 API calls 11566->11567 11568 409ba6 _free 11567->11568 11569 409bd1 _free 14 API calls 11568->11569 11570 409bb9 11569->11570 11570->11549 11571->11556 11572->11511 11573->11491 10992 40a012 10993 40a01d 10992->10993 10997 40a02d 10992->10997 10998 40a033 10993->10998 10996 409be4 _free 14 API calls 10996->10997 10999 40a048 10998->10999 11002 40a04e 10998->11002 11000 409be4 _free 14 API calls 10999->11000 11000->11002 11001 409be4 _free 14 API calls 11003 40a05a 11001->11003 11002->11001 11004 409be4 _free 14 API calls 11003->11004 11005 40a065 11004->11005 11006 409be4 _free 14 API calls 11005->11006 11007 40a070 11006->11007 11008 409be4 _free 14 API calls 11007->11008 11009 40a07b 11008->11009 11010 409be4 _free 14 API calls 11009->11010 11011 40a086 11010->11011 11012 409be4 _free 14 API calls 11011->11012 11013 40a091 11012->11013 11014 409be4 _free 14 API calls 11013->11014 11015 40a09c 11014->11015 11016 409be4 _free 14 API calls 11015->11016 11017 40a0a7 11016->11017 11018 409be4 _free 14 API calls 11017->11018 11019 40a0b5 11018->11019 11024 409e5f 11019->11024 11025 409e6b ___scrt_is_nonwritable_in_current_image 11024->11025 11040 40c848 EnterCriticalSection 11025->11040 11027 409e9f 11041 409ebe 11027->11041 11029 409e75 11029->11027 11031 409be4 _free 14 API calls 11029->11031 11031->11027 11032 409eca 11033 409ed6 ___scrt_is_nonwritable_in_current_image 11032->11033 11045 40c848 EnterCriticalSection 11033->11045 11035 409ee0 11036 40a100 _free 14 API calls 11035->11036 11037 409ef3 11036->11037 11046 409f13 11037->11046 11040->11029 11044 40c890 LeaveCriticalSection 11041->11044 11043 409eac 11043->11032 11044->11043 11045->11035 11049 40c890 LeaveCriticalSection 11046->11049 11048 409f01 11048->10996 11049->11048 11855 4038a6 11856 4038ae 11855->11856 11872 408b0c 11856->11872 11858 4038b9 11879 403ba5 11858->11879 11860 403e5a 4 API calls 11862 403950 11860->11862 11861 4038ce __RTC_Initialize 11870 40392b 11861->11870 11885 403d32 11861->11885 11864 4038e7 11864->11870 11888 403dec InitializeSListHead 11864->11888 11866 4038fd 11889 403dfb 11866->11889 11868 403920 11895 408be9 11868->11895 11870->11860 11871 403948 11870->11871 11873 408b3e 11872->11873 11874 408b1b 11872->11874 11873->11858 11874->11873 11875 409bd1 _free 14 API calls 11874->11875 11876 408b2e 11875->11876 11877 409b14 __fassign 25 API calls 11876->11877 11878 408b39 11877->11878 11878->11858 11880 403bb1 11879->11880 11881 403bb5 11879->11881 11880->11861 11882 403e5a 4 API calls 11881->11882 11884 403bc2 ___scrt_release_startup_lock 11881->11884 11883 403c2b 11882->11883 11884->11861 11902 403d05 11885->11902 11888->11866 11937 409137 11889->11937 11891 403e0c 11892 403e13 11891->11892 11893 403e5a 4 API calls 11891->11893 11892->11868 11894 403e1b 11893->11894 11896 40a14b __fassign 37 API calls 11895->11896 11898 408bf4 11896->11898 11897 408c2c 11897->11870 11898->11897 11899 409bd1 _free 14 API calls 11898->11899 11900 408c21 11899->11900 11901 409b14 __fassign 25 API calls 11900->11901 11901->11897 11903 403d14 11902->11903 11904 403d1b 11902->11904 11908 408f5b 11903->11908 11911 408fc7 11904->11911 11907 403d19 11907->11864 11909 408fc7 28 API calls 11908->11909 11910 408f6d 11909->11910 11910->11907 11914 408cfd 11911->11914 11915 408d09 ___scrt_is_nonwritable_in_current_image 11914->11915 11922 40c848 EnterCriticalSection 11915->11922 11917 408d17 11923 408d58 11917->11923 11919 408d24 11933 408d4c 11919->11933 11922->11917 11924 408d74 11923->11924 11926 408deb _free 11923->11926 11925 408dcb 11924->11925 11924->11926 11927 40d6ed 28 API calls 11924->11927 11925->11926 11928 40d6ed 28 API calls 11925->11928 11926->11919 11929 408dc1 11927->11929 11930 408de1 11928->11930 11931 409be4 _free 14 API calls 11929->11931 11932 409be4 _free 14 API calls 11930->11932 11931->11925 11932->11926 11936 40c890 LeaveCriticalSection 11933->11936 11935 408d35 11935->11907 11936->11935 11938 409155 11937->11938 11942 409175 11937->11942 11939 409bd1 _free 14 API calls 11938->11939 11940 40916b 11939->11940 11941 409b14 __fassign 25 API calls 11940->11941 11941->11942 11942->11891 9297 4085a8 9308 40c2c2 9297->9308 9301 4085c5 9305 409be4 _free 14 API calls 9301->9305 9306 4085f4 9305->9306 9309 40c2cb 9308->9309 9313 4085ba 9308->9313 9349 40a208 9309->9349 9314 40c783 GetEnvironmentStringsW 9313->9314 9315 40c7f0 9314->9315 9316 40c79a 9314->9316 9317 4085bf 9315->9317 9318 40c7f9 FreeEnvironmentStringsW 9315->9318 9319 40c695 ___scrt_uninitialize_crt WideCharToMultiByte 9316->9319 9317->9301 9326 4085fa 9317->9326 9318->9317 9320 40c7b3 9319->9320 9320->9315 9321 409c1e 15 API calls 9320->9321 9322 40c7c3 9321->9322 9323 40c7db 9322->9323 9324 40c695 ___scrt_uninitialize_crt WideCharToMultiByte 9322->9324 9325 409be4 _free 14 API calls 9323->9325 9324->9323 9325->9315 9327 40860f 9326->9327 9328 40b378 _free 14 API calls 9327->9328 9339 408636 9328->9339 9329 40869b 9330 409be4 _free 14 API calls 9329->9330 9331 4085d0 9330->9331 9343 409be4 9331->9343 9332 40b378 _free 14 API calls 9332->9339 9333 40869d 10010 4086ca 9333->10010 9337 409be4 _free 14 API calls 9337->9329 9338 4086bd 9341 409b24 __fassign 11 API calls 9338->9341 9339->9329 9339->9332 9339->9333 9339->9338 9340 409be4 _free 14 API calls 9339->9340 10001 4091d2 9339->10001 9340->9339 9342 4086c9 9341->9342 9344 409bef HeapFree 9343->9344 9348 409c18 _free 9343->9348 9345 409c04 9344->9345 9344->9348 9346 409bd1 _free 12 API calls 9345->9346 9347 409c0a GetLastError 9346->9347 9347->9348 9348->9301 9350 40a213 9349->9350 9351 40a219 9349->9351 9393 40d532 9350->9393 9371 40a21f 9351->9371 9398 40d571 9351->9398 9359 40a260 9362 40d571 _free 6 API calls 9359->9362 9360 40a24b 9363 40d571 _free 6 API calls 9360->9363 9361 40a298 9374 40c10e 9361->9374 9364 40a26c 9362->9364 9365 40a257 9363->9365 9366 40a270 9364->9366 9367 40a27f 9364->9367 9370 409be4 _free 14 API calls 9365->9370 9368 40d571 _free 6 API calls 9366->9368 9410 409f79 9367->9410 9368->9365 9370->9371 9371->9361 9415 40922c 9371->9415 9373 409be4 _free 14 API calls 9373->9371 9799 40c222 9374->9799 9379 40c13a 9379->9313 9382 40c17d 9384 409be4 _free 14 API calls 9382->9384 9386 40c18b 9384->9386 9386->9313 9387 40c178 9388 409bd1 _free 14 API calls 9387->9388 9388->9382 9389 40c1bf 9389->9382 9835 40bdaa 9389->9835 9390 40c193 9390->9389 9391 409be4 _free 14 API calls 9390->9391 9391->9389 9426 40d3d2 9393->9426 9395 40d54e 9396 40d557 9395->9396 9397 40d569 TlsGetValue 9395->9397 9396->9351 9399 40d3d2 _free 5 API calls 9398->9399 9400 40d58d 9399->9400 9401 40a233 9400->9401 9402 40d5ab TlsSetValue 9400->9402 9401->9371 9403 40b378 9401->9403 9408 40b385 _free 9403->9408 9404 40b3c5 9442 409bd1 9404->9442 9405 40b3b0 RtlAllocateHeap 9406 40a243 9405->9406 9405->9408 9406->9359 9406->9360 9408->9404 9408->9405 9439 40d81d 9408->9439 9479 409e0d 9410->9479 9621 40d974 9415->9621 9419 409246 IsProcessorFeaturePresent 9423 409252 9419->9423 9420 409265 9657 408aba 9420->9657 9422 40923c 9422->9419 9422->9420 9651 409968 9423->9651 9427 40d400 9426->9427 9431 40d3fc _free 9426->9431 9427->9431 9432 40d30b 9427->9432 9430 40d41a GetProcAddress 9430->9431 9431->9395 9433 40d31c ___vcrt_InitializeCriticalSectionEx 9432->9433 9434 40d33a LoadLibraryExW 9433->9434 9436 40d3b0 FreeLibrary 9433->9436 9437 40d3c7 9433->9437 9438 40d388 LoadLibraryExW 9433->9438 9434->9433 9435 40d355 GetLastError 9434->9435 9435->9433 9436->9433 9437->9430 9437->9431 9438->9433 9445 40d84a 9439->9445 9456 40a2a2 GetLastError 9442->9456 9444 409bd6 9444->9406 9446 40d856 ___scrt_is_nonwritable_in_current_image 9445->9446 9451 40c848 EnterCriticalSection 9446->9451 9448 40d861 9452 40d89d 9448->9452 9451->9448 9455 40c890 LeaveCriticalSection 9452->9455 9454 40d828 9454->9408 9455->9454 9457 40a2bf 9456->9457 9458 40a2b9 9456->9458 9460 40d571 _free 6 API calls 9457->9460 9476 40a2c5 SetLastError 9457->9476 9459 40d532 _free 6 API calls 9458->9459 9459->9457 9461 40a2dd 9460->9461 9462 40b378 _free 12 API calls 9461->9462 9461->9476 9464 40a2ed 9462->9464 9465 40a2f5 9464->9465 9466 40a30c 9464->9466 9468 40d571 _free 6 API calls 9465->9468 9467 40d571 _free 6 API calls 9466->9467 9470 40a318 9467->9470 9469 40a303 9468->9469 9473 409be4 _free 12 API calls 9469->9473 9471 40a31c 9470->9471 9472 40a32d 9470->9472 9474 40d571 _free 6 API calls 9471->9474 9475 409f79 _free 12 API calls 9472->9475 9473->9476 9474->9469 9477 40a338 9475->9477 9476->9444 9478 409be4 _free 12 API calls 9477->9478 9478->9476 9480 409e19 ___scrt_is_nonwritable_in_current_image 9479->9480 9493 40c848 EnterCriticalSection 9480->9493 9482 409e23 9494 409e53 9482->9494 9485 409f1f 9486 409f2b ___scrt_is_nonwritable_in_current_image 9485->9486 9498 40c848 EnterCriticalSection 9486->9498 9488 409f35 9499 40a100 9488->9499 9490 409f4d 9503 409f6d 9490->9503 9493->9482 9497 40c890 LeaveCriticalSection 9494->9497 9496 409e41 9496->9485 9497->9496 9498->9488 9500 40a136 _free 9499->9500 9501 40a10f _free 9499->9501 9500->9490 9501->9500 9506 40cfa0 9501->9506 9620 40c890 LeaveCriticalSection 9503->9620 9505 409f5b 9505->9373 9508 40d020 9506->9508 9511 40cfb6 9506->9511 9509 409be4 _free 14 API calls 9508->9509 9533 40d06e 9508->9533 9510 40d042 9509->9510 9514 409be4 _free 14 API calls 9510->9514 9511->9508 9512 40cfe9 9511->9512 9516 409be4 _free 14 API calls 9511->9516 9513 40d00b 9512->9513 9521 409be4 _free 14 API calls 9512->9521 9515 409be4 _free 14 API calls 9513->9515 9517 40d055 9514->9517 9518 40d015 9515->9518 9520 40cfde 9516->9520 9522 409be4 _free 14 API calls 9517->9522 9523 409be4 _free 14 API calls 9518->9523 9519 40d0dc 9524 409be4 _free 14 API calls 9519->9524 9534 40cb7d 9520->9534 9526 40d000 9521->9526 9527 40d063 9522->9527 9523->9508 9529 40d0e2 9524->9529 9562 40cc7b 9526->9562 9531 409be4 _free 14 API calls 9527->9531 9528 40d07c 9528->9519 9532 409be4 14 API calls _free 9528->9532 9529->9500 9531->9533 9532->9528 9574 40d111 9533->9574 9535 40cb8e 9534->9535 9561 40cc77 9534->9561 9536 40cb9f 9535->9536 9538 409be4 _free 14 API calls 9535->9538 9537 40cbb1 9536->9537 9539 409be4 _free 14 API calls 9536->9539 9540 40cbc3 9537->9540 9541 409be4 _free 14 API calls 9537->9541 9538->9536 9539->9537 9542 40cbd5 9540->9542 9543 409be4 _free 14 API calls 9540->9543 9541->9540 9544 40cbe7 9542->9544 9546 409be4 _free 14 API calls 9542->9546 9543->9542 9545 40cbf9 9544->9545 9547 409be4 _free 14 API calls 9544->9547 9548 40cc0b 9545->9548 9549 409be4 _free 14 API calls 9545->9549 9546->9544 9547->9545 9550 40cc1d 9548->9550 9551 409be4 _free 14 API calls 9548->9551 9549->9548 9552 409be4 _free 14 API calls 9550->9552 9556 40cc2f 9550->9556 9551->9550 9552->9556 9553 409be4 _free 14 API calls 9555 40cc41 9553->9555 9554 40cc53 9558 40cc65 9554->9558 9559 409be4 _free 14 API calls 9554->9559 9555->9554 9557 409be4 _free 14 API calls 9555->9557 9556->9553 9556->9555 9557->9554 9560 409be4 _free 14 API calls 9558->9560 9558->9561 9559->9558 9560->9561 9561->9512 9563 40cc88 9562->9563 9573 40cce0 9562->9573 9564 40cc98 9563->9564 9565 409be4 _free 14 API calls 9563->9565 9566 409be4 _free 14 API calls 9564->9566 9567 40ccaa 9564->9567 9565->9564 9566->9567 9568 409be4 _free 14 API calls 9567->9568 9569 40ccbc 9567->9569 9568->9569 9570 40ccce 9569->9570 9571 409be4 _free 14 API calls 9569->9571 9572 409be4 _free 14 API calls 9570->9572 9570->9573 9571->9570 9572->9573 9573->9513 9575 40d11e 9574->9575 9576 40d13d 9574->9576 9575->9576 9580 40cd1c 9575->9580 9576->9528 9579 409be4 _free 14 API calls 9579->9576 9581 40cdfa 9580->9581 9582 40cd2d 9580->9582 9581->9579 9616 40cce4 9582->9616 9585 40cce4 _free 14 API calls 9586 40cd40 9585->9586 9587 40cce4 _free 14 API calls 9586->9587 9588 40cd4b 9587->9588 9589 40cce4 _free 14 API calls 9588->9589 9590 40cd56 9589->9590 9591 40cce4 _free 14 API calls 9590->9591 9592 40cd64 9591->9592 9593 409be4 _free 14 API calls 9592->9593 9594 40cd6f 9593->9594 9595 409be4 _free 14 API calls 9594->9595 9596 40cd7a 9595->9596 9597 409be4 _free 14 API calls 9596->9597 9598 40cd85 9597->9598 9599 40cce4 _free 14 API calls 9598->9599 9600 40cd93 9599->9600 9601 40cce4 _free 14 API calls 9600->9601 9602 40cda1 9601->9602 9603 40cce4 _free 14 API calls 9602->9603 9604 40cdb2 9603->9604 9605 40cce4 _free 14 API calls 9604->9605 9606 40cdc0 9605->9606 9607 40cce4 _free 14 API calls 9606->9607 9608 40cdce 9607->9608 9609 409be4 _free 14 API calls 9608->9609 9610 40cdd9 9609->9610 9611 409be4 _free 14 API calls 9610->9611 9612 40cde4 9611->9612 9613 409be4 _free 14 API calls 9612->9613 9614 40cdef 9613->9614 9615 409be4 _free 14 API calls 9614->9615 9615->9581 9617 40cd17 9616->9617 9618 40cd07 9616->9618 9617->9585 9618->9617 9619 409be4 _free 14 API calls 9618->9619 9619->9618 9620->9505 9660 40d8a6 9621->9660 9624 40d9b9 9625 40d9c5 ___scrt_is_nonwritable_in_current_image 9624->9625 9626 40a2a2 _free 14 API calls 9625->9626 9629 40d9f2 __fassign 9625->9629 9632 40d9ec __fassign 9625->9632 9626->9632 9627 40da39 9628 409bd1 _free 14 API calls 9627->9628 9630 40da3e 9628->9630 9631 40da65 9629->9631 9674 40c848 EnterCriticalSection 9629->9674 9671 409b14 9630->9671 9636 40daa7 9631->9636 9637 40db98 9631->9637 9647 40dad6 9631->9647 9632->9627 9632->9629 9650 40da23 9632->9650 9636->9647 9675 40a14b GetLastError 9636->9675 9638 40dba3 9637->9638 9706 40c890 LeaveCriticalSection 9637->9706 9641 408aba __fassign 23 API calls 9638->9641 9642 40dbab 9641->9642 9645 40a14b __fassign 37 API calls 9648 40db2b 9645->9648 9646 40a14b __fassign 37 API calls 9646->9647 9702 40db45 9647->9702 9649 40a14b __fassign 37 API calls 9648->9649 9648->9650 9649->9650 9650->9422 9652 409984 __fassign 9651->9652 9653 4099b0 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 9652->9653 9656 409a81 __fassign 9653->9656 9655 409a9f 9655->9420 9720 4042d2 9656->9720 9728 408994 9657->9728 9661 40d8b2 ___scrt_is_nonwritable_in_current_image 9660->9661 9666 40c848 EnterCriticalSection 9661->9666 9663 40d8c0 9667 40d8fe 9663->9667 9666->9663 9670 40c890 LeaveCriticalSection 9667->9670 9669 409231 9669->9422 9669->9624 9670->9669 9707 409ab0 9671->9707 9673 409b20 9673->9650 9674->9631 9676 40a162 9675->9676 9677 40a168 9675->9677 9679 40d532 _free 6 API calls 9676->9679 9678 40d571 _free 6 API calls 9677->9678 9700 40a16e SetLastError 9677->9700 9680 40a186 9678->9680 9679->9677 9681 40b378 _free 14 API calls 9680->9681 9680->9700 9683 40a196 9681->9683 9684 40a1b5 9683->9684 9685 40a19e 9683->9685 9688 40d571 _free 6 API calls 9684->9688 9689 40d571 _free 6 API calls 9685->9689 9686 40a202 9690 40922c __fassign 35 API calls 9686->9690 9687 40a1fc 9687->9646 9692 40a1c1 9688->9692 9693 40a1ac 9689->9693 9691 40a207 9690->9691 9694 40a1c5 9692->9694 9695 40a1d6 9692->9695 9698 409be4 _free 14 API calls 9693->9698 9696 40d571 _free 6 API calls 9694->9696 9697 409f79 _free 14 API calls 9695->9697 9696->9693 9699 40a1e1 9697->9699 9698->9700 9701 409be4 _free 14 API calls 9699->9701 9700->9686 9700->9687 9701->9700 9703 40db1c 9702->9703 9704 40db4b 9702->9704 9703->9645 9703->9648 9703->9650 9719 40c890 LeaveCriticalSection 9704->9719 9706->9638 9708 40a2a2 _free 14 API calls 9707->9708 9709 409abb 9708->9709 9710 409ac9 9709->9710 9715 409b24 IsProcessorFeaturePresent 9709->9715 9710->9673 9712 409b13 9713 409ab0 __fassign 25 API calls 9712->9713 9714 409b20 9713->9714 9714->9673 9716 409b30 9715->9716 9717 409968 __fassign 8 API calls 9716->9717 9718 409b45 GetCurrentProcess TerminateProcess 9717->9718 9718->9712 9719->9703 9721 4042da 9720->9721 9722 4042db IsProcessorFeaturePresent 9720->9722 9721->9655 9724 40431d 9722->9724 9727 4042e0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 9724->9727 9726 404400 9726->9655 9727->9726 9729 4089a2 9728->9729 9730 4089b4 9728->9730 9756 403fab GetModuleHandleW 9729->9756 9740 40885a 9730->9740 9735 4089ed 9738 4089f7 9741 408866 ___scrt_is_nonwritable_in_current_image 9740->9741 9764 40c848 EnterCriticalSection 9741->9764 9743 408870 9765 4088a7 9743->9765 9745 40887d 9769 40889b 9745->9769 9748 4089f8 9792 40c8a7 GetPEB 9748->9792 9751 408a27 9754 408a3a __fassign 3 API calls 9751->9754 9752 408a07 GetPEB 9752->9751 9753 408a17 GetCurrentProcess TerminateProcess 9752->9753 9753->9751 9755 408a2f ExitProcess 9754->9755 9757 403fb7 9756->9757 9757->9730 9758 408a3a GetModuleHandleExW 9757->9758 9759 408a59 GetProcAddress 9758->9759 9760 408a7c 9758->9760 9763 408a6e 9759->9763 9761 408a82 FreeLibrary 9760->9761 9762 4089b3 9760->9762 9761->9762 9762->9730 9763->9760 9764->9743 9767 4088b3 ___scrt_is_nonwritable_in_current_image 9765->9767 9766 408914 __fassign 9766->9745 9767->9766 9772 408f71 9767->9772 9791 40c890 LeaveCriticalSection 9769->9791 9771 408889 9771->9735 9771->9748 9775 408ca2 9772->9775 9776 408cae ___scrt_is_nonwritable_in_current_image 9775->9776 9783 40c848 EnterCriticalSection 9776->9783 9778 408cbc 9784 408e81 9778->9784 9783->9778 9785 408ea0 9784->9785 9786 408cc9 9784->9786 9785->9786 9787 409be4 _free 14 API calls 9785->9787 9788 408cf1 9786->9788 9787->9786 9789 40c890 _free LeaveCriticalSection 9788->9789 9790 408cda 9789->9790 9790->9766 9791->9771 9793 408a02 9792->9793 9794 40c8c1 9792->9794 9793->9751 9793->9752 9796 40d455 9794->9796 9797 40d3d2 _free 5 API calls 9796->9797 9798 40d471 9797->9798 9798->9793 9800 40c22e ___scrt_is_nonwritable_in_current_image 9799->9800 9801 40c248 9800->9801 9843 40c848 EnterCriticalSection 9800->9843 9803 40c121 9801->9803 9805 40922c __fassign 37 API calls 9801->9805 9810 40beb8 9803->9810 9804 40c284 9844 40c2a1 9804->9844 9807 40c2c1 9805->9807 9808 40c258 9808->9804 9809 409be4 _free 14 API calls 9808->9809 9809->9804 9848 406adf 9810->9848 9813 40bed9 GetOEMCP 9815 40bf02 9813->9815 9814 40beeb 9814->9815 9816 40bef0 GetACP 9814->9816 9815->9379 9817 409c1e 9815->9817 9816->9815 9818 409c5c 9817->9818 9822 409c2c _free 9817->9822 9820 409bd1 _free 14 API calls 9818->9820 9819 409c47 RtlAllocateHeap 9821 409c5a 9819->9821 9819->9822 9820->9821 9821->9382 9824 40c31d 9821->9824 9822->9818 9822->9819 9823 40d81d _free 2 API calls 9822->9823 9823->9822 9825 40beb8 39 API calls 9824->9825 9826 40c33d 9825->9826 9828 40c377 IsValidCodePage 9826->9828 9833 40c3b3 __fassign 9826->9833 9827 4042d2 _ValidateLocalCookies 5 API calls 9829 40c170 9827->9829 9830 40c389 9828->9830 9828->9833 9829->9387 9829->9390 9831 40c3b8 GetCPInfo 9830->9831 9834 40c392 __fassign 9830->9834 9831->9833 9831->9834 9833->9827 9891 40bf8e 9834->9891 9836 40bdb6 ___scrt_is_nonwritable_in_current_image 9835->9836 9975 40c848 EnterCriticalSection 9836->9975 9838 40bdc0 9976 40bdf7 9838->9976 9843->9808 9847 40c890 LeaveCriticalSection 9844->9847 9846 40c2a8 9846->9801 9847->9846 9849 406af6 9848->9849 9850 406aff 9848->9850 9849->9813 9849->9814 9850->9849 9851 40a14b __fassign 37 API calls 9850->9851 9852 406b1f 9851->9852 9856 40a39d 9852->9856 9857 40a3b0 9856->9857 9858 406b35 9856->9858 9857->9858 9864 40d1ec 9857->9864 9860 40a3ca 9858->9860 9861 40a3dd 9860->9861 9863 40a3f2 9860->9863 9861->9863 9886 40c30a 9861->9886 9863->9849 9865 40d1f8 ___scrt_is_nonwritable_in_current_image 9864->9865 9866 40a14b __fassign 37 API calls 9865->9866 9867 40d201 9866->9867 9869 40d247 9867->9869 9877 40c848 EnterCriticalSection 9867->9877 9869->9858 9870 40d21f 9878 40d26d 9870->9878 9875 40922c __fassign 37 API calls 9876 40d26c 9875->9876 9877->9870 9879 40d230 9878->9879 9880 40d27b _free 9878->9880 9882 40d24c 9879->9882 9880->9879 9881 40cfa0 _free 14 API calls 9880->9881 9881->9879 9885 40c890 LeaveCriticalSection 9882->9885 9884 40d243 9884->9869 9884->9875 9885->9884 9887 40a14b __fassign 37 API calls 9886->9887 9888 40c314 9887->9888 9889 40c222 __fassign 37 API calls 9888->9889 9890 40c31a 9889->9890 9890->9863 9892 40bfb6 GetCPInfo 9891->9892 9893 40c07f 9891->9893 9892->9893 9899 40bfce 9892->9899 9894 4042d2 _ValidateLocalCookies 5 API calls 9893->9894 9895 40c10c 9894->9895 9895->9833 9902 40ce00 9899->9902 9901 410a5e 41 API calls 9901->9893 9903 406adf __fassign 37 API calls 9902->9903 9904 40ce20 9903->9904 9922 40c619 9904->9922 9906 40ce4d 9909 409c1e 15 API calls 9906->9909 9912 40cede 9906->9912 9913 40ce73 __fassign 9906->9913 9907 4042d2 _ValidateLocalCookies 5 API calls 9910 40c036 9907->9910 9908 40ced8 9925 40cf03 9908->9925 9909->9913 9917 410a5e 9910->9917 9912->9907 9913->9908 9914 40c619 __fassign MultiByteToWideChar 9913->9914 9915 40cec1 9914->9915 9915->9908 9916 40cec8 GetStringTypeW 9915->9916 9916->9908 9918 406adf __fassign 37 API calls 9917->9918 9919 410a71 9918->9919 9929 410874 9919->9929 9923 40c62a MultiByteToWideChar 9922->9923 9923->9906 9926 40cf20 9925->9926 9927 40cf0f 9925->9927 9926->9912 9927->9926 9928 409be4 _free 14 API calls 9927->9928 9928->9926 9930 41088f 9929->9930 9931 40c619 __fassign MultiByteToWideChar 9930->9931 9934 4108d3 9931->9934 9932 410a38 9933 4042d2 _ValidateLocalCookies 5 API calls 9932->9933 9935 40c057 9933->9935 9934->9932 9937 409c1e 15 API calls 9934->9937 9941 4108f8 9934->9941 9935->9901 9936 41099d 9940 40cf03 __freea 14 API calls 9936->9940 9937->9941 9938 40c619 __fassign MultiByteToWideChar 9939 41093e 9938->9939 9939->9936 9957 40d5fe 9939->9957 9940->9932 9941->9936 9941->9938 9944 410974 9944->9936 9948 40d5fe 6 API calls 9944->9948 9945 4109ac 9946 409c1e 15 API calls 9945->9946 9950 4109be 9945->9950 9946->9950 9947 410a29 9949 40cf03 __freea 14 API calls 9947->9949 9948->9936 9949->9936 9950->9947 9951 40d5fe 6 API calls 9950->9951 9952 410a06 9951->9952 9952->9947 9963 40c695 9952->9963 9954 410a20 9954->9947 9955 410a55 9954->9955 9956 40cf03 __freea 14 API calls 9955->9956 9956->9936 9966 40d2d7 9957->9966 9961 40d60f 9961->9936 9961->9944 9961->9945 9962 40d64f LCMapStringW 9962->9961 9965 40c6ac WideCharToMultiByte 9963->9965 9965->9954 9967 40d3d2 _free 5 API calls 9966->9967 9968 40d2ed 9967->9968 9968->9961 9969 40d65b 9968->9969 9972 40d2f1 9969->9972 9971 40d666 9971->9962 9973 40d3d2 _free 5 API calls 9972->9973 9974 40d307 9973->9974 9974->9971 9975->9838 9986 40c510 9976->9986 9978 40be19 9979 40c510 25 API calls 9978->9979 9980 40be38 9979->9980 9981 40bdcd 9980->9981 9982 409be4 _free 14 API calls 9980->9982 9983 40bdeb 9981->9983 9982->9981 10000 40c890 LeaveCriticalSection 9983->10000 9985 40bdd9 9985->9382 9987 40c521 9986->9987 9991 40c51d ___scrt_uninitialize_crt 9986->9991 9988 40c528 9987->9988 9993 40c53b __fassign 9987->9993 9989 409bd1 _free 14 API calls 9988->9989 9990 40c52d 9989->9990 9992 409b14 __fassign 25 API calls 9990->9992 9991->9978 9992->9991 9993->9991 9994 40c572 9993->9994 9995 40c569 9993->9995 9994->9991 9997 409bd1 _free 14 API calls 9994->9997 9996 409bd1 _free 14 API calls 9995->9996 9998 40c56e 9996->9998 9997->9998 9999 409b14 __fassign 25 API calls 9998->9999 9999->9991 10000->9985 10002 4091ed 10001->10002 10003 4091df 10001->10003 10004 409bd1 _free 14 API calls 10002->10004 10003->10002 10008 409204 10003->10008 10005 4091f5 10004->10005 10006 409b14 __fassign 25 API calls 10005->10006 10007 4091ff 10006->10007 10007->9339 10008->10007 10009 409bd1 _free 14 API calls 10008->10009 10009->10005 10011 4086d7 10010->10011 10015 4086a3 10010->10015 10012 4086ee 10011->10012 10013 409be4 _free 14 API calls 10011->10013 10014 409be4 _free 14 API calls 10012->10014 10013->10011 10014->10015 10015->9337

                                                                                                                              Executed Functions

                                                                                                                              Function 004016FF Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 116windowCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              C-Code - Quality: 70%
                                                                                                                              			E004016FF(char _a4, char _a12) {
				struct %anon393 _v44;
				void* __edi;
				void* __esi;
				WCHAR* _t23;
				signed int _t46;
				void* _t63;
				char* _t67;

				_t67 = _a12;
				if(_t67 == 0 ||  *_t67 == 0) {
					_t46 = 9;
					_v44.cbSize = 0x28;
					_t23 = memset( &(_v44.hwndOwner), 0, _t46 << 2);
					_v44.lpszText.hwnd = 0x4152a0;
					_v44.lpszCaption = L"About...";
					_v44.lpszIcon = 0x66;
					_v44.hInstance = GetModuleHandleW(_t23);
					_v44.dwStyle = 0x80;
					MessageBoxIndirectW( &_v44);
				} else {
					if(E00407FD2(_t63, _t67, _t67, "/RegServer") == 0 || E00407FD2(_t63, _t67, _t67, "-RegServer") == 0) {
						E00401416(_a4); // executed
						goto L14;
					} else {
						if(E00407FD2(_t63, _t67, _t67, "/UnregServer") == 0 || E00407FD2(_t63, _t67, _t67, "-UnregServer") == 0) {
							_push(_a4);
							E004015AC();
							L14:
						} else {
							__imp__CoInitialize(0);
							if(E00404410(_t67, "/Embedding") != 0 || E00404410(_t67, "-Embedding") != 0) {
								E00401894( &_a12);
								_a4 = 0;
								__imp__CoRegisterClassObject(0x416244,  &_a12, 4, 1,  &_a4);
								while(GetMessageW( &(_v44.lpszText), 0, 0, 0) != 0) {
									TranslateMessage( &(_v44.lpszText));
									DispatchMessageW( &(_v44.lpszText));
								}
								__imp__CoRevokeClassObject(_a4);
								E0040189D(_t39,  &_a12);
							}
							__imp__CoUninitialize();
						}
					}
				}
				return 0;
			}










                                                                                                                              0x00401706
                                                                                                                              0x0040170c
                                                                                                                              0x00401815
                                                                                                                              0x00401818
                                                                                                                              0x00401822
                                                                                                                              0x00401825
                                                                                                                              0x0040182c
                                                                                                                              0x00401833
                                                                                                                              0x00401840
                                                                                                                              0x00401847
                                                                                                                              0x0040184e
                                                                                                                              0x0040171b
                                                                                                                              0x0040172a
                                                                                                                              0x0040180c
                                                                                                                              0x00000000
                                                                                                                              0x00401745
                                                                                                                              0x00401754
                                                                                                                              0x004017fe
                                                                                                                              0x00401801
                                                                                                                              0x00401806
                                                                                                                              0x0040176f
                                                                                                                              0x00401772
                                                                                                                              0x00401787
                                                                                                                              0x0040179d
                                                                                                                              0x004017a5
                                                                                                                              0x004017b6
                                                                                                                              0x004017d8
                                                                                                                              0x004017c8
                                                                                                                              0x004017d2
                                                                                                                              0x004017d2
                                                                                                                              0x004017e8
                                                                                                                              0x004017f1
                                                                                                                              0x004017f1
                                                                                                                              0x004017f6
                                                                                                                              0x004017f6
                                                                                                                              0x00401754
                                                                                                                              0x0040172a
                                                                                                                              0x00401859

                                                                                                                              APIs
                                                                                                                              • CoInitialize.OLE32(00000000), ref: 00401772
                                                                                                                              • CoRegisterClassObject.OLE32(00416244,?,00000004,00000001,?), ref: 004017B6
                                                                                                                              • TranslateMessage.USER32(?), ref: 004017C8
                                                                                                                              • DispatchMessageW.USER32 ref: 004017D2
                                                                                                                              • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 004017DF
                                                                                                                              • CoRevokeClassObject.OLE32(?), ref: 004017E8
                                                                                                                              • CoUninitialize.OLE32 ref: 004017F6
                                                                                                                              • GetModuleHandleW.KERNEL32(00000000), ref: 0040183A
                                                                                                                              • MessageBoxIndirectW.USER32(00000028), ref: 0040184E
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Message$ClassObject$DispatchHandleIndirectInitializeModuleRegisterRevokeTranslateUninitialize
                                                                                                                              • String ID: ($-Embedding$-RegServer$-UnregServer$/Embedding$/RegServer$/UnregServer$f
                                                                                                                              • API String ID: 234574742-2812903357
                                                                                                                              • Opcode ID: fc18ca54a635116b48de9a0ec5b58412663a0f73b858af44ae47a1384b55c085
                                                                                                                              • Instruction ID: 73a2839891a3f49ce878597d1ceea6f053ff27f7bc5e9e5fd74eacb7036b457e
                                                                                                                              • Opcode Fuzzy Hash: fc18ca54a635116b48de9a0ec5b58412663a0f73b858af44ae47a1384b55c085
                                                                                                                              • Instruction Fuzzy Hash: 2031B73290460ABADB11AF65DC05BDF3BA8AF84314F10803BF901B61E1EB7C964586AD
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004089F8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 173 4089f8-408a05 call 40c8a7 176 408a27-408a33 call 408a3a ExitProcess 173->176 177 408a07-408a15 GetPEB 173->177 177->176 178 408a17-408a21 GetCurrentProcess TerminateProcess 177->178 178->176
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004089F8(int _a4) {
				void* _t14;

				if(E0040C8A7(_t14) != 1 && ( *( *[fs:0x30] + 0x68) >> 0x00000008 & 0x00000001) == 0) {
					TerminateProcess(GetCurrentProcess(), _a4);
				}
				E00408A3A(_t14, _a4);
				ExitProcess(_a4);
			}




                                                                                                                              0x00408a05
                                                                                                                              0x00408a21
                                                                                                                              0x00408a21
                                                                                                                              0x00408a2a
                                                                                                                              0x00408a33

                                                                                                                              APIs
                                                                                                                              • GetCurrentProcess.KERNEL32(?,?,004089F7,?,00000000,?,?,?,00406638), ref: 00408A1A
                                                                                                                              • TerminateProcess.KERNEL32(00000000,?,004089F7,?,00000000,?,?,?,00406638), ref: 00408A21
                                                                                                                              • ExitProcess.KERNEL32 ref: 00408A33
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Process$CurrentExitTerminate
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1703294689-0
                                                                                                                              • Opcode ID: 751e5e81c3f5c80d383cd33b772697d51097390d7e27acddaaea6f4ba94fd06f
                                                                                                                              • Instruction ID: a21da9d54574549b779d5bf63094faeca94eca77bebef324ed7ae92d6f22d434
                                                                                                                              • Opcode Fuzzy Hash: 751e5e81c3f5c80d383cd33b772697d51097390d7e27acddaaea6f4ba94fd06f
                                                                                                                              • Instruction Fuzzy Hash: 53E04F31210504EFCB126F54DD49A993F28FF45346F00847AF44496571CB39DD41CA88
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00403FEE Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 228 403fee-403ff9 SetUnhandledExceptionFilter
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00403FEE() {
				_Unknown_base(*)()* _t1;

				_t1 = SetUnhandledExceptionFilter(E00403FFA); // executed
				return _t1;
			}




                                                                                                                              0x00403ff3
                                                                                                                              0x00403ff9

                                                                                                                              APIs
                                                                                                                              • SetUnhandledExceptionFilter.KERNELBASE(Function_00003FFA,0040395E), ref: 00403FF3
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ExceptionFilterUnhandled
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3192549508-0
                                                                                                                              • Opcode ID: 80241a7990477e9a42cbfb67e254b56fb20ae08d6c0ae157a50412d3a753e5d9
                                                                                                                              • Instruction ID: 87da213fa71cf2daabf0e8d6f9ab0e34ffd4a5067bff10737b499319860d7a03
                                                                                                                              • Opcode Fuzzy Hash: 80241a7990477e9a42cbfb67e254b56fb20ae08d6c0ae157a50412d3a753e5d9
                                                                                                                              • Instruction Fuzzy Hash:
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004010C5 Relevance: 66.8, APIs: 16, Strings: 22, Instructions: 292registryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 0 4010c5-40110c call 404680 * 2 StringFromGUID2 5 401118-401156 call 40145f call 4015c4 0->5 6 40110e-401113 0->6 12 40115c-40116f GetModuleFileNameW 5->12 13 40140e-401410 5->13 7 401413-401415 6->7 12->13 14 401175-4011a8 RegCreateKeyExW ConvertStringSecurityDescriptorToSecurityDescriptorW 12->14 15 401411-401412 13->15 16 4011c5-4011d9 ConvertStringSecurityDescriptorToSecurityDescriptorW 14->16 17 4011aa-4011bf GetSecurityDescriptorLength RegSetValueExA 14->17 15->7 18 4011f9 16->18 19 4011db-4011f7 GetSecurityDescriptorLength RegSetValueExA 16->19 17->16 20 4011fb-40129f call 40163f RegCloseKey RegCreateKeyExW call 40163f RegCloseKey call 404680 call 40143a call 4015c4 18->20 19->20 31 401351-401358 RegCloseKey 20->31 32 4012a5-4012bd call 40163f 20->32 34 40135a-40135d RegCloseKey 31->34 35 40135f-401361 31->35 32->31 38 4012c3-4012d7 call 4015c4 32->38 34->35 35->13 37 401367-401380 call 4015c4 35->37 37->13 43 401386-4013a2 call 4015c4 37->43 38->31 44 4012d9-4012ed call 4015c4 38->44 48 4013c1 43->48 49 4013a4-4013b0 call 4015c4 43->49 44->31 53 4012ef-401307 call 40163f 44->53 52 4013c3-4013ca RegCloseKey 48->52 54 4013b5-4013ba 49->54 52->13 55 4013cc-4013e5 call 4015c4 52->55 53->31 61 401309-40131f call 40163f 53->61 54->48 57 4013bc-4013bf 54->57 55->13 62 4013e7-4013f7 call 4015c4 55->62 57->52 61->31 66 401321-401333 call 4015c4 61->66 67 4013fc-401408 RegCloseKey 62->67 66->31 71 401335-401342 call 4016a7 66->71 67->13 69 40140a-40140c 67->69 69->15 73 401347-40134c 71->73 73->31 74 40134e-401350 73->74 74->31
                                                                                                                              C-Code - Quality: 84%
                                                                                                                              			E004010C5(void* __edi, struct HINSTANCE__* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void* _v8;
				void* _v12;
				void* _v16;
				char* _v20;
				char _v148;
				short _v668;
				char _v1220;
				char* _t55;
				void* _t61;
				int _t63;
				void** _t68;
				char** _t69;
				void* _t84;
				void* _t87;
				void* _t89;
				void* _t92;
				void* _t94;
				void* _t96;
				void* _t98;
				void* _t99;
				void* _t100;
				void* _t102;
				void* _t103;
				void* _t104;
				void* _t105;
				int _t106;
				int _t113;
				void* _t116;
				void* _t117;
				void* _t127;
				void* _t128;
				char* _t131;
				struct _SECURITY_DESCRIPTOR* _t132;
				void* _t133;
				void* _t134;
				void* _t135;
				void* _t138;
				void* _t139;
				void* _t140;

				_t117 = __edi;
				E00404680(__edi,  &_v668, 0, 0x208);
				E00404680(_t117,  &_v148, 0, 0x80);
				_t134 = _t133 + 0x18;
				_t55 =  &_v148;
				__imp__StringFromGUID2(_a8, _t55, 0x40);
				if(_t55 == 0) {
					return 0x8007000e;
				}
				_push(_t117);
				E0040145F( &_v668, 0x104, L"SOFTWARE\\Classes\\CLSID\\%s",  &_v148);
				_t61 = E004015C4(_t116, 0x80000002,  &_v668, _a12,  &_v8); // executed
				_t135 = _t134 + 0x20;
				if(_t61 == 0 || GetModuleFileNameW(_a4,  &_v668, 0x104) == 0) {
					L30:
					_t63 = 1;
					goto L31;
				} else {
					RegCreateKeyExW(0x80000002, L"SOFTWARE\\Classes\\AppID\\{3B29AB5C-52CB-4a36-9314-E3FEE0BA7468}", 0, 0, 0, 0x20006, 0,  &_v12, 0); // executed
					_push(0);
					_t68 =  &_v16;
					_push(_t68);
					_push(1);
					_push(L"O:BAG:BAD:(A;;0x3;;;IU)(A;;0x3;;;SY)"); // executed
					L0040386F();
					if(_t68 != 0) {
						_t132 = _v16;
						RegSetValueExA(_v12, "AccessPermission", 0, 3, _t132, GetSecurityDescriptorLength(_t132)); // executed
					}
					_push(0);
					_t69 =  &_v20;
					_push(_t69);
					_push(1);
					_push(L"O:BAG:BAD:(A;;0xb;;;WD)S:(ML;;NX;;;LW)");
					L0040386F();
					if(_t69 == 0) {
						_t113 = 0;
					} else {
						_t131 = _v20;
						_t106 = GetSecurityDescriptorLength(_t131);
						_t113 = 0;
						RegSetValueExA(_v12, "LaunchPermission", 0, 3, _t131, _t106); // executed
					}
					E0040163F(_t116, _v12, _t113, _t113,  &_v668); // executed
					RegCloseKey(_v12);
					RegCreateKeyExW(0x80000002, L"SOFTWARE\\Classes\\AppID\\elevator.exe", _t113, _t113, _t113, 0x20006, _t113,  &_v12, _t113); // executed
					E0040163F(_t116, _v12, _t113, L"AppID", L"{3B29AB5C-52CB-4a36-9314-E3FEE0BA7468}"); // executed
					RegCloseKey(_v12);
					E00404680(RegCloseKey,  &_v1220, _t113, 0x226);
					_push(0x65);
					E0040143A( &_v1220, 0x226, L"@%s,-%u",  &_v668);
					_t127 = _v8;
					_t84 = E004015C4(_t116, _t127, L"LocalServer32",  &_v668,  &_v16); // executed
					_t138 = _t135 + 0x50;
					if(_t84 != 0) {
						_t98 = E0040163F(_t116, _v16, _t113, L"ThreadingModel", L"Both"); // executed
						_t138 = _t138 + 0x10;
						if(_t98 != 0) {
							_t99 = E004015C4(_t116, _t127, L"ProgID", _a20, _t113); // executed
							_t138 = _t138 + 0x10;
							if(_t99 != 0) {
								_t100 = E004015C4(_t116, _t127, L"VersionIndependentProgID", _a16, _t113); // executed
								_t138 = _t138 + 0x10;
								if(_t100 != 0) {
									_t102 = E0040163F(_t116, _t127, _t113, L"LocalizedString",  &_v1220); // executed
									_t138 = _t138 + 0x10;
									if(_t102 != 0) {
										_t103 = E0040163F(_t116, _t127, _t113, L"AppId", L"{3B29AB5C-52CB-4a36-9314-E3FEE0BA7468}"); // executed
										_t138 = _t138 + 0x10;
										if(_t103 != 0) {
											_t104 = E004015C4(_t116, _t127, L"Elevation", _t113, _t113); // executed
											_t138 = _t138 + 0x10;
											if(_t104 != 0) {
												_t105 = E004016A7(_t116, _t127, L"Elevation", L"Enabled", 1); // executed
												_t138 = _t138 + 0x10;
												if(_t105 != 0) {
													_t113 = 1;
												}
											}
										}
									}
								}
							}
						}
					}
					RegCloseKey(_t127);
					if(_v16 != 0) {
						RegCloseKey(_v16);
					}
					if(_t113 == 0) {
						goto L30;
					} else {
						_t87 = E004015C4(_t116, 0x80000000, _a16, _a12,  &_v8); // executed
						_t139 = _t138 + 0x10;
						if(_t87 == 0) {
							goto L30;
						}
						_t89 = E004015C4(_t116, _v8, L"CLSID",  &_v148, 0); // executed
						_t140 = _t139 + 0x10;
						if(_t89 == 0) {
							L25:
							_t128 = 0;
							L26:
							RegCloseKey(_v8);
							if(_t128 == 0) {
								goto L30;
							}
							_t92 = E004015C4(_t116, 0x80000000, _a20, _a12,  &_v8); // executed
							if(_t92 == 0) {
								goto L30;
							}
							_t94 = E004015C4(_t116, _v8, L"CLSID",  &_v148, 0); // executed
							RegCloseKey(_v8);
							if(_t94 == 0) {
								goto L30;
							}
							_t63 = 0;
							L31:
							return _t63;
						}
						_t96 = E004015C4(_t116, _v8, L"CurVer", _a20, 0); // executed
						_t140 = _t140 + 0x10;
						if(_t96 == 0) {
							goto L25;
						}
						_t128 = 1;
						goto L26;
					}
				}
			}










































                                                                                                                              0x004010c5
                                                                                                                              0x004010de
                                                                                                                              0x004010f0
                                                                                                                              0x004010f5
                                                                                                                              0x004010f8
                                                                                                                              0x00401104
                                                                                                                              0x0040110c
                                                                                                                              0x00000000
                                                                                                                              0x0040110e
                                                                                                                              0x00401119
                                                                                                                              0x00401133
                                                                                                                              0x0040114c
                                                                                                                              0x00401151
                                                                                                                              0x00401156
                                                                                                                              0x0040140e
                                                                                                                              0x00401410
                                                                                                                              0x00000000
                                                                                                                              0x00401175
                                                                                                                              0x00401189
                                                                                                                              0x0040118f
                                                                                                                              0x00401190
                                                                                                                              0x00401193
                                                                                                                              0x00401194
                                                                                                                              0x00401196
                                                                                                                              0x0040119b
                                                                                                                              0x004011a8
                                                                                                                              0x004011aa
                                                                                                                              0x004011bf
                                                                                                                              0x004011bf
                                                                                                                              0x004011c5
                                                                                                                              0x004011c7
                                                                                                                              0x004011ca
                                                                                                                              0x004011cb
                                                                                                                              0x004011cd
                                                                                                                              0x004011d2
                                                                                                                              0x004011d9
                                                                                                                              0x004011f9
                                                                                                                              0x004011db
                                                                                                                              0x004011db
                                                                                                                              0x004011e2
                                                                                                                              0x004011e8
                                                                                                                              0x004011f1
                                                                                                                              0x004011f1
                                                                                                                              0x00401207
                                                                                                                              0x00401218
                                                                                                                              0x00401232
                                                                                                                              0x00401246
                                                                                                                              0x00401251
                                                                                                                              0x00401261
                                                                                                                              0x00401266
                                                                                                                              0x0040127c
                                                                                                                              0x00401281
                                                                                                                              0x00401295
                                                                                                                              0x0040129a
                                                                                                                              0x0040129f
                                                                                                                              0x004012b3
                                                                                                                              0x004012b8
                                                                                                                              0x004012bd
                                                                                                                              0x004012cd
                                                                                                                              0x004012d2
                                                                                                                              0x004012d7
                                                                                                                              0x004012e3
                                                                                                                              0x004012e8
                                                                                                                              0x004012ed
                                                                                                                              0x004012fd
                                                                                                                              0x00401302
                                                                                                                              0x00401307
                                                                                                                              0x00401315
                                                                                                                              0x0040131a
                                                                                                                              0x0040131f
                                                                                                                              0x00401329
                                                                                                                              0x0040132e
                                                                                                                              0x00401333
                                                                                                                              0x00401342
                                                                                                                              0x00401347
                                                                                                                              0x0040134c
                                                                                                                              0x00401350
                                                                                                                              0x00401350
                                                                                                                              0x0040134c
                                                                                                                              0x00401333
                                                                                                                              0x0040131f
                                                                                                                              0x00401307
                                                                                                                              0x004012ed
                                                                                                                              0x004012d7
                                                                                                                              0x004012bd
                                                                                                                              0x00401352
                                                                                                                              0x00401358
                                                                                                                              0x0040135d
                                                                                                                              0x0040135d
                                                                                                                              0x00401361
                                                                                                                              0x00000000
                                                                                                                              0x00401367
                                                                                                                              0x00401376
                                                                                                                              0x0040137b
                                                                                                                              0x00401380
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00401398
                                                                                                                              0x0040139d
                                                                                                                              0x004013a2
                                                                                                                              0x004013c1
                                                                                                                              0x004013c1
                                                                                                                              0x004013c3
                                                                                                                              0x004013c6
                                                                                                                              0x004013ca
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004013db
                                                                                                                              0x004013e5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004013f7
                                                                                                                              0x00401404
                                                                                                                              0x00401408
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040140a
                                                                                                                              0x00401411
                                                                                                                              0x00000000
                                                                                                                              0x00401412
                                                                                                                              0x004013b0
                                                                                                                              0x004013b5
                                                                                                                              0x004013ba
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004013be
                                                                                                                              0x00000000
                                                                                                                              0x004013be
                                                                                                                              0x00401361

                                                                                                                              APIs
                                                                                                                              • StringFromGUID2.OLE32(?,?,00000040), ref: 00401104
                                                                                                                              • GetModuleFileNameW.KERNEL32(?,?,00000104), ref: 00401167
                                                                                                                              • RegCreateKeyExW.KERNELBASE(80000002,SOFTWARE\Classes\AppID\{3B29AB5C-52CB-4a36-9314-E3FEE0BA7468},00000000,00000000,00000000,00020006,00000000,?,00000000), ref: 00401189
                                                                                                                              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(O:BAG:BAD:(A;;0x3;;;IU)(A;;0x3;;;SY),00000001,?,00000000), ref: 0040119B
                                                                                                                              • GetSecurityDescriptorLength.ADVAPI32(?), ref: 004011B1
                                                                                                                              • RegSetValueExA.KERNELBASE(?,AccessPermission,00000000,00000003,?,00000000), ref: 004011BF
                                                                                                                              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(O:BAG:BAD:(A;;0xb;;;WD)S:(ML;;NX;;;LW),00000001,?,00000000), ref: 004011D2
                                                                                                                              • GetSecurityDescriptorLength.ADVAPI32(?,O:BAG:BAD:(A;;0xb;;;WD)S:(ML;;NX;;;LW),00000001,?,00000000), ref: 004011E2
                                                                                                                              • RegSetValueExA.KERNELBASE(?,LaunchPermission,00000000,00000003,?,00000000), ref: 004011F1
                                                                                                                              • RegCloseKey.ADVAPI32(?,O:BAG:BAD:(A;;0xb;;;WD)S:(ML;;NX;;;LW),00000001,?,00000000), ref: 00401218
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DescriptorSecurity$String$ConvertLengthValue$CloseCreateFileFromModuleName
                                                                                                                              • String ID: @%s,-%u$AccessPermission$AppID$AppId$Both$CLSID$CurVer$Elevation$Enabled$LaunchPermission$LocalServer32$LocalizedString$O:BAG:BAD:(A;;0x3;;;IU)(A;;0x3;;;SY)$O:BAG:BAD:(A;;0xb;;;WD)S:(ML;;NX;;;LW)$ProgID$SOFTWARE\Classes\AppID\elevator.exe$SOFTWARE\Classes\AppID\{3B29AB5C-52CB-4a36-9314-E3FEE0BA7468}$SOFTWARE\Classes\CLSID\%s$SSSh`TA$ThreadingModel$VersionIndependentProgID${3B29AB5C-52CB-4a36-9314-E3FEE0BA7468}
                                                                                                                              • API String ID: 666679190-101636184
                                                                                                                              • Opcode ID: d067f820293ba41d196996b8331927f73825a790f123a5bb43d1a91381be7b62
                                                                                                                              • Instruction ID: a0fbcfb787f7aa1bd44870b596449a8e43bc9b2d0ac08d50bcf276e53c478559
                                                                                                                              • Opcode Fuzzy Hash: d067f820293ba41d196996b8331927f73825a790f123a5bb43d1a91381be7b62
                                                                                                                              • Instruction Fuzzy Hash: 349181B290011CBEEB11AAA18C82FFF766DDB44744F1404B6FE04B11E1E679DE518AAD
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004015C4 Relevance: 6.1, APIs: 4, Instructions: 53registrystringCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 111 4015c4-4015ea RegCreateKeyExW 112 401639 111->112 113 4015ec-4015f1 111->113 115 40163b-40163e 112->115 113->112 114 4015f3-4015f6 113->114 116 4015f8-40161c lstrlenW RegSetValueExW 114->116 117 40161e-401623 114->117 116->117 118 401625-40162c RegCloseKey 117->118 119 40162e 117->119 120 401630-401637 118->120 119->120 120->115
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004015C4(void* __ecx, void* _a4, short* _a8, char* _a12, void** _a16) {
				void* _v8;
				long _t16;
				signed int _t17;
				void** _t18;
				long _t23;
				void* _t28;
				long _t30;

				_t16 = RegCreateKeyExW(_a4, _a8, 0, 0, 0, 0x20006, 0,  &_v8, 0); // executed
				_t30 = _t16;
				if(_t30 != 0) {
					L8:
					_t17 = 0;
				} else {
					_t28 = _v8;
					if(_t28 == 0) {
						goto L8;
					} else {
						if(_a12 != 0) {
							_t23 = RegSetValueExW(_v8, 0, 0, 1, _a12, 2 + lstrlenW(_a12) * 2); // executed
							_t28 = _v8;
							_t30 = _t23;
						}
						_t18 = _a16;
						if(_t18 != 0) {
							 *_t18 = _t28;
						} else {
							RegCloseKey(_t28);
						}
						_t17 = 0 | _t30 == 0x00000000;
					}
				}
				return _t17;
			}










                                                                                                                              0x004015e0
                                                                                                                              0x004015e6
                                                                                                                              0x004015ea
                                                                                                                              0x00401639
                                                                                                                              0x00401639
                                                                                                                              0x004015ec
                                                                                                                              0x004015ec
                                                                                                                              0x004015f1
                                                                                                                              0x00000000
                                                                                                                              0x004015f3
                                                                                                                              0x004015f6
                                                                                                                              0x00401613
                                                                                                                              0x00401619
                                                                                                                              0x0040161c
                                                                                                                              0x0040161c
                                                                                                                              0x0040161e
                                                                                                                              0x00401623
                                                                                                                              0x0040162e
                                                                                                                              0x00401625
                                                                                                                              0x00401626
                                                                                                                              0x00401626
                                                                                                                              0x00401634
                                                                                                                              0x00401634
                                                                                                                              0x004015f1
                                                                                                                              0x0040163e

                                                                                                                              APIs
                                                                                                                              • RegCreateKeyExW.KERNELBASE(?,?,00000000,00000000,00000000,00020006,00000000,?,00000000,00000104,00000000,?,?,00401151,80000002,?), ref: 004015E0
                                                                                                                              • lstrlenW.KERNEL32(?,?,?,00401151,80000002,?,?,?,?,00000104,SOFTWARE\Classes\CLSID\%s,?), ref: 004015FB
                                                                                                                              • RegSetValueExW.KERNELBASE(?,00000000,00000000,00000001,?,00000000,?,?,00401151,80000002,?,?,?,?,00000104,SOFTWARE\Classes\CLSID\%s), ref: 00401613
                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?,00401151,80000002,?,?,?,?,00000104,SOFTWARE\Classes\CLSID\%s,?), ref: 00401626
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseCreateValuelstrlen
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1356686001-0
                                                                                                                              • Opcode ID: fd51397e57393dde23d3dce6e386c9d6eb0a9973dd3b5bfbbbe3ec44c66d7e0c
                                                                                                                              • Instruction ID: efbecfa4a5c74c65320a83a43ad41ae42763176e809628dd11a48e43bfd3e94c
                                                                                                                              • Opcode Fuzzy Hash: fd51397e57393dde23d3dce6e386c9d6eb0a9973dd3b5bfbbbe3ec44c66d7e0c
                                                                                                                              • Instruction Fuzzy Hash: E3015E7161021DFFEF258FA4DD84EEB3B6DEB44384B044835F801A62A0D776CD119BA4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040163F Relevance: 6.0, APIs: 4, Instructions: 41registrystringCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 121 40163f-40165c RegOpenKeyExW 122 4016a2 121->122 123 40165e-401663 121->123 124 4016a4-4016a6 122->124 123->122 125 401665-401668 123->125 126 401692-4016a0 RegCloseKey 125->126 127 40166a-401690 lstrlenW RegSetValueExW 125->127 126->124 127->126
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E0040163F(void* __ecx, void* _a4, short* _a8, short* _a12, char* _a16) {
				void* _v8;
				int _t16;
				signed int _t17;
				int _t22;
				void* _t24;
				int _t26;

				_t16 = RegOpenKeyExW(_a4, _a8, 0, 2,  &_v8); // executed
				_t26 = _t16;
				if(_t26 != 0) {
					L5:
					_t17 = 0;
				} else {
					_t24 = _v8;
					if(_t24 == 0) {
						goto L5;
					} else {
						if(_a16 != _t16) {
							_t22 = RegSetValueExW(_v8, _a12, _t26, 1, _a16, 2 + lstrlenW(_a16) * 2); // executed
							_t24 = _v8;
							_t26 = _t22;
						}
						RegCloseKey(_t24); // executed
						_t17 = 0 | _t26 == 0x00000000;
					}
				}
				return _t17;
			}









                                                                                                                              0x00401652
                                                                                                                              0x00401658
                                                                                                                              0x0040165c
                                                                                                                              0x004016a2
                                                                                                                              0x004016a2
                                                                                                                              0x0040165e
                                                                                                                              0x0040165e
                                                                                                                              0x00401663
                                                                                                                              0x00000000
                                                                                                                              0x00401665
                                                                                                                              0x00401668
                                                                                                                              0x00401687
                                                                                                                              0x0040168d
                                                                                                                              0x00401690
                                                                                                                              0x00401690
                                                                                                                              0x00401693
                                                                                                                              0x0040169d
                                                                                                                              0x0040169d
                                                                                                                              0x00401663
                                                                                                                              0x004016a6

                                                                                                                              APIs
                                                                                                                              • RegOpenKeyExW.KERNELBASE(?,00000001,00000000,00000002,00000000,00000104,?,?,0040120C,?,00000000,00000000,?,O:BAG:BAD:(A;;0xb;;;WD)S:(ML;;NX;;;LW),00000001,?), ref: 00401652
                                                                                                                              • lstrlenW.KERNEL32(?,?,?,0040120C,?,00000000,00000000,?,O:BAG:BAD:(A;;0xb;;;WD)S:(ML;;NX;;;LW),00000001,?,00000000), ref: 0040166D
                                                                                                                              • RegSetValueExW.KERNELBASE(00000000,?,00000000,00000001,?,00000000,?,?,0040120C,?,00000000,00000000,?,O:BAG:BAD:(A;;0xb;;;WD)S:(ML;;NX;;;LW),00000001,?), ref: 00401687
                                                                                                                              • RegCloseKey.KERNELBASE(00000000,?,?,0040120C,?,00000000,00000000,?,O:BAG:BAD:(A;;0xb;;;WD)S:(ML;;NX;;;LW),00000001,?,00000000), ref: 00401693
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseOpenValuelstrlen
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2964171075-0
                                                                                                                              • Opcode ID: f99d5fc0d8ff5da3a24304ff3b21dcadf5ca17d2273f328ce9a0cd76833b8501
                                                                                                                              • Instruction ID: 3ef83497c2916a5731b2a34b9e0fa6d0facf46a73bf94a4a81f25d377ee5ef8d
                                                                                                                              • Opcode Fuzzy Hash: f99d5fc0d8ff5da3a24304ff3b21dcadf5ca17d2273f328ce9a0cd76833b8501
                                                                                                                              • Instruction Fuzzy Hash: 80016D31910219FBDF218FA0ED15BEE3B69EF88350F444425FC01A52A0D676CE20DAA4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004085A8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 128 4085a8-4085ba call 40c2c2 call 40c783 132 4085bf-4085c3 128->132 133 4085c5-4085c8 132->133 134 4085ca-4085d3 call 4085fa 132->134 135 4085ee-4085f9 call 409be4 133->135 139 4085d5-4085d8 134->139 140 4085da-4085e1 134->140 142 4085e6-4085ed call 409be4 139->142 140->142 142->135
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004085A8(void* __eax, void* __ebx, void* __ecx, void* __edx) {

				 *((intOrPtr*)(__ebx + __eax + 0x33)) =  *((intOrPtr*)(__ebx + __eax + 0x33)) + __edx;
			}



                                                                                                                              0x004085ad

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 0040C783: GetEnvironmentStringsW.KERNEL32 ref: 0040C78C
                                                                                                                                • Part of subcall function 0040C783: _free.LIBCMT ref: 0040C7EB
                                                                                                                                • Part of subcall function 0040C783: FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0040C7FA
                                                                                                                              • _free.LIBCMT ref: 004085E8
                                                                                                                              • _free.LIBCMT ref: 004085EF
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: _free$EnvironmentStrings$Free
                                                                                                                              • String ID: X R
                                                                                                                              • API String ID: 2490078468-2366616160
                                                                                                                              • Opcode ID: 24a3145db149e13f687d96edb17e4817b7c7960861ed54f30103ea787508c618
                                                                                                                              • Instruction ID: 45a2f43aa05b0ce4b80bbcd44e982b05e8c508bda5f408963dcae02d5a406c3a
                                                                                                                              • Opcode Fuzzy Hash: 24a3145db149e13f687d96edb17e4817b7c7960861ed54f30103ea787508c618
                                                                                                                              • Instruction Fuzzy Hash: D4E0E567A09612D6E322273B2D4166A27456B91338B15033FEC50FA1D3DEBC8802809E
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040C783 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 145 40c783-40c798 GetEnvironmentStringsW 146 40c7f3 145->146 147 40c79a-40c7bb call 40c74c call 40c695 145->147 148 40c7f5-40c7f7 146->148 147->146 155 40c7bd-40c7be call 409c1e 147->155 150 40c800-40c806 148->150 151 40c7f9-40c7fa FreeEnvironmentStringsW 148->151 151->150 157 40c7c3-40c7c8 155->157 158 40c7e8 157->158 159 40c7ca-40c7e0 call 40c695 157->159 161 40c7ea-40c7f1 call 409be4 158->161 159->158 164 40c7e2-40c7e6 159->164 161->148 164->161
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E0040C783(void* __ecx) {
				intOrPtr _v8;
				intOrPtr _t7;
				void* _t8;
				void* _t13;
				void* _t24;
				WCHAR* _t26;

				_t26 = GetEnvironmentStringsW();
				if(_t26 == 0) {
					L7:
					_t13 = 0;
				} else {
					_t17 = E0040C74C(_t26) - _t26 >> 1;
					_t7 = E0040C695(0, 0, _t26, E0040C74C(_t26) - _t26 >> 1, 0, 0, 0, 0);
					_v8 = _t7;
					if(_t7 == 0) {
						goto L7;
					} else {
						_t8 = E00409C1E(_t7); // executed
						_t24 = _t8;
						if(_t24 == 0 || E0040C695(0, 0, _t26, _t17, _t24, _v8, 0, 0) == 0) {
							_t13 = 0;
						} else {
							_t13 = _t24;
							_t24 = 0;
						}
						E00409BE4(_t24);
					}
				}
				if(_t26 != 0) {
					FreeEnvironmentStringsW(_t26);
				}
				return _t13;
			}









                                                                                                                              0x0040c792
                                                                                                                              0x0040c798
                                                                                                                              0x0040c7f3
                                                                                                                              0x0040c7f3
                                                                                                                              0x0040c79a
                                                                                                                              0x0040c7a8
                                                                                                                              0x0040c7ae
                                                                                                                              0x0040c7b6
                                                                                                                              0x0040c7bb
                                                                                                                              0x00000000
                                                                                                                              0x0040c7bd
                                                                                                                              0x0040c7be
                                                                                                                              0x0040c7c3
                                                                                                                              0x0040c7c8
                                                                                                                              0x0040c7e8
                                                                                                                              0x0040c7e2
                                                                                                                              0x0040c7e2
                                                                                                                              0x0040c7e4
                                                                                                                              0x0040c7e4
                                                                                                                              0x0040c7eb
                                                                                                                              0x0040c7f0
                                                                                                                              0x0040c7bb
                                                                                                                              0x0040c7f7
                                                                                                                              0x0040c7fa
                                                                                                                              0x0040c7fa
                                                                                                                              0x0040c806

                                                                                                                              APIs
                                                                                                                              • GetEnvironmentStringsW.KERNEL32 ref: 0040C78C
                                                                                                                              • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0040C7FA
                                                                                                                                • Part of subcall function 0040C695: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,00000000,004116C4,0000FDE9,00000000,?,?,?,0041143D,0000FDE9,00000000,?), ref: 0040C741
                                                                                                                                • Part of subcall function 00409C1E: RtlAllocateHeap.NTDLL(00000000,?,?,?,0040C14B,00000220,?,?,00000000,?,?,?,00406638,00401138,00000000,?), ref: 00409C50
                                                                                                                              • _free.LIBCMT ref: 0040C7EB
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: EnvironmentStrings$AllocateByteCharFreeHeapMultiWide_free
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2560199156-0
                                                                                                                              • Opcode ID: 14c402a7b7e2f197ea950a3d1ffa1177c881148782211be0073a041606a1fd84
                                                                                                                              • Instruction ID: 2da17145fccafd1adbc019337757fd511e234c44122ef586d31cfb2d5854d7e3
                                                                                                                              • Opcode Fuzzy Hash: 14c402a7b7e2f197ea950a3d1ffa1177c881148782211be0073a041606a1fd84
                                                                                                                              • Instruction Fuzzy Hash: 8501D863901612FBE32217BB5CC8C7F696DDAC6BA4314023AB900F72C1EF788D029579
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004016A7 Relevance: 4.5, APIs: 3, Instructions: 39registryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 166 4016a7-4016c4 RegOpenKeyExW 167 4016c6-4016cb 166->167 168 4016fa 166->168 167->168 169 4016cd-4016d0 167->169 170 4016fc-4016fe 168->170 171 4016d2-4016e8 RegSetValueExW 169->171 172 4016ea-4016f8 RegCloseKey 169->172 171->172 172->170
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004016A7(void* __ecx, void* _a4, short* _a8, short* _a12, char _a16) {
				void* _v8;
				int _t12;
				signed int _t13;
				int _t17;
				void* _t19;
				int _t21;

				_t12 = RegOpenKeyExW(_a4, _a8, 0, 2,  &_v8); // executed
				_t21 = _t12;
				if(_t21 != 0) {
					L5:
					_t13 = 0;
				} else {
					_t19 = _v8;
					if(_t19 == 0) {
						goto L5;
					} else {
						if(_a16 != _t12) {
							_t17 = RegSetValueExW(_t19, _a12, _t21, 4,  &_a16, 4); // executed
							_t19 = _v8;
							_t21 = _t17;
						}
						RegCloseKey(_t19);
						_t13 = 0 | _t21 == 0x00000000;
					}
				}
				return _t13;
			}









                                                                                                                              0x004016ba
                                                                                                                              0x004016c0
                                                                                                                              0x004016c4
                                                                                                                              0x004016fa
                                                                                                                              0x004016fa
                                                                                                                              0x004016c6
                                                                                                                              0x004016c6
                                                                                                                              0x004016cb
                                                                                                                              0x00000000
                                                                                                                              0x004016cd
                                                                                                                              0x004016d0
                                                                                                                              0x004016df
                                                                                                                              0x004016e5
                                                                                                                              0x004016e8
                                                                                                                              0x004016e8
                                                                                                                              0x004016eb
                                                                                                                              0x004016f5
                                                                                                                              0x004016f5
                                                                                                                              0x004016cb
                                                                                                                              0x004016fe

                                                                                                                              APIs
                                                                                                                              • RegOpenKeyExW.KERNELBASE(?,?,00000000,00000002,00000001,?,?,?,00401347,?,Elevation,Enabled,00000001), ref: 004016BA
                                                                                                                              • RegSetValueExW.KERNELBASE(00000001,?,00000000,00000004,00401347,00000004,?,?,00401347,?,Elevation,Enabled,00000001), ref: 004016DF
                                                                                                                              • RegCloseKey.ADVAPI32(00000001,?,?,00401347,?,Elevation,Enabled,00000001), ref: 004016EB
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseOpenValue
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 779948276-0
                                                                                                                              • Opcode ID: 8f7e99256b95b0f97d948c0fab477fb047b507a53aed4723a04bc882984faac3
                                                                                                                              • Instruction ID: d4f4daf64c7f02f771d16f6b2336954770a15ba166ec80089c63179343338de4
                                                                                                                              • Opcode Fuzzy Hash: 8f7e99256b95b0f97d948c0fab477fb047b507a53aed4723a04bc882984faac3
                                                                                                                              • Instruction Fuzzy Hash: 0BF06275611219FBDF24DFA0DC15FEB3BA8EF48750F044529BE02A62A0D675DE00DAA4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040C8D8 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 184 40c8d8-40c8e5 call 40b378 186 40c8ea-40c8f5 184->186 187 40c8f7-40c8f9 186->187 188 40c8fb-40c903 186->188 189 40c946-40c952 call 409be4 187->189 188->189 190 40c905-40c909 188->190 191 40c90b-40c940 call 40d5b3 190->191 196 40c942-40c945 191->196 196->189
                                                                                                                              C-Code - Quality: 95%
                                                                                                                              			E0040C8D8(void* __edi, void* __eflags) {
				intOrPtr _v12;
				char _t17;
				void* _t18;
				intOrPtr* _t32;
				char _t35;
				void* _t37;

				_push(_t27);
				_t17 = E0040B378(0x40, 0x38); // executed
				_t35 = _t17;
				_v12 = _t35;
				if(_t35 != 0) {
					_t2 = _t35 + 0xe00; // 0xe00
					_t18 = _t2;
					__eflags = _t35 - _t18;
					if(__eflags != 0) {
						_t3 = _t35 + 0x20; // 0x20
						_t32 = _t3;
						_t37 = _t18;
						do {
							_t4 = _t32 - 0x20; // 0x0
							E0040D5B3(__eflags, _t4, 0xfa0, 0);
							 *(_t32 - 8) =  *(_t32 - 8) | 0xffffffff;
							 *(_t32 + 0xd) =  *(_t32 + 0xd) & 0x000000f8;
							 *_t32 = 0;
							_t32 = _t32 + 0x38;
							 *((intOrPtr*)(_t32 - 0x34)) = 0;
							 *((intOrPtr*)(_t32 - 0x30)) = 0xa0a0000;
							 *((char*)(_t32 - 0x2c)) = 0xa;
							 *((intOrPtr*)(_t32 - 0x2a)) = 0;
							 *((char*)(_t32 - 0x26)) = 0;
							__eflags = _t32 - 0x20 - _t37;
						} while (__eflags != 0);
						_t35 = _v12;
					}
				} else {
					_t35 = 0;
				}
				E00409BE4(0);
				return _t35;
			}









                                                                                                                              0x0040c8de
                                                                                                                              0x0040c8e5
                                                                                                                              0x0040c8ea
                                                                                                                              0x0040c8ee
                                                                                                                              0x0040c8f5
                                                                                                                              0x0040c8fb
                                                                                                                              0x0040c8fb
                                                                                                                              0x0040c901
                                                                                                                              0x0040c903
                                                                                                                              0x0040c906
                                                                                                                              0x0040c906
                                                                                                                              0x0040c909
                                                                                                                              0x0040c90b
                                                                                                                              0x0040c911
                                                                                                                              0x0040c915
                                                                                                                              0x0040c91a
                                                                                                                              0x0040c91e
                                                                                                                              0x0040c922
                                                                                                                              0x0040c924
                                                                                                                              0x0040c927
                                                                                                                              0x0040c92d
                                                                                                                              0x0040c934
                                                                                                                              0x0040c938
                                                                                                                              0x0040c93b
                                                                                                                              0x0040c93e
                                                                                                                              0x0040c93e
                                                                                                                              0x0040c942
                                                                                                                              0x0040c945
                                                                                                                              0x0040c8f7
                                                                                                                              0x0040c8f7
                                                                                                                              0x0040c8f7
                                                                                                                              0x0040c947
                                                                                                                              0x0040c952

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 0040B378: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,0040A2ED,00000001,00000364,00000006,000000FF,?,00000000,00409BD6,00409C0A,?,?,00408F39), ref: 0040B3B9
                                                                                                                              • _free.LIBCMT ref: 0040C947
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AllocateHeap_free
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 614378929-0
                                                                                                                              • Opcode ID: 92f715007d20b11f1e0677d40cf6ca83d98cd006cc59e856988050738326917f
                                                                                                                              • Instruction ID: 38e77cbeef52a5729c48a75e51499613634491e54a8c4426e481d56b9aa9fd58
                                                                                                                              • Opcode Fuzzy Hash: 92f715007d20b11f1e0677d40cf6ca83d98cd006cc59e856988050738326917f
                                                                                                                              • Instruction Fuzzy Hash: 4401D6B2A04356ABC3218F69C8C599AFB98FB053B0F14473EE555B76C0D3746C11CBA8
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040B378 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 197 40b378-40b383 198 40b391-40b397 197->198 199 40b385-40b38f 197->199 201 40b3b0-40b3c1 RtlAllocateHeap 198->201 202 40b399-40b39a 198->202 199->198 200 40b3c5-40b3d0 call 409bd1 199->200 207 40b3d2-40b3d4 200->207 203 40b3c3 201->203 204 40b39c-40b3a3 call 408c4b 201->204 202->201 203->207 204->200 210 40b3a5-40b3ae call 40d81d 204->210 210->200 210->201
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E0040B378(signed int _a4, signed int _a8) {
				void* _t8;
				signed int _t13;
				signed int _t18;
				long _t19;

				_t18 = _a4;
				if(_t18 == 0) {
					L2:
					_t19 = _t18 * _a8;
					if(_t19 == 0) {
						_t19 = _t19 + 1;
					}
					while(1) {
						_t8 = RtlAllocateHeap( *0x41f338, 8, _t19); // executed
						if(_t8 != 0) {
							break;
						}
						__eflags = E00408C4B();
						if(__eflags == 0) {
							L8:
							 *((intOrPtr*)(E00409BD1(__eflags))) = 0xc;
							__eflags = 0;
							return 0;
						}
						__eflags = E0040D81D(__eflags, _t19);
						if(__eflags == 0) {
							goto L8;
						}
					}
					return _t8;
				}
				_t13 = 0xffffffe0;
				if(_t13 / _t18 < _a8) {
					goto L8;
				}
				goto L2;
			}







                                                                                                                              0x0040b37e
                                                                                                                              0x0040b383
                                                                                                                              0x0040b391
                                                                                                                              0x0040b391
                                                                                                                              0x0040b397
                                                                                                                              0x0040b399
                                                                                                                              0x0040b399
                                                                                                                              0x0040b3b0
                                                                                                                              0x0040b3b9
                                                                                                                              0x0040b3c1
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040b3a1
                                                                                                                              0x0040b3a3
                                                                                                                              0x0040b3c5
                                                                                                                              0x0040b3ca
                                                                                                                              0x0040b3d0
                                                                                                                              0x00000000
                                                                                                                              0x0040b3d0
                                                                                                                              0x0040b3ac
                                                                                                                              0x0040b3ae
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040b3ae
                                                                                                                              0x00000000
                                                                                                                              0x0040b3b0
                                                                                                                              0x0040b389
                                                                                                                              0x0040b38f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,0040A2ED,00000001,00000364,00000006,000000FF,?,00000000,00409BD6,00409C0A,?,?,00408F39), ref: 0040B3B9
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AllocateHeap
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1279760036-0
                                                                                                                              • Opcode ID: a0b6761385ea496f1b3746675ac922532dcb11b633a84c4e6317d799f239388e
                                                                                                                              • Instruction ID: 684e5755fb36bdd7d424e99b24f00adebcbdc9250d1cf5f330b62b2846d83208
                                                                                                                              • Opcode Fuzzy Hash: a0b6761385ea496f1b3746675ac922532dcb11b633a84c4e6317d799f239388e
                                                                                                                              • Instruction Fuzzy Hash: FDF0B432505624A6DB266A629C06B5B3758EF41770B258037AC14B72C4DB38EC1147ED
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00409C1E Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 213 409c1e-409c2a 214 409c5c-409c67 call 409bd1 213->214 215 409c2c-409c2e 213->215 223 409c69-409c6b 214->223 216 409c30-409c31 215->216 217 409c47-409c58 RtlAllocateHeap 215->217 216->217 219 409c33-409c3a call 408c4b 217->219 220 409c5a 217->220 219->214 225 409c3c-409c45 call 40d81d 219->225 220->223 225->214 225->217
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00409C1E(long _a4) {
				void* _t4;
				long _t8;

				_t8 = _a4;
				if(_t8 > 0xffffffe0) {
					L7:
					 *((intOrPtr*)(E00409BD1(__eflags))) = 0xc;
					__eflags = 0;
					return 0;
				}
				if(_t8 == 0) {
					_t8 = _t8 + 1;
				}
				while(1) {
					_t4 = RtlAllocateHeap( *0x41f338, 0, _t8); // executed
					if(_t4 != 0) {
						break;
					}
					__eflags = E00408C4B();
					if(__eflags == 0) {
						goto L7;
					}
					__eflags = E0040D81D(__eflags, _t8);
					if(__eflags == 0) {
						goto L7;
					}
				}
				return _t4;
			}





                                                                                                                              0x00409c24
                                                                                                                              0x00409c2a
                                                                                                                              0x00409c5c
                                                                                                                              0x00409c61
                                                                                                                              0x00409c67
                                                                                                                              0x00000000
                                                                                                                              0x00409c67
                                                                                                                              0x00409c2e
                                                                                                                              0x00409c30
                                                                                                                              0x00409c30
                                                                                                                              0x00409c47
                                                                                                                              0x00409c50
                                                                                                                              0x00409c58
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00409c38
                                                                                                                              0x00409c3a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00409c43
                                                                                                                              0x00409c45
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00409c45
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • RtlAllocateHeap.NTDLL(00000000,?,?,?,0040C14B,00000220,?,?,00000000,?,?,?,00406638,00401138,00000000,?), ref: 00409C50
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AllocateHeap
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1279760036-0
                                                                                                                              • Opcode ID: 092f3c4406aa4a6e29996bd75a78a6d608aa2e64f623ce96311465c9744cc9df
                                                                                                                              • Instruction ID: 1e9b60aa4d97d42b2d08c44c35d324aa4b709a0e9d21dc409a50fb734510b5c1
                                                                                                                              • Opcode Fuzzy Hash: 092f3c4406aa4a6e29996bd75a78a6d608aa2e64f623ce96311465c9744cc9df
                                                                                                                              • Instruction Fuzzy Hash: 15E0ED22E4922466FA2136B69C01B9B3ACC9F417B0F088133AC50B62C3CB3CCC4281AD
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Non-executed Functions

                                                                                                                              Function 00401ACD Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 93fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00401ACD(intOrPtr* _a4, WCHAR* _a8) {
				struct _WIN32_FIND_DATAW _v596;
				short _v1116;
				short _v1636;
				void* __edi;
				WCHAR* _t41;
				intOrPtr* _t58;
				void* _t60;
				void* _t61;
				void* _t62;
				void* _t63;

				E00404680(_t60,  &_v1636, 0, 0x208);
				E00404680(_t60,  &_v596, 0, 0x250);
				_t63 = _t62 + 0x18;
				PathCombineW( &_v1636, _a8, L"*.*");
				_t61 = FindFirstFileW( &_v1636,  &_v596);
				if(_t61 == 0xffffffff) {
					L9:
					RemoveDirectoryW(_a8);
					return 0;
				} else {
					goto L1;
				}
				do {
					L1:
					E00404680(_t61,  &_v1116, 0, 0x208);
					_t63 = _t63 + 0xc;
					PathCombineW( &_v1116, _a8,  &(_v596.cFileName));
					if((_v596.dwFileAttributes & 0x00000010) == 0) {
						_t41 = DeleteFileW( &_v1116);
						if(_t41 == 0) {
							MoveFileExW( &_v1116, _t41, 4);
							MoveFileExW(_a8, 0, 4);
						}
					} else {
						if(E00407ACA( &(_v596.cFileName), ".") != 0 && E00407ACA( &(_v596.cFileName), L"..") != 0) {
							_t58 = _a4;
							 *((intOrPtr*)( *_t58 + 0x64))(_t58,  &_v1116);
						}
					}
				} while (FindNextFileW(_t61,  &_v596) != 0);
				FindClose(_t61);
				goto L9;
			}













                                                                                                                              0x00401ae5
                                                                                                                              0x00401af8
                                                                                                                              0x00401afd
                                                                                                                              0x00401b0f
                                                                                                                              0x00401b29
                                                                                                                              0x00401b2e
                                                                                                                              0x00401bf5
                                                                                                                              0x00401bf8
                                                                                                                              0x00401c02
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00401b34
                                                                                                                              0x00401b34
                                                                                                                              0x00401b42
                                                                                                                              0x00401b47
                                                                                                                              0x00401b5b
                                                                                                                              0x00401b68
                                                                                                                              0x00401bb1
                                                                                                                              0x00401bb9
                                                                                                                              0x00401bc5
                                                                                                                              0x00401bd2
                                                                                                                              0x00401bd2
                                                                                                                              0x00401b6a
                                                                                                                              0x00401b7f
                                                                                                                              0x00401b98
                                                                                                                              0x00401ba5
                                                                                                                              0x00401ba5
                                                                                                                              0x00401b7f
                                                                                                                              0x00401be6
                                                                                                                              0x00401bef
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • PathCombineW.SHLWAPI(?,?,*.*), ref: 00401B0F
                                                                                                                              • FindFirstFileW.KERNEL32(?,?), ref: 00401B23
                                                                                                                              • PathCombineW.SHLWAPI(?,?,?), ref: 00401B5B
                                                                                                                              • DeleteFileW.KERNEL32(?), ref: 00401BB1
                                                                                                                              • MoveFileExW.KERNEL32(?,00000000,00000004), ref: 00401BC5
                                                                                                                              • MoveFileExW.KERNEL32(?,00000000,00000004), ref: 00401BD2
                                                                                                                              • FindNextFileW.KERNEL32(00000000,00000010), ref: 00401BE0
                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00401BEF
                                                                                                                              • RemoveDirectoryW.KERNEL32(?), ref: 00401BF8
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: File$Find$CombineMovePath$CloseDeleteDirectoryFirstNextRemove
                                                                                                                              • String ID: *.*
                                                                                                                              • API String ID: 893990999-438819550
                                                                                                                              • Opcode ID: fc858a6fd5c336726a555b6cb2ccdcd46e4b96652ad4e82ca2e0fc18ea53b8ce
                                                                                                                              • Instruction ID: 5b715193cd839168fa8de1bfcbaad6da7288f1e0616191f880a39d85d2830ee8
                                                                                                                              • Opcode Fuzzy Hash: fc858a6fd5c336726a555b6cb2ccdcd46e4b96652ad4e82ca2e0fc18ea53b8ce
                                                                                                                              • Instruction Fuzzy Hash: 50318171900608BBDB209BA0DC4DFDA77BCAB84315F0445BAF604F60D1EB79EA448B18
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00403E5A Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 85%
                                                                                                                              			E00403E5A(intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4) {
				char _v0;
				struct _EXCEPTION_POINTERS _v12;
				intOrPtr _v80;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v608;
				intOrPtr _v612;
				void* _v616;
				intOrPtr _v620;
				char _v624;
				intOrPtr _v628;
				intOrPtr _v632;
				intOrPtr _v636;
				intOrPtr _v640;
				intOrPtr _v644;
				intOrPtr _v648;
				intOrPtr _v652;
				intOrPtr _v656;
				intOrPtr _v660;
				intOrPtr _v664;
				intOrPtr _v668;
				char _v808;
				char* _t39;
				long _t49;
				intOrPtr _t51;
				void* _t54;
				intOrPtr _t55;
				intOrPtr _t57;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr* _t60;

				_t59 = __esi;
				_t58 = __edi;
				_t57 = __edx;
				if(IsProcessorFeaturePresent(0x17) != 0) {
					_t55 = _a4;
					asm("int 0x29");
				}
				E00404050(_t34);
				 *_t60 = 0x2cc;
				_v632 = E00404680(_t58,  &_v808, 0, 3);
				_v636 = _t55;
				_v640 = _t57;
				_v644 = _t51;
				_v648 = _t59;
				_v652 = _t58;
				_v608 = ss;
				_v620 = cs;
				_v656 = ds;
				_v660 = es;
				_v664 = fs;
				_v668 = gs;
				asm("pushfd");
				_pop( *_t15);
				_v624 = _v0;
				_t39 =  &_v0;
				_v612 = _t39;
				_v808 = 0x10001;
				_v628 =  *((intOrPtr*)(_t39 - 4));
				E00404680(_t58,  &_v92, 0, 0x50);
				_v92 = 0x40000015;
				_v88 = 1;
				_v80 = _v0;
				_t28 = IsDebuggerPresent() - 1; // -1
				_v12.ExceptionRecord =  &_v92;
				asm("sbb bl, bl");
				_v12.ContextRecord =  &_v808;
				_t54 =  ~_t28 + 1;
				SetUnhandledExceptionFilter(0);
				_t49 = UnhandledExceptionFilter( &_v12);
				if(_t49 == 0 && _t54 == 0) {
					_push(3);
					return E00404050(_t49);
				}
				return _t49;
			}


































                                                                                                                              0x00403e5a
                                                                                                                              0x00403e5a
                                                                                                                              0x00403e5a
                                                                                                                              0x00403e6e
                                                                                                                              0x00403e70
                                                                                                                              0x00403e73
                                                                                                                              0x00403e73
                                                                                                                              0x00403e77
                                                                                                                              0x00403e7c
                                                                                                                              0x00403e94
                                                                                                                              0x00403e9a
                                                                                                                              0x00403ea0
                                                                                                                              0x00403ea6
                                                                                                                              0x00403eac
                                                                                                                              0x00403eb2
                                                                                                                              0x00403eb8
                                                                                                                              0x00403ebf
                                                                                                                              0x00403ec6
                                                                                                                              0x00403ecd
                                                                                                                              0x00403ed4
                                                                                                                              0x00403edb
                                                                                                                              0x00403ee2
                                                                                                                              0x00403ee3
                                                                                                                              0x00403eec
                                                                                                                              0x00403ef2
                                                                                                                              0x00403ef5
                                                                                                                              0x00403efb
                                                                                                                              0x00403f0a
                                                                                                                              0x00403f16
                                                                                                                              0x00403f21
                                                                                                                              0x00403f28
                                                                                                                              0x00403f2f
                                                                                                                              0x00403f3a
                                                                                                                              0x00403f42
                                                                                                                              0x00403f4b
                                                                                                                              0x00403f4d
                                                                                                                              0x00403f50
                                                                                                                              0x00403f52
                                                                                                                              0x00403f5c
                                                                                                                              0x00403f64
                                                                                                                              0x00403f6a
                                                                                                                              0x00000000
                                                                                                                              0x00403f71
                                                                                                                              0x00403f74

                                                                                                                              APIs
                                                                                                                              • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00403E66
                                                                                                                              • IsDebuggerPresent.KERNEL32 ref: 00403F32
                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00403F52
                                                                                                                              • UnhandledExceptionFilter.KERNEL32(?), ref: 00403F5C
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 254469556-0
                                                                                                                              • Opcode ID: a8a425ed06279cf5153bbafd1ab7da1f65253e67e30658fa2cb4d69de474cfa7
                                                                                                                              • Instruction ID: 92c732ad36eb376624f4040282d8fe7710f035e6eab3c71a6beb7f0c4d4e7056
                                                                                                                              • Opcode Fuzzy Hash: a8a425ed06279cf5153bbafd1ab7da1f65253e67e30658fa2cb4d69de474cfa7
                                                                                                                              • Instruction Fuzzy Hash: C0314BB5D01218DBDF10DFA1D989BCDBBB8BF08304F1041AAE50CAB290EB755B848F49
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00409968 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 78%
                                                                                                                              			E00409968(intOrPtr __ebx, intOrPtr __edx, intOrPtr __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v0;
				signed int _v8;
				intOrPtr _v524;
				intOrPtr _v528;
				void* _v532;
				intOrPtr _v536;
				char _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				intOrPtr _v580;
				intOrPtr _v584;
				char _v724;
				intOrPtr _v792;
				intOrPtr _v800;
				char _v804;
				struct _EXCEPTION_POINTERS _v812;
				void* __edi;
				signed int _t40;
				char* _t47;
				char* _t49;
				intOrPtr _t60;
				intOrPtr _t61;
				intOrPtr _t65;
				intOrPtr _t66;
				int _t67;
				intOrPtr _t68;
				signed int _t69;

				_t68 = __esi;
				_t65 = __edx;
				_t60 = __ebx;
				_t40 =  *0x41e018; // 0x8d57f5bb
				_t41 = _t40 ^ _t69;
				_v8 = _t40 ^ _t69;
				if(_a4 != 0xffffffff) {
					_push(_a4);
					E00404050(_t41);
					_pop(_t61);
				}
				E00404680(_t66,  &_v804, 0, 0x50);
				E00404680(_t66,  &_v724, 0, 0x2cc);
				_v812.ExceptionRecord =  &_v804;
				_t47 =  &_v724;
				_v812.ContextRecord = _t47;
				_v548 = _t47;
				_v552 = _t61;
				_v556 = _t65;
				_v560 = _t60;
				_v564 = _t68;
				_v568 = _t66;
				_v524 = ss;
				_v536 = cs;
				_v572 = ds;
				_v576 = es;
				_v580 = fs;
				_v584 = gs;
				asm("pushfd");
				_pop( *_t22);
				_v540 = _v0;
				_t49 =  &_v0;
				_v528 = _t49;
				_v724 = 0x10001;
				_v544 =  *((intOrPtr*)(_t49 - 4));
				_v804 = _a8;
				_v800 = _a12;
				_v792 = _v0;
				_t67 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(0);
				if(UnhandledExceptionFilter( &_v812) == 0 && _t67 == 0 && _a4 != 0xffffffff) {
					_push(_a4);
					_t57 = E00404050(_t57);
				}
				return E004042D2(_t57, _t60, _v8 ^ _t69, _t65, _t67, _t68);
			}





































                                                                                                                              0x00409968
                                                                                                                              0x00409968
                                                                                                                              0x00409968
                                                                                                                              0x00409973
                                                                                                                              0x00409978
                                                                                                                              0x0040997a
                                                                                                                              0x00409982
                                                                                                                              0x00409984
                                                                                                                              0x00409987
                                                                                                                              0x0040998c
                                                                                                                              0x0040998c
                                                                                                                              0x00409998
                                                                                                                              0x004099ab
                                                                                                                              0x004099b9
                                                                                                                              0x004099bf
                                                                                                                              0x004099c5
                                                                                                                              0x004099cb
                                                                                                                              0x004099d1
                                                                                                                              0x004099d7
                                                                                                                              0x004099dd
                                                                                                                              0x004099e3
                                                                                                                              0x004099e9
                                                                                                                              0x004099ef
                                                                                                                              0x004099f6
                                                                                                                              0x004099fd
                                                                                                                              0x00409a04
                                                                                                                              0x00409a0b
                                                                                                                              0x00409a12
                                                                                                                              0x00409a19
                                                                                                                              0x00409a1a
                                                                                                                              0x00409a23
                                                                                                                              0x00409a29
                                                                                                                              0x00409a2c
                                                                                                                              0x00409a32
                                                                                                                              0x00409a3f
                                                                                                                              0x00409a48
                                                                                                                              0x00409a51
                                                                                                                              0x00409a5a
                                                                                                                              0x00409a68
                                                                                                                              0x00409a6a
                                                                                                                              0x00409a7f
                                                                                                                              0x00409a8b
                                                                                                                              0x00409a8e
                                                                                                                              0x00409a93
                                                                                                                              0x00409aa0

                                                                                                                              APIs
                                                                                                                              • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00409A60
                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00409A6A
                                                                                                                              • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 00409A77
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3906539128-0
                                                                                                                              • Opcode ID: 8ed4ee4138e913782b3b25c7a9bba293db2bbbb0676a03e8a48e7569db3f4ef4
                                                                                                                              • Instruction ID: 944c1c294cd931e8d5e75fc50311252b283b80a099eed5c05427f3fcaa83eadd
                                                                                                                              • Opcode Fuzzy Hash: 8ed4ee4138e913782b3b25c7a9bba293db2bbbb0676a03e8a48e7569db3f4ef4
                                                                                                                              • Instruction Fuzzy Hash: 9E31C5B49012289BCB21DF65D8897CDBBB8BF48310F5045EAE51CA7291E7749F858F48
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004040F5 Relevance: 1.6, APIs: 1, Instructions: 144COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 88%
                                                                                                                              			E004040F5(signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _t60;
				signed int _t61;
				signed int _t62;
				signed int _t63;
				signed int _t66;
				signed int _t67;
				signed int _t73;
				intOrPtr _t74;
				intOrPtr _t75;
				intOrPtr* _t77;
				signed int _t78;
				intOrPtr* _t82;
				signed int _t85;
				signed int _t90;
				intOrPtr* _t93;
				signed int _t96;
				signed int _t99;
				signed int _t104;

				_t90 = __edx;
				 *0x41e988 =  *0x41e988 & 0x00000000;
				 *0x41e010 =  *0x41e010 | 0x00000001;
				if(IsProcessorFeaturePresent(0xa) == 0) {
					L23:
					return 0;
				}
				_v20 = _v20 & 0x00000000;
				_push(_t74);
				_t93 =  &_v40;
				asm("cpuid");
				_t75 = _t74;
				 *_t93 = 0;
				 *((intOrPtr*)(_t93 + 4)) = _t74;
				 *((intOrPtr*)(_t93 + 8)) = 0;
				 *(_t93 + 0xc) = _t90;
				_v16 = _v40;
				_v12 = _v28 ^ 0x49656e69;
				_v8 = _v36 ^ 0x756e6547;
				_push(_t75);
				asm("cpuid");
				_t77 =  &_v40;
				 *_t77 = 1;
				 *((intOrPtr*)(_t77 + 4)) = _t75;
				 *((intOrPtr*)(_t77 + 8)) = 0;
				 *(_t77 + 0xc) = _t90;
				if((_v8 | _v32 ^ 0x6c65746e | _v12) != 0) {
					L9:
					_t96 =  *0x41e98c; // 0x2
					L10:
					_t85 = _v32;
					_t60 = 7;
					_v8 = _t85;
					if(_v16 < _t60) {
						_t78 = _v20;
					} else {
						_push(_t77);
						asm("cpuid");
						_t82 =  &_v40;
						 *_t82 = _t60;
						 *((intOrPtr*)(_t82 + 4)) = _t77;
						 *((intOrPtr*)(_t82 + 8)) = 0;
						_t85 = _v8;
						 *(_t82 + 0xc) = _t90;
						_t78 = _v36;
						if((_t78 & 0x00000200) != 0) {
							 *0x41e98c = _t96 | 0x00000002;
						}
					}
					_t61 =  *0x41e010; // 0x6f
					_t62 = _t61 | 0x00000002;
					 *0x41e988 = 1;
					 *0x41e010 = _t62;
					if((_t85 & 0x00100000) != 0) {
						_t63 = _t62 | 0x00000004;
						 *0x41e988 = 2;
						 *0x41e010 = _t63;
						if((_t85 & 0x08000000) != 0 && (_t85 & 0x10000000) != 0) {
							asm("xgetbv");
							_v24 = _t63;
							_v20 = _t90;
							_t104 = 6;
							if((_v24 & _t104) == _t104) {
								_t66 =  *0x41e010; // 0x6f
								_t67 = _t66 | 0x00000008;
								 *0x41e988 = 3;
								 *0x41e010 = _t67;
								if((_t78 & 0x00000020) != 0) {
									 *0x41e988 = 5;
									 *0x41e010 = _t67 | 0x00000020;
									if((_t78 & 0xd0030000) == 0xd0030000 && (_v24 & 0x000000e0) == 0xe0) {
										 *0x41e010 =  *0x41e010 | 0x00000040;
										 *0x41e988 = _t104;
									}
								}
							}
						}
					}
					goto L23;
				}
				_t73 = _v40 & 0x0fff3ff0;
				if(_t73 == 0x106c0 || _t73 == 0x20660 || _t73 == 0x20670 || _t73 == 0x30650 || _t73 == 0x30660 || _t73 == 0x30670) {
					_t99 =  *0x41e98c; // 0x2
					_t96 = _t99 | 0x00000001;
					 *0x41e98c = _t96;
					goto L10;
				} else {
					goto L9;
				}
			}






























                                                                                                                              0x004040f5
                                                                                                                              0x004040f8
                                                                                                                              0x00404102
                                                                                                                              0x00404113
                                                                                                                              0x004042c2
                                                                                                                              0x004042c5
                                                                                                                              0x004042c5
                                                                                                                              0x00404119
                                                                                                                              0x0040411f
                                                                                                                              0x00404124
                                                                                                                              0x00404128
                                                                                                                              0x0040412c
                                                                                                                              0x0040412d
                                                                                                                              0x0040412f
                                                                                                                              0x00404132
                                                                                                                              0x00404137
                                                                                                                              0x00404140
                                                                                                                              0x00404151
                                                                                                                              0x0040415c
                                                                                                                              0x00404162
                                                                                                                              0x00404163
                                                                                                                              0x00404168
                                                                                                                              0x0040416b
                                                                                                                              0x00404170
                                                                                                                              0x00404178
                                                                                                                              0x0040417b
                                                                                                                              0x0040417e
                                                                                                                              0x004041c3
                                                                                                                              0x004041c3
                                                                                                                              0x004041c9
                                                                                                                              0x004041c9
                                                                                                                              0x004041ce
                                                                                                                              0x004041cf
                                                                                                                              0x004041d5
                                                                                                                              0x00404206
                                                                                                                              0x004041d7
                                                                                                                              0x004041d9
                                                                                                                              0x004041da
                                                                                                                              0x004041df
                                                                                                                              0x004041e2
                                                                                                                              0x004041e4
                                                                                                                              0x004041e7
                                                                                                                              0x004041ea
                                                                                                                              0x004041ed
                                                                                                                              0x004041f0
                                                                                                                              0x004041f9
                                                                                                                              0x004041fe
                                                                                                                              0x004041fe
                                                                                                                              0x004041f9
                                                                                                                              0x00404209
                                                                                                                              0x0040420e
                                                                                                                              0x00404211
                                                                                                                              0x0040421b
                                                                                                                              0x00404226
                                                                                                                              0x0040422c
                                                                                                                              0x0040422f
                                                                                                                              0x00404239
                                                                                                                              0x00404244
                                                                                                                              0x00404250
                                                                                                                              0x00404253
                                                                                                                              0x00404256
                                                                                                                              0x00404261
                                                                                                                              0x00404266
                                                                                                                              0x00404268
                                                                                                                              0x0040426d
                                                                                                                              0x00404270
                                                                                                                              0x0040427a
                                                                                                                              0x00404282
                                                                                                                              0x00404287
                                                                                                                              0x00404291
                                                                                                                              0x0040429f
                                                                                                                              0x004042b2
                                                                                                                              0x004042b9
                                                                                                                              0x004042b9
                                                                                                                              0x0040429f
                                                                                                                              0x00404282
                                                                                                                              0x00404266
                                                                                                                              0x00404244
                                                                                                                              0x00000000
                                                                                                                              0x004042c1
                                                                                                                              0x00404183
                                                                                                                              0x0040418d
                                                                                                                              0x004041b2
                                                                                                                              0x004041b8
                                                                                                                              0x004041bb
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 0040410B
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FeaturePresentProcessor
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2325560087-0
                                                                                                                              • Opcode ID: 33327a87950da66f914660ce83c3c1ef16fc2c9fa5e98065704855684f2d8423
                                                                                                                              • Instruction ID: a31575f2bd0d05afe571fddc5e7b54e4f0b05563eb037c817b4edffc9c1ab56d
                                                                                                                              • Opcode Fuzzy Hash: 33327a87950da66f914660ce83c3c1ef16fc2c9fa5e98065704855684f2d8423
                                                                                                                              • Instruction Fuzzy Hash: 30519FF5A116198FDB24CF55D8857AABBF0FB88340F24847AD911EB390D3799940CF98
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040C8A7 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E0040C8A7(void* __ecx) {
				char _v8;
				intOrPtr _t7;
				char _t13;

				_t13 = 0;
				_v8 = 0;
				_t7 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
				_t16 =  *((intOrPtr*)(_t7 + 8));
				if( *((intOrPtr*)(_t7 + 8)) < 0) {
					L2:
					_t13 = 1;
				} else {
					E0040D455(_t16,  &_v8);
					if(_v8 != 1) {
						goto L2;
					}
				}
				return _t13;
			}






                                                                                                                              0x0040c8b4
                                                                                                                              0x0040c8b6
                                                                                                                              0x0040c8b9
                                                                                                                              0x0040c8bc
                                                                                                                              0x0040c8bf
                                                                                                                              0x0040c8d0
                                                                                                                              0x0040c8d2
                                                                                                                              0x0040c8c1
                                                                                                                              0x0040c8c5
                                                                                                                              0x0040c8ce
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040c8ce
                                                                                                                              0x0040c8d7

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 98bd9abcbfeab89fdef86f175b3f21c5d9a9cb172005b41195f14fa3478cdba7
                                                                                                                              • Instruction ID: c05aab3695507b4fc4f121dda86cdadfdc15753284aab5194c6af8a6c9230a51
                                                                                                                              • Opcode Fuzzy Hash: 98bd9abcbfeab89fdef86f175b3f21c5d9a9cb172005b41195f14fa3478cdba7
                                                                                                                              • Instruction Fuzzy Hash: 43E08C32951228EBCB14EFC9C94498AF3FCEB48B45F1181ABB501E3251C274DE00C7D8
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004025CE Relevance: 56.2, APIs: 12, Strings: 20, Instructions: 213registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 98%
                                                                                                                              			E004025CE(void* __edx, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void* _v8;
				char _v784;
				char _v1296;
				void* __edi;
				void* _t50;
				void* _t52;
				void* _t54;
				void* _t56;
				void* _t58;
				void* _t60;
				void* _t61;
				void* _t64;
				intOrPtr _t108;
				void* _t114;
				void* _t115;
				void* _t116;
				void* _t118;
				void* _t119;
				void* _t120;
				void* _t121;
				void* _t122;
				void* _t123;
				void* _t124;
				void* _t125;
				void* _t126;

				_t114 = __edx;
				_v8 = 0;
				E00404680(_t115,  &_v784, 0, 0x308);
				_t117 = _a16;
				_t50 = E00401FE5(0,  &_v8, _a16);
				_t116 = RegCloseKey;
				_t119 = _t118 + 0x18;
				if(_t50 == 0) {
					E00402E5F(_v8, _t117);
					RegCloseKey(_v8);
				}
				_t52 = E00401FE5(L"DefaultIcon",  &_v8, _t117);
				_t108 = _a12;
				_t120 = _t119 + 0xc;
				if(_t52 == 0) {
					_push(_a20);
					E0040145F( &_v784, 0x184, L"%s,%d", _t108);
					E00402E5F(_v8,  &_v784);
					_t120 = _t120 + 0x1c;
					RegCloseKey(_v8);
				}
				_t54 = E00401FE5(L"InstallInfo",  &_v8, _t117);
				_t121 = _t120 + 0xc;
				if(_t54 == 0) {
					RegSetValueExW(_v8, L"IconsVisible", 0, 4,  &_a8, 4);
					E0040145F( &_v784, 0x184, L"\"%s\" /REG=AVCDL", _t108);
					E00402E36(_v8, L"ReinstallCommand",  &_v784);
					E00402E36(_v8, L"ShowIconsCommand",  &_v784);
					E0040145F( &_v784, 0x184, L"\"%s\" /UNREG", _t108);
					E00402E36(_v8, L"HideIconsCommand",  &_v784);
					_t121 = _t121 + 0x44;
					RegCloseKey(_v8);
				}
				_t56 = E00401FE5(L"shell",  &_v8, _t117);
				_t122 = _t121 + 0xc;
				if(_t56 == 0) {
					RegCloseKey(_v8);
				}
				_t58 = E00401FE5(L"shell\\open",  &_v8, _t117);
				_t123 = _t122 + 0xc;
				if(_t58 == 0) {
					RegCloseKey(_v8);
				}
				_t60 = E00401FE5(L"shell\\open\\command",  &_v8, _t117);
				_t124 = _t123 + 0xc;
				if(_t60 == 0) {
					E00402E5F(_v8, _t108);
					RegCloseKey(_v8);
				}
				_t61 = E00401D81(_t114, 6, 0, 0);
				_t125 = _t124 + 0xc;
				if(_t61 != 0) {
					_t64 = E00401FE5(L"Capabilities",  &_v8, _t117);
					_t126 = _t125 + 0xc;
					if(_t64 == 0) {
						E00402E36(_v8, L"ApplicationDescription", L"Winamp. The Ultimate Media Player.");
						E00402E36(_v8, L"ApplicationName", _t117);
						_t126 = _t126 + 0x18;
						RegCloseKey(_v8);
					}
					if(RegCreateKeyW(0x80000002, L"Software\\RegisteredApplications",  &_v8) == 0) {
						E00404680(_t116,  &_v1296, _t66, 0x200);
						E0040143A( &_v1296, 0x200, L"Software\\Clients\\Media\\%s\\Capabilities", _t117);
						E00402E36(_v8, _t117,  &_v1296);
						_t126 = _t126 + 0x28;
						RegCloseKey(_v8);
					}
					if(E00401FE5(L"Capabilities\\FileAssociations",  &_v8, _t117) == 0) {
						RegCloseKey(_v8);
					}
					if(E00401FE5(L"Capabilities\\MimeAssociations",  &_v8, _t117) == 0) {
						RegCloseKey(_v8);
					}
				}
				return 0;
			}




























                                                                                                                              0x004025ce
                                                                                                                              0x004025e9
                                                                                                                              0x004025ec
                                                                                                                              0x004025f1
                                                                                                                              0x004025fa
                                                                                                                              0x004025ff
                                                                                                                              0x00402605
                                                                                                                              0x0040260a
                                                                                                                              0x00402610
                                                                                                                              0x0040261a
                                                                                                                              0x0040261a
                                                                                                                              0x00402626
                                                                                                                              0x0040262b
                                                                                                                              0x0040262e
                                                                                                                              0x00402633
                                                                                                                              0x00402635
                                                                                                                              0x0040264a
                                                                                                                              0x00402659
                                                                                                                              0x0040265e
                                                                                                                              0x00402664
                                                                                                                              0x00402664
                                                                                                                              0x00402670
                                                                                                                              0x00402675
                                                                                                                              0x0040267a
                                                                                                                              0x00402692
                                                                                                                              0x004026aa
                                                                                                                              0x004026be
                                                                                                                              0x004026d2
                                                                                                                              0x004026e9
                                                                                                                              0x004026fd
                                                                                                                              0x00402702
                                                                                                                              0x00402708
                                                                                                                              0x00402708
                                                                                                                              0x00402714
                                                                                                                              0x00402719
                                                                                                                              0x0040271e
                                                                                                                              0x00402723
                                                                                                                              0x00402723
                                                                                                                              0x0040272f
                                                                                                                              0x00402734
                                                                                                                              0x00402739
                                                                                                                              0x0040273e
                                                                                                                              0x0040273e
                                                                                                                              0x0040274a
                                                                                                                              0x0040274f
                                                                                                                              0x00402754
                                                                                                                              0x0040275a
                                                                                                                              0x00402764
                                                                                                                              0x00402764
                                                                                                                              0x0040276c
                                                                                                                              0x00402771
                                                                                                                              0x00402776
                                                                                                                              0x00402786
                                                                                                                              0x0040278b
                                                                                                                              0x00402790
                                                                                                                              0x0040279f
                                                                                                                              0x004027ad
                                                                                                                              0x004027b2
                                                                                                                              0x004027b8
                                                                                                                              0x004027b8
                                                                                                                              0x004027d0
                                                                                                                              0x004027e0
                                                                                                                              0x004027f3
                                                                                                                              0x00402803
                                                                                                                              0x00402808
                                                                                                                              0x0040280e
                                                                                                                              0x0040280e
                                                                                                                              0x00402824
                                                                                                                              0x00402829
                                                                                                                              0x00402829
                                                                                                                              0x0040283f
                                                                                                                              0x00402844
                                                                                                                              0x00402844
                                                                                                                              0x0040283f
                                                                                                                              0x0040284c

                                                                                                                              APIs
                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 0040261A
                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00402664
                                                                                                                              • RegSetValueExW.ADVAPI32(?,IconsVisible,00000000,00000004,?,00000004), ref: 00402692
                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00402708
                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00402723
                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 0040273E
                                                                                                                                • Part of subcall function 00402E5F: RegSetValueExW.ADVAPI32(00401AA6,00000000,00000000,00000001,?,00000000,?,00401AA6,00000000,?), ref: 00402E7F
                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00402764
                                                                                                                                • Part of subcall function 00401D81: VerSetConditionMask.KERNEL32(00000000,00000000,00000002,00000003,00000001,00000003,00000020,00000003), ref: 00401DD5
                                                                                                                                • Part of subcall function 00401D81: VerSetConditionMask.KERNEL32(00000000), ref: 00401DD9
                                                                                                                                • Part of subcall function 00401D81: VerSetConditionMask.KERNEL32(00000000), ref: 00401DDD
                                                                                                                                • Part of subcall function 00401D81: VerifyVersionInfoW.KERNEL32(0000011C,00000023,00000000), ref: 00401E06
                                                                                                                                • Part of subcall function 00401FE5: RegCreateKeyW.ADVAPI32(80000002,?,?), ref: 00402061
                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 004027B8
                                                                                                                              • RegCreateKeyW.ADVAPI32(80000002,Software\RegisteredApplications,?), ref: 004027C8
                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 0040280E
                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00402829
                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00402844
                                                                                                                                • Part of subcall function 00402E36: RegSetValueExW.ADVAPI32(?,?,00000000,00000001,004019C2,00000000,?,004019C2,?,WinampAgent,?), ref: 00402E57
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Close$ConditionMaskValue$Create$InfoVerifyVersion
                                                                                                                              • String ID: "%s" /REG=AVCDL$"%s" /UNREG$%s,%d$ApplicationDescription$ApplicationName$Capabilities$Capabilities\FileAssociations$Capabilities\MimeAssociations$DefaultIcon$HideIconsCommand$IconsVisible$InstallInfo$ReinstallCommand$ShowIconsCommand$Software\Clients\Media\%s\Capabilities$Software\RegisteredApplications$Winamp. The Ultimate Media Player.$shell$shell\open$shell\open\command
                                                                                                                              • API String ID: 167346238-599943258
                                                                                                                              • Opcode ID: a0911778536683fd432960efad12f1faa3c646bbd6fb7100979a8659450e57d2
                                                                                                                              • Instruction ID: 1e47e8c69123a3cf3711c4d05c2c92394d7af5860a57be28d35bd1ceb11f73bf
                                                                                                                              • Opcode Fuzzy Hash: a0911778536683fd432960efad12f1faa3c646bbd6fb7100979a8659450e57d2
                                                                                                                              • Instruction Fuzzy Hash: 2D613EB5940209FADB10ABA1DE86FDF776CEF40348F100076F904B10E2E7795F549AA8
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004021F1 Relevance: 36.9, APIs: 8, Strings: 13, Instructions: 140registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 95%
                                                                                                                              			E004021F1(intOrPtr _a8, intOrPtr _a12, short* _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				void* _v8;
				char _v528;
				char _v1304;
				void* __edi;
				long _t45;
				int _t51;
				intOrPtr _t80;

				E00404680(0x308,  &_v1304, 0, 0x308);
				E00404680(0x308,  &_v528, 0, 0x208);
				_push(_a12);
				_v8 = 0;
				E0040143A( &_v528, 0x208, L"\"%s\", %d", _a8);
				E0040143A( &_v1304, 0x308, L"\"%s\" %1", _a8);
				_t45 = RegCreateKeyW(0x80000000, L"DVD\\shell",  &_v8);
				_t80 = _a20;
				if(_t45 == 0) {
					E00402E5F(_v8, _t80);
					RegCloseKey(_v8);
				}
				if(E00401EEC(_t80, 0x80000000, L"DVD\\shell\\", _t80,  &_v8) == 0) {
					E00402E5F(_v8, _a28);
					RegCloseKey(_v8);
				}
				if(E00401F3C(_t80, 0x80000000, L"DVD\\shell\\", _t80, L"\\command",  &_v8) == 0) {
					E00402E5F(_v8,  &_v1304);
					RegCloseKey(_v8);
				}
				_t51 = RegCreateKeyW(0x80000002, L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoplayHandlers\\EventHandlers\\PlayDVDMovieOnArrival",  &_v8);
				if(_t51 == 0) {
					RegSetValueExW(_v8, _a16, _t51, 1, _t51, _t51);
					RegCloseKey(_v8);
				}
				if(E00401EEC(_t80, 0x80000002, L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoplayHandlers\\Handlers\\", _a16,  &_v8) == 0) {
					E00402E36(_v8, L"Action", _a28);
					E00402E36(_v8, L"DefaultIcon",  &_v528);
					E00402E36(_v8, L"InvokeProgID", L"DVD");
					E00402E36(_v8, L"InvokeVerb", _t80);
					E00402E36(_v8, L"Provider", _a24);
					RegCloseKey(_v8);
				}
				return 0;
			}










                                                                                                                              0x0040220d
                                                                                                                              0x00402220
                                                                                                                              0x00402225
                                                                                                                              0x0040222e
                                                                                                                              0x0040223b
                                                                                                                              0x00402250
                                                                                                                              0x0040226c
                                                                                                                              0x0040226e
                                                                                                                              0x00402279
                                                                                                                              0x0040227f
                                                                                                                              0x00402289
                                                                                                                              0x00402289
                                                                                                                              0x004022a4
                                                                                                                              0x004022ac
                                                                                                                              0x004022b6
                                                                                                                              0x004022b6
                                                                                                                              0x004022d6
                                                                                                                              0x004022e2
                                                                                                                              0x004022ec
                                                                                                                              0x004022ec
                                                                                                                              0x004022fc
                                                                                                                              0x00402300
                                                                                                                              0x0040230d
                                                                                                                              0x00402316
                                                                                                                              0x00402316
                                                                                                                              0x00402333
                                                                                                                              0x00402340
                                                                                                                              0x00402354
                                                                                                                              0x00402366
                                                                                                                              0x00402374
                                                                                                                              0x00402384
                                                                                                                              0x0040238f
                                                                                                                              0x0040238f
                                                                                                                              0x00402397

                                                                                                                              APIs
                                                                                                                              • RegCreateKeyW.ADVAPI32(80000000,DVD\shell,?), ref: 0040226C
                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00402289
                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 004022B6
                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 004022EC
                                                                                                                              • RegCreateKeyW.ADVAPI32(80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayDVDMovieOnArrival,?), ref: 004022FC
                                                                                                                              • RegSetValueExW.ADVAPI32(?,?,00000000,00000001,00000000,00000000), ref: 0040230D
                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00402316
                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 0040238F
                                                                                                                                • Part of subcall function 00402E5F: RegSetValueExW.ADVAPI32(00401AA6,00000000,00000000,00000001,?,00000000,?,00401AA6,00000000,?), ref: 00402E7F
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Close$CreateValue
                                                                                                                              • String ID: "%s" %1$"%s", %d$Action$DVD$DVD\shell$DVD\shell\$DefaultIcon$InvokeProgID$InvokeVerb$Provider$SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayDVDMovieOnArrival$SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\$\command
                                                                                                                              • API String ID: 1009429713-243612736
                                                                                                                              • Opcode ID: 1fa65d0792c8c978f094b672e8c2bb2b50e1a2cb2025bf59e059ce02910ee07d
                                                                                                                              • Instruction ID: 3c2b3e077649143a2ecef7485107a02cc4510123855b0451aaaf3cac06e58905
                                                                                                                              • Opcode Fuzzy Hash: 1fa65d0792c8c978f094b672e8c2bb2b50e1a2cb2025bf59e059ce02910ee07d
                                                                                                                              • Instruction Fuzzy Hash: 99415171940218FADF10ABA1CD46EDF7B7DEF54704F20007AB904B10A1E7799F14AA58
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00402439 Relevance: 24.6, APIs: 8, Strings: 6, Instructions: 126registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 77%
                                                                                                                              			E00402439(intOrPtr _a8, intOrPtr _a12, int _a16, int _a20) {
				void* _v8;
				short _v208;
				char _v464;
				short _v728;
				void* __edi;
				long _t47;
				void* _t70;
				void* _t71;
				intOrPtr _t73;
				void* _t74;
				void* _t75;
				void* _t77;

				_v8 = _v8 & 0x00000000;
				_t73 = _a8;
				if(_a20 == 0) {
					E00404680(_t70,  &_v728, 0, 0x208);
					_t77 = _t74 + 0xc;
					if(RegCreateKeyW(0x80000000, _a16,  &_v8) == 0) {
						E00402E36(_v8, L"Content Type", _t73);
						_t77 = _t77 + 0xc;
						RegCloseKey(_v8);
					}
					E0040145F( &_v728, 0x104, L"MIME\\Database\\Content Type\\%s", _t73);
					_t74 = _t77 + 0x10;
					if(RegCreateKeyW(0x80000000,  &_v728,  &_v8) == 0) {
						RegDeleteValueW(_v8, L"CLSID");
						E00402E36(_v8, L"Extension", _a16);
						_t74 = _t74 + 0xc;
						RegCloseKey(_v8);
					}
				}
				if(RegOpenKeyW(0x80000001, L"Software\\Netscape\\Netscape Navigator\\Viewers",  &_v8) != 0) {
					L13:
					return 0;
				} else {
					E00402E36(_v8, _t73, _a12);
					_t75 = _t74 + 0xc;
					_t71 = 0;
					while(1) {
						E00404680(_t71,  &_v208, 0, 0xc8);
						_a16 = 0x80;
						E00404680(_t71,  &_v464, 0, 0x100);
						E0040145F( &_v208, 0x64, L"TYPE%d", _t71);
						_t75 = _t75 + 0x28;
						_t47 = RegQueryValueExW(_v8,  &_v208, 0,  &_a20,  &_v464,  &_a16);
						_push(_t73);
						if(_t47 != 0) {
							break;
						}
						_push( &_v464);
						if(E00407ACA() == 0) {
							L12:
							RegCloseKey(_v8);
							goto L13;
						}
						_t71 = _t71 + 1;
						if(_t71 < 0x3e7) {
							continue;
						}
						goto L12;
					}
					_push( &_v208);
					_push(_v8);
					E00402E36();
					goto L12;
				}
			}















                                                                                                                              0x00402442
                                                                                                                              0x00402452
                                                                                                                              0x00402456
                                                                                                                              0x0040246a
                                                                                                                              0x00402478
                                                                                                                              0x00402488
                                                                                                                              0x00402493
                                                                                                                              0x00402498
                                                                                                                              0x0040249e
                                                                                                                              0x0040249e
                                                                                                                              0x004024b2
                                                                                                                              0x004024b7
                                                                                                                              0x004024ce
                                                                                                                              0x004024d8
                                                                                                                              0x004024e9
                                                                                                                              0x004024ee
                                                                                                                              0x004024f4
                                                                                                                              0x004024f4
                                                                                                                              0x004024ce
                                                                                                                              0x0040250c
                                                                                                                              0x004025c7
                                                                                                                              0x004025cb
                                                                                                                              0x00402512
                                                                                                                              0x00402519
                                                                                                                              0x0040251e
                                                                                                                              0x00402521
                                                                                                                              0x00402523
                                                                                                                              0x00402531
                                                                                                                              0x00402541
                                                                                                                              0x0040254b
                                                                                                                              0x0040255f
                                                                                                                              0x00402564
                                                                                                                              0x00402582
                                                                                                                              0x00402588
                                                                                                                              0x0040258b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00402593
                                                                                                                              0x0040259d
                                                                                                                              0x004025c0
                                                                                                                              0x004025c3
                                                                                                                              0x00000000
                                                                                                                              0x004025c3
                                                                                                                              0x0040259f
                                                                                                                              0x004025a6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004025ac
                                                                                                                              0x004025b4
                                                                                                                              0x004025b5
                                                                                                                              0x004025b8
                                                                                                                              0x00000000
                                                                                                                              0x004025bd

                                                                                                                              APIs
                                                                                                                              • RegCreateKeyW.ADVAPI32(80000000,?,00000000), ref: 00402484
                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 0040249E
                                                                                                                              • RegCreateKeyW.ADVAPI32(80000000,?,00000000), ref: 004024CA
                                                                                                                              • RegDeleteValueW.ADVAPI32(00000000,CLSID), ref: 004024D8
                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 004024F4
                                                                                                                                • Part of subcall function 00402E36: RegSetValueExW.ADVAPI32(?,?,00000000,00000001,004019C2,00000000,?,004019C2,?,WinampAgent,?), ref: 00402E57
                                                                                                                              • RegOpenKeyW.ADVAPI32(80000001,Software\Netscape\Netscape Navigator\Viewers,00000000), ref: 00402504
                                                                                                                              • RegQueryValueExW.ADVAPI32(00000000,?,00000000,00000000,?,00000080), ref: 00402582
                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 004025C3
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseValue$Create$DeleteOpenQuery
                                                                                                                              • String ID: CLSID$Content Type$Extension$MIME\Database\Content Type\%s$Software\Netscape\Netscape Navigator\Viewers$TYPE%d
                                                                                                                              • API String ID: 1522338619-260258362
                                                                                                                              • Opcode ID: 1efef9959d61cfd87459d7b737c1aa0474bbc2b425f7c3b5c03806b1af05026c
                                                                                                                              • Instruction ID: a4732758ce59e2a68aa7a643b598bfb656584b8574cdce1e07eb13a404c376bd
                                                                                                                              • Opcode Fuzzy Hash: 1efef9959d61cfd87459d7b737c1aa0474bbc2b425f7c3b5c03806b1af05026c
                                                                                                                              • Instruction Fuzzy Hash: 1E413C72940109FAEB11EBA1DD4AFDF777CAB44304F104076FA08B20D1E7799A549BA9
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004034BD Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 140registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004034BD(void* __edx, short* _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void* _v8;
				int _v12;
				char _v268;
				short _v524;
				void* __edi;
				long _t39;
				void* _t63;
				void* _t82;
				short* _t84;
				void* _t87;

				_t82 = __edx;
				_t84 = 0;
				_v8 = 0;
				_t39 = RegOpenKeyW(0x80000000, _a8,  &_v8);
				_t83 = RegDeleteValueW;
				if(_t39 != 0) {
					L11:
					if(E00401D81(_t82, 6, _t84, _t84) != 0) {
						E00404680(_t83,  &_v524, 0, 0x200);
						E0040143A( &_v524, 0x200, L"Software\\Clients\\Media\\%s\\Capabilities\\FileAssociations", _a16);
						if(RegCreateKeyW(0x80000002,  &_v524,  &_v8) == 0) {
							RegDeleteValueW(_v8, _a8);
							RegCloseKey(_v8);
						}
					}
					return 0;
				} else {
					E00404680(RegDeleteValueW,  &_v268, 0, 0x100);
					_t87 = _t87 + 0xc;
					_v12 = 0x80;
					if(RegQueryValueExW(_v8, 0, 0, 0,  &_v268,  &_v12) == 0) {
						E00407B0A(_a12);
						E00407B0A( &_v268);
						_t77 =  >=  ? _a12 :  &_v268;
						_t63 = E00407DE2( &_v268, _a12, E00407B0A( >=  ? _a12 :  &_v268));
						_t87 = _t87 + 0x18;
						_t84 = 0;
						if(_t63 == 0) {
							_v12 = 0x80;
							if(RegQueryValueExW(_v8, L"Winamp_Back", 0, 0,  &_v268,  &_v12) != 0) {
								RegDeleteValueW(_v8, 0);
								RegCloseKey(_v8);
								_v8 = 0;
								E004037EB(0x80000000, _a8);
							} else {
								if(E00402E5F(_v8,  &_v268) == 0) {
									RegDeleteValueW(_v8, L"Winamp_Back");
								}
							}
						}
					}
					if(_v8 != 0) {
						RegCloseKey(_v8);
					}
					if(_a20 == 0) {
						E004037EB(0x80000000, _a12);
					}
					goto L11;
				}
			}













                                                                                                                              0x004034bd
                                                                                                                              0x004034cc
                                                                                                                              0x004034d2
                                                                                                                              0x004034da
                                                                                                                              0x004034e0
                                                                                                                              0x004034ee
                                                                                                                              0x004035f4
                                                                                                                              0x00403602
                                                                                                                              0x00403613
                                                                                                                              0x00403628
                                                                                                                              0x00403648
                                                                                                                              0x00403650
                                                                                                                              0x00403655
                                                                                                                              0x00403655
                                                                                                                              0x00403648
                                                                                                                              0x0040365d
                                                                                                                              0x004034f4
                                                                                                                              0x00403501
                                                                                                                              0x00403506
                                                                                                                              0x00403509
                                                                                                                              0x00403529
                                                                                                                              0x00403532
                                                                                                                              0x00403540
                                                                                                                              0x0040354d
                                                                                                                              0x00403562
                                                                                                                              0x00403567
                                                                                                                              0x0040356a
                                                                                                                              0x0040356e
                                                                                                                              0x00403573
                                                                                                                              0x00403594
                                                                                                                              0x004035bb
                                                                                                                              0x004035c0
                                                                                                                              0x004035c5
                                                                                                                              0x004035cd
                                                                                                                              0x00403596
                                                                                                                              0x004035a9
                                                                                                                              0x004035b3
                                                                                                                              0x004035b3
                                                                                                                              0x004035a9
                                                                                                                              0x00403594
                                                                                                                              0x0040356e
                                                                                                                              0x004035d8
                                                                                                                              0x004035dd
                                                                                                                              0x004035dd
                                                                                                                              0x004035e3
                                                                                                                              0x004035ed
                                                                                                                              0x004035f3
                                                                                                                              0x00000000
                                                                                                                              0x004035e3

                                                                                                                              APIs
                                                                                                                              • RegOpenKeyW.ADVAPI32(80000000,?,?), ref: 004034DA
                                                                                                                              • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,00000080), ref: 00403521
                                                                                                                              • RegQueryValueExW.ADVAPI32(?,Winamp_Back,00000000,00000000,?,00000080), ref: 0040358C
                                                                                                                              • RegDeleteValueW.ADVAPI32(?,Winamp_Back), ref: 004035B3
                                                                                                                              • RegDeleteValueW.ADVAPI32(?,00000000), ref: 004035BB
                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 004035C0
                                                                                                                                • Part of subcall function 00402E5F: RegSetValueExW.ADVAPI32(00401AA6,00000000,00000000,00000001,?,00000000,?,00401AA6,00000000,?), ref: 00402E7F
                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 004035DD
                                                                                                                              • RegCreateKeyW.ADVAPI32(80000002,?,?), ref: 00403640
                                                                                                                              • RegDeleteValueW.ADVAPI32(?,?), ref: 00403650
                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00403655
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Value$CloseDelete$Query$CreateOpen
                                                                                                                              • String ID: Software\Clients\Media\%s\Capabilities\FileAssociations$Winamp_Back
                                                                                                                              • API String ID: 952789728-3789767761
                                                                                                                              • Opcode ID: 3061b980ba2120cdedf79a9933fe75b3813215a8365d66ab806fb94c792452d1
                                                                                                                              • Instruction ID: c29e42d0e3fb20c6e6368b52333cafec8e226e8979dce31090d47a446353f9e4
                                                                                                                              • Opcode Fuzzy Hash: 3061b980ba2120cdedf79a9933fe75b3813215a8365d66ab806fb94c792452d1
                                                                                                                              • Instruction Fuzzy Hash: D6412C71900218FADB21AFA1CC49FDF7F7CEF14358F104066F944B21A1EA759B54DAA4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040CFA0 Relevance: 19.6, APIs: 13, Instructions: 113COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E0040CFA0(intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _t25;
				intOrPtr* _t26;
				intOrPtr _t28;
				intOrPtr* _t29;
				intOrPtr* _t31;
				intOrPtr* _t45;
				intOrPtr* _t46;
				intOrPtr* _t47;
				intOrPtr* _t55;
				intOrPtr* _t70;
				intOrPtr _t74;

				_t74 = _a4;
				_t25 =  *((intOrPtr*)(_t74 + 0x88));
				if(_t25 != 0 && _t25 != 0x41e6f0) {
					_t45 =  *((intOrPtr*)(_t74 + 0x7c));
					if(_t45 != 0 &&  *_t45 == 0) {
						_t46 =  *((intOrPtr*)(_t74 + 0x84));
						if(_t46 != 0 &&  *_t46 == 0) {
							E00409BE4(_t46);
							E0040CB7D( *((intOrPtr*)(_t74 + 0x88)));
						}
						_t47 =  *((intOrPtr*)(_t74 + 0x80));
						if(_t47 != 0 &&  *_t47 == 0) {
							E00409BE4(_t47);
							E0040CC7B( *((intOrPtr*)(_t74 + 0x88)));
						}
						E00409BE4( *((intOrPtr*)(_t74 + 0x7c)));
						E00409BE4( *((intOrPtr*)(_t74 + 0x88)));
					}
				}
				_t26 =  *((intOrPtr*)(_t74 + 0x8c));
				if(_t26 != 0 &&  *_t26 == 0) {
					E00409BE4( *((intOrPtr*)(_t74 + 0x90)) - 0xfe);
					E00409BE4( *((intOrPtr*)(_t74 + 0x94)) - 0x80);
					E00409BE4( *((intOrPtr*)(_t74 + 0x98)) - 0x80);
					E00409BE4( *((intOrPtr*)(_t74 + 0x8c)));
				}
				E0040D111( *((intOrPtr*)(_t74 + 0x9c)));
				_t28 = 6;
				_t55 = _t74 + 0xa0;
				_v8 = _t28;
				_t70 = _t74 + 0x28;
				do {
					if( *((intOrPtr*)(_t70 - 8)) != 0x41e1c8) {
						_t31 =  *_t70;
						if(_t31 != 0 &&  *_t31 == 0) {
							E00409BE4(_t31);
							E00409BE4( *_t55);
						}
						_t28 = _v8;
					}
					if( *((intOrPtr*)(_t70 - 0xc)) != 0) {
						_t29 =  *((intOrPtr*)(_t70 - 4));
						if(_t29 != 0 &&  *_t29 == 0) {
							E00409BE4(_t29);
						}
						_t28 = _v8;
					}
					_t55 = _t55 + 4;
					_t70 = _t70 + 0x10;
					_t28 = _t28 - 1;
					_v8 = _t28;
				} while (_t28 != 0);
				return E00409BE4(_t74);
			}















                                                                                                                              0x0040cfa8
                                                                                                                              0x0040cfac
                                                                                                                              0x0040cfb4
                                                                                                                              0x0040cfbd
                                                                                                                              0x0040cfc2
                                                                                                                              0x0040cfc9
                                                                                                                              0x0040cfd1
                                                                                                                              0x0040cfd9
                                                                                                                              0x0040cfe4
                                                                                                                              0x0040cfea
                                                                                                                              0x0040cfeb
                                                                                                                              0x0040cff3
                                                                                                                              0x0040cffb
                                                                                                                              0x0040d006
                                                                                                                              0x0040d00c
                                                                                                                              0x0040d010
                                                                                                                              0x0040d01b
                                                                                                                              0x0040d021
                                                                                                                              0x0040cfc2
                                                                                                                              0x0040d022
                                                                                                                              0x0040d02a
                                                                                                                              0x0040d03d
                                                                                                                              0x0040d050
                                                                                                                              0x0040d05e
                                                                                                                              0x0040d069
                                                                                                                              0x0040d06e
                                                                                                                              0x0040d077
                                                                                                                              0x0040d07f
                                                                                                                              0x0040d080
                                                                                                                              0x0040d086
                                                                                                                              0x0040d089
                                                                                                                              0x0040d08c
                                                                                                                              0x0040d093
                                                                                                                              0x0040d095
                                                                                                                              0x0040d099
                                                                                                                              0x0040d0a1
                                                                                                                              0x0040d0a8
                                                                                                                              0x0040d0ae
                                                                                                                              0x0040d0af
                                                                                                                              0x0040d0af
                                                                                                                              0x0040d0b6
                                                                                                                              0x0040d0b8
                                                                                                                              0x0040d0bd
                                                                                                                              0x0040d0c5
                                                                                                                              0x0040d0ca
                                                                                                                              0x0040d0cb
                                                                                                                              0x0040d0cb
                                                                                                                              0x0040d0ce
                                                                                                                              0x0040d0d1
                                                                                                                              0x0040d0d4
                                                                                                                              0x0040d0d7
                                                                                                                              0x0040d0d7
                                                                                                                              0x0040d0e7

                                                                                                                              APIs
                                                                                                                              • ___free_lconv_mon.LIBCMT ref: 0040CFE4
                                                                                                                                • Part of subcall function 0040CB7D: _free.LIBCMT ref: 0040CB9A
                                                                                                                                • Part of subcall function 0040CB7D: _free.LIBCMT ref: 0040CBAC
                                                                                                                                • Part of subcall function 0040CB7D: _free.LIBCMT ref: 0040CBBE
                                                                                                                                • Part of subcall function 0040CB7D: _free.LIBCMT ref: 0040CBD0
                                                                                                                                • Part of subcall function 0040CB7D: _free.LIBCMT ref: 0040CBE2
                                                                                                                                • Part of subcall function 0040CB7D: _free.LIBCMT ref: 0040CBF4
                                                                                                                                • Part of subcall function 0040CB7D: _free.LIBCMT ref: 0040CC06
                                                                                                                                • Part of subcall function 0040CB7D: _free.LIBCMT ref: 0040CC18
                                                                                                                                • Part of subcall function 0040CB7D: _free.LIBCMT ref: 0040CC2A
                                                                                                                                • Part of subcall function 0040CB7D: _free.LIBCMT ref: 0040CC3C
                                                                                                                                • Part of subcall function 0040CB7D: _free.LIBCMT ref: 0040CC4E
                                                                                                                                • Part of subcall function 0040CB7D: _free.LIBCMT ref: 0040CC60
                                                                                                                                • Part of subcall function 0040CB7D: _free.LIBCMT ref: 0040CC72
                                                                                                                              • _free.LIBCMT ref: 0040CFD9
                                                                                                                                • Part of subcall function 00409BE4: HeapFree.KERNEL32(00000000,00000000,?,00408F39), ref: 00409BFA
                                                                                                                                • Part of subcall function 00409BE4: GetLastError.KERNEL32(?,?,00408F39), ref: 00409C0C
                                                                                                                              • _free.LIBCMT ref: 0040CFFB
                                                                                                                              • _free.LIBCMT ref: 0040D010
                                                                                                                              • _free.LIBCMT ref: 0040D01B
                                                                                                                              • _free.LIBCMT ref: 0040D03D
                                                                                                                              • _free.LIBCMT ref: 0040D050
                                                                                                                              • _free.LIBCMT ref: 0040D05E
                                                                                                                              • _free.LIBCMT ref: 0040D069
                                                                                                                              • _free.LIBCMT ref: 0040D0A1
                                                                                                                              • _free.LIBCMT ref: 0040D0A8
                                                                                                                              • _free.LIBCMT ref: 0040D0C5
                                                                                                                              • _free.LIBCMT ref: 0040D0DD
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 161543041-0
                                                                                                                              • Opcode ID: 54316cb65d27278882760c05424efda03e4ba353faea0f76c6e201e730a7a639
                                                                                                                              • Instruction ID: 747494956db2ac1744bca2638596a387115d45ab9927b26fdbae990e811b99e9
                                                                                                                              • Opcode Fuzzy Hash: 54316cb65d27278882760c05424efda03e4ba353faea0f76c6e201e730a7a639
                                                                                                                              • Instruction Fuzzy Hash: F63141719042019FDB206BB9E845F5777E9BF00328F14443BE449EB2E2DA79BC85C618
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040A033 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 69COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 77%
                                                                                                                              			E0040A033(void* __ebx, void* __edi, void* __esi, char _a4) {
				void* _v5;
				char _v12;
				char _v16;
				char _v20;
				void* __ebp;
				char _t55;
				char _t61;
				void* _t67;
				intOrPtr _t68;
				void* _t72;
				void* _t73;

				_t73 = __esi;
				_t72 = __edi;
				_t67 = __ebx;
				_t36 = _a4;
				_t68 =  *_a4;
				_t77 = _t68 - 0x417168;
				if(_t68 != 0x417168) {
					E00409BE4(_t68);
					_t36 = _a4;
				}
				E00409BE4( *((intOrPtr*)(_t36 + 0x3c)));
				E00409BE4( *((intOrPtr*)(_a4 + 0x30)));
				E00409BE4( *((intOrPtr*)(_a4 + 0x34)));
				E00409BE4( *((intOrPtr*)(_a4 + 0x38)));
				E00409BE4( *((intOrPtr*)(_a4 + 0x28)));
				E00409BE4( *((intOrPtr*)(_a4 + 0x2c)));
				E00409BE4( *((intOrPtr*)(_a4 + 0x40)));
				E00409BE4( *((intOrPtr*)(_a4 + 0x44)));
				E00409BE4( *((intOrPtr*)(_a4 + 0x360)));
				_v16 =  &_a4;
				_t55 = 5;
				_v12 = _t55;
				_v20 = _t55;
				_push( &_v12);
				_push( &_v16);
				_push( &_v20);
				E00409E5F(_t67, _t72, _t73, _t77);
				_v16 =  &_a4;
				_t61 = 4;
				_v20 = _t61;
				_v12 = _t61;
				_push( &_v20);
				_push( &_v16);
				_push( &_v12);
				return E00409ECA(_t67, _t72, _t73, _t77);
			}














                                                                                                                              0x0040a033
                                                                                                                              0x0040a033
                                                                                                                              0x0040a033
                                                                                                                              0x0040a038
                                                                                                                              0x0040a03e
                                                                                                                              0x0040a040
                                                                                                                              0x0040a046
                                                                                                                              0x0040a049
                                                                                                                              0x0040a04e
                                                                                                                              0x0040a051
                                                                                                                              0x0040a055
                                                                                                                              0x0040a060
                                                                                                                              0x0040a06b
                                                                                                                              0x0040a076
                                                                                                                              0x0040a081
                                                                                                                              0x0040a08c
                                                                                                                              0x0040a097
                                                                                                                              0x0040a0a2
                                                                                                                              0x0040a0b0
                                                                                                                              0x0040a0bb
                                                                                                                              0x0040a0c3
                                                                                                                              0x0040a0c4
                                                                                                                              0x0040a0c7
                                                                                                                              0x0040a0cd
                                                                                                                              0x0040a0d1
                                                                                                                              0x0040a0d5
                                                                                                                              0x0040a0d6
                                                                                                                              0x0040a0e0
                                                                                                                              0x0040a0e6
                                                                                                                              0x0040a0e7
                                                                                                                              0x0040a0ea
                                                                                                                              0x0040a0f0
                                                                                                                              0x0040a0f4
                                                                                                                              0x0040a0f8
                                                                                                                              0x0040a0ff

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                                                              • String ID: hqA
                                                                                                                              • API String ID: 776569668-2390391355
                                                                                                                              • Opcode ID: 6087ea00806fe30c3f93308743723c95845efe8f42abbcad83d2fcf56b19caa2
                                                                                                                              • Instruction ID: 421adf34afeac47d4d57148187dd85c3b1e8dbc27ff4e5306c45ba303621cb7e
                                                                                                                              • Opcode Fuzzy Hash: 6087ea00806fe30c3f93308743723c95845efe8f42abbcad83d2fcf56b19caa2
                                                                                                                              • Instruction Fuzzy Hash: E621A77A904109AFCF41EF95D881DDE7BB9BF08354B00416BB615AB162DB35EA44CB84
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004028E4 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 82registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004028E4(short* _a8, intOrPtr _a12, intOrPtr _a16) {
				void* _v8;
				short _v520;
				void* __edi;

				_v8 = _v8 & 0x00000000;
				if(RegCreateKeyW(0x80000000, _a8,  &_v8) == 0) {
					E00404680(RegCreateKeyW,  &_v520, _t24, 0x200);
					E00402E5F(_v8, L"URL:Winamp Command Handler");
					E00402E36(_v8, L"URL Protocol", 0x41573c);
					RegCloseKey(_v8);
					E0040143A( &_v520, 0x200, L"%s\\DefaultIcon", _a8);
					if(RegCreateKeyW(0x80000000,  &_v520,  &_v8) == 0) {
						E00402E5F(_v8, _a16);
						RegCloseKey(_v8);
					}
					E0040143A( &_v520, 0x200, L"%s\\shell\\open\\command", _a8);
					if(RegCreateKeyW(0x80000000,  &_v520,  &_v8) == 0) {
						E00402E5F(_v8, _a12);
						RegCloseKey(_v8);
					}
				}
				return 0;
			}






                                                                                                                              0x004028ed
                                                                                                                              0x0040290a
                                                                                                                              0x0040291e
                                                                                                                              0x0040292b
                                                                                                                              0x0040293d
                                                                                                                              0x0040294e
                                                                                                                              0x00402964
                                                                                                                              0x0040297c
                                                                                                                              0x00402984
                                                                                                                              0x0040298e
                                                                                                                              0x0040298e
                                                                                                                              0x004029a4
                                                                                                                              0x004029bc
                                                                                                                              0x004029c4
                                                                                                                              0x004029ce
                                                                                                                              0x004029ce
                                                                                                                              0x004029d0
                                                                                                                              0x004029d6

                                                                                                                              APIs
                                                                                                                              • RegCreateKeyW.ADVAPI32(80000000,?,00000000), ref: 00402906
                                                                                                                                • Part of subcall function 00402E5F: RegSetValueExW.ADVAPI32(00401AA6,00000000,00000000,00000001,?,00000000,?,00401AA6,00000000,?), ref: 00402E7F
                                                                                                                                • Part of subcall function 00402E36: RegSetValueExW.ADVAPI32(?,?,00000000,00000001,004019C2,00000000,?,004019C2,?,WinampAgent,?), ref: 00402E57
                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 0040294E
                                                                                                                              • RegCreateKeyW.ADVAPI32(80000000,?,00000000), ref: 00402978
                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 0040298E
                                                                                                                              • RegCreateKeyW.ADVAPI32(80000000,?,00000000), ref: 004029B8
                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 004029CE
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseCreate$Value
                                                                                                                              • String ID: %s\DefaultIcon$%s\shell\open\command$URL Protocol$URL:Winamp Command Handler
                                                                                                                              • API String ID: 543950827-881449853
                                                                                                                              • Opcode ID: 8aced4b1a1ce3037d0cd94a3c809c16033e340299715548b32489dd184f6ce59
                                                                                                                              • Instruction ID: d013206809e2dbdd59b5617a9a9b35019ac37f50a38d46a4d7aaeb1e8abb097c
                                                                                                                              • Opcode Fuzzy Hash: 8aced4b1a1ce3037d0cd94a3c809c16033e340299715548b32489dd184f6ce59
                                                                                                                              • Instruction Fuzzy Hash: E92153B294021DBADF11FB91CE4AFDE777CAF04714F204466F514B10A2E6759F10AB58
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00402B58 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 83registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 93%
                                                                                                                              			E00402B58(intOrPtr _a8, short* _a12, char _a16, intOrPtr _a20, intOrPtr _a24) {
				void* _v8;
				char _v592;
				void* __edi;
				void* _t27;
				void* _t51;
				void* _t52;

				_v8 = 0;
				if(RegCreateKeyW(0x80000000, _a12,  &_v8) == 0) {
					E00402E5F(_v8, _a16);
					_a16 = 0x10000;
					RegSetValueExW(_v8, L"EditFlags", 0, 3,  &_a16, 4);
					RegCloseKey(_v8);
				}
				_t27 = E00401EEC(0x80000000, 0x80000000, _a12, L"\\DefaultIcon",  &_v8);
				_t52 = _t51 + 0x10;
				if(_t27 == 0) {
					E00404680(0x80000000,  &_v592, 0, 0x248);
					_push(_a20);
					E0040145F( &_v592, 0x124, L"%s,%d", _a8);
					E00402E5F(_v8,  &_v592);
					_t52 = _t52 + 0x28;
					RegCloseKey(_v8);
				}
				if(E00401EEC(0x80000000, 0x80000000, _a12, L"\\shell",  &_v8) == 0) {
					E00402E5F(_v8, _a24);
					RegCloseKey(_v8);
				}
				return 0;
			}









                                                                                                                              0x00402b73
                                                                                                                              0x00402b84
                                                                                                                              0x00402b8c
                                                                                                                              0x00402b98
                                                                                                                              0x00402bab
                                                                                                                              0x00402bb4
                                                                                                                              0x00402bb4
                                                                                                                              0x00402bc3
                                                                                                                              0x00402bc8
                                                                                                                              0x00402bcd
                                                                                                                              0x00402bdc
                                                                                                                              0x00402be1
                                                                                                                              0x00402bf8
                                                                                                                              0x00402c07
                                                                                                                              0x00402c0c
                                                                                                                              0x00402c12
                                                                                                                              0x00402c12
                                                                                                                              0x00402c2b
                                                                                                                              0x00402c33
                                                                                                                              0x00402c3d
                                                                                                                              0x00402c3d
                                                                                                                              0x00402c45

                                                                                                                              APIs
                                                                                                                              • RegCreateKeyW.ADVAPI32(80000000,?,?), ref: 00402B76
                                                                                                                              • RegSetValueExW.ADVAPI32(?,EditFlags,00000000,00000003,?,00000004), ref: 00402BAB
                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00402BB4
                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00402C12
                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00402C3D
                                                                                                                                • Part of subcall function 00402E5F: RegSetValueExW.ADVAPI32(00401AA6,00000000,00000000,00000001,?,00000000,?,00401AA6,00000000,?), ref: 00402E7F
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Close$Value$Create
                                                                                                                              • String ID: %s,%d$EditFlags$\DefaultIcon$\shell
                                                                                                                              • API String ID: 2741822481-3179600475
                                                                                                                              • Opcode ID: e76733db0cc1087d8d0df83e651e5a2e2e6be4103067fa5885f6442c799887f9
                                                                                                                              • Instruction ID: ed5ddfd3598d6eaf1f0585a867159ee489cd918af772c3696e12f72f4d9f5979
                                                                                                                              • Opcode Fuzzy Hash: e76733db0cc1087d8d0df83e651e5a2e2e6be4103067fa5885f6442c799887f9
                                                                                                                              • Instruction Fuzzy Hash: 55212D7294020DBEDF11EF90DD46EEE7B7DEB44744F200466F904B10A1E7799F24AA94
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004029D9 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 124registrycomCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 93%
                                                                                                                              			E004029D9(void* __edx, void* __edi, short* _a8, void* _a12, intOrPtr _a16) {
				void* _v8;
				int _v12;
				char _v268;
				short _v524;
				char* _t50;
				intOrPtr* _t54;
				void* _t67;
				intOrPtr* _t73;
				void* _t77;
				void* _t79;

				_t78 = __edi;
				_t77 = __edx;
				_v8 = _v8 & 0x00000000;
				if(RegCreateKeyW(0x80000000, _a8,  &_v8) != 0) {
					L7:
					if(E00401D81(_t77, 6, 0, 0) != 0) {
						E00404680(_t78,  &_v524, 0, 0x200);
						E0040143A( &_v524, 0x200, L"Software\\Clients\\Media\\%s\\Capabilities\\FileAssociations", _a16);
						if(RegCreateKeyW(0x80000002,  &_v524,  &_v8) == 0) {
							E00402E36(_v8, _a8, _a12);
							_t50 =  &_a12;
							_a12 = 0;
							__imp__CoCreateInstance(0x416274, 0, 3, 0x415890, _t50);
							if(_t50 >= 0) {
								_t73 = _a12;
								if(_t73 != 0) {
									 *((intOrPtr*)( *_t73 + 0x18))(_t73, _a16, _a8, 0);
									_t54 = _a12;
									 *((intOrPtr*)( *_t54 + 8))(_t54);
								}
							}
							RegCloseKey(_v8);
						}
					}
					return 0;
				} else {
					E00404680(__edi,  &_v268, _t39, 0x100);
					_t79 = _t79 + 0xc;
					_v12 = 0x80;
					if(RegQueryValueExW(_v8, 0, 0, 0,  &_v268,  &_v12) != 0) {
						E00402E5F(_v8, _a12);
					} else {
						_t67 = E00407DE2( &_v268, _a12, E00407B0A( &_v268));
						_t79 = _t79 + 0x10;
						if(_t67 != 0) {
							E00402E36(_v8, L"Winamp_Back",  &_v268);
							E00402E5F(_v8, _a12);
							_t79 = _t79 + 0x14;
						}
					}
					if(_v8 != 0) {
						RegCloseKey(_v8);
					}
					goto L7;
				}
			}













                                                                                                                              0x004029d9
                                                                                                                              0x004029d9
                                                                                                                              0x004029e2
                                                                                                                              0x004029fd
                                                                                                                              0x00402a9f
                                                                                                                              0x00402aaf
                                                                                                                              0x00402ac3
                                                                                                                              0x00402adc
                                                                                                                              0x00402af8
                                                                                                                              0x00402b03
                                                                                                                              0x00402b0b
                                                                                                                              0x00402b10
                                                                                                                              0x00402b21
                                                                                                                              0x00402b29
                                                                                                                              0x00402b2b
                                                                                                                              0x00402b30
                                                                                                                              0x00402b3c
                                                                                                                              0x00402b3f
                                                                                                                              0x00402b45
                                                                                                                              0x00402b45
                                                                                                                              0x00402b30
                                                                                                                              0x00402b4b
                                                                                                                              0x00402b4b
                                                                                                                              0x00402af8
                                                                                                                              0x00402b55
                                                                                                                              0x00402a03
                                                                                                                              0x00402a10
                                                                                                                              0x00402a15
                                                                                                                              0x00402a18
                                                                                                                              0x00402a3a
                                                                                                                              0x00402a89
                                                                                                                              0x00402a3c
                                                                                                                              0x00402a53
                                                                                                                              0x00402a58
                                                                                                                              0x00402a5d
                                                                                                                              0x00402a6e
                                                                                                                              0x00402a79
                                                                                                                              0x00402a7e
                                                                                                                              0x00402a7e
                                                                                                                              0x00402a5d
                                                                                                                              0x00402a94
                                                                                                                              0x00402a99
                                                                                                                              0x00402a99
                                                                                                                              0x00000000
                                                                                                                              0x00402a94

                                                                                                                              APIs
                                                                                                                              • RegCreateKeyW.ADVAPI32(80000000,?,00000000), ref: 004029F9
                                                                                                                              • RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,?,00000080), ref: 00402A32
                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00402A99
                                                                                                                                • Part of subcall function 00402E36: RegSetValueExW.ADVAPI32(?,?,00000000,00000001,004019C2,00000000,?,004019C2,?,WinampAgent,?), ref: 00402E57
                                                                                                                                • Part of subcall function 00402E5F: RegSetValueExW.ADVAPI32(00401AA6,00000000,00000000,00000001,?,00000000,?,00401AA6,00000000,?), ref: 00402E7F
                                                                                                                              • RegCreateKeyW.ADVAPI32(80000002,?,00000000), ref: 00402AF4
                                                                                                                              • CoCreateInstance.OLE32(00416274,00000000,00000003,00415890,?), ref: 00402B21
                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00402B4B
                                                                                                                              Strings
                                                                                                                              • Winamp_Back, xrefs: 00402A66
                                                                                                                              • Software\Clients\Media\%s\Capabilities\FileAssociations, xrefs: 00402AD1
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateValue$Close$InstanceQuery
                                                                                                                              • String ID: Software\Clients\Media\%s\Capabilities\FileAssociations$Winamp_Back
                                                                                                                              • API String ID: 4270104233-3789767761
                                                                                                                              • Opcode ID: a363939942b9b1dca3c9ebe71628d5fa6fd4eb0720b65979dfdff7cefca8c957
                                                                                                                              • Instruction ID: 4bb9147f5ef5fd79c4ddbd485b0ff5754f260874b5504486b4d4a5c04881741c
                                                                                                                              • Opcode Fuzzy Hash: a363939942b9b1dca3c9ebe71628d5fa6fd4eb0720b65979dfdff7cefca8c957
                                                                                                                              • Instruction Fuzzy Hash: 38412D71900209FFDF11EFA1CD4AFEE777CAF04304F500466BA04E60A1EBB59A549B69
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040333A Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 108registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E0040333A(void* __eflags, int _a8) {
				void* _v8;
				char _v528;
				char _v1048;
				void* __edi;
				void* __esi;
				char _t51;
				short* _t65;

				E00404680(0,  &_v1048, 0, 0x208);
				_v8 = 0;
				E0040145F( &_v1048, 0x104, L"\"%s\" %%1", _a8);
				if(RegOpenKeyW(0x80000000, L"AudioCD\\shell\\play\\command",  &_v8) != 0) {
					L10:
					return 0;
				}
				E00404680(0,  &_v528, 0, 0x208);
				_a8 = 0x104;
				if(RegQueryValueExW(_v8, 0, 0, 0,  &_v528,  &_a8) == 0 && E00407ACA( &_v528,  &_v1048) == 0) {
					_a8 = 0x208;
					_t65 = L"Winamp_Back";
					if(RegQueryValueExW(_v8, _t65, 0, 0,  &_v528,  &_a8) != 0) {
						_v1048 = 0;
						E00402E5F(_v8,  &_v1048);
					} else {
						_t51 = E00407E98(_t65, RegQueryValueExW,  &_v528,  &_v1048);
						if(_t51 == 0) {
							_v528 = _t51;
						}
						if(E00402E5F(_v8,  &_v528) == 0) {
							RegDeleteValueW(_v8, _t65);
						}
					}
				}
				RegCloseKey(_v8);
				goto L10;
			}










                                                                                                                              0x00403356
                                                                                                                              0x00403363
                                                                                                                              0x00403373
                                                                                                                              0x00403391
                                                                                                                              0x0040346a
                                                                                                                              0x0040346e
                                                                                                                              0x0040346e
                                                                                                                              0x004033a0
                                                                                                                              0x004033a8
                                                                                                                              0x004033c6
                                                                                                                              0x004033e8
                                                                                                                              0x004033f5
                                                                                                                              0x00403402
                                                                                                                              0x00403447
                                                                                                                              0x00403458
                                                                                                                              0x00403404
                                                                                                                              0x00403412
                                                                                                                              0x0040341b
                                                                                                                              0x0040341d
                                                                                                                              0x0040341d
                                                                                                                              0x00403437
                                                                                                                              0x0040343d
                                                                                                                              0x0040343d
                                                                                                                              0x00403437
                                                                                                                              0x00403402
                                                                                                                              0x00403462
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • RegOpenKeyW.ADVAPI32(80000000,AudioCD\shell\play\command,?), ref: 00403389
                                                                                                                              • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?), ref: 004033C2
                                                                                                                              • RegQueryValueExW.ADVAPI32(?,Winamp_Back,00000000,00000000,?,?), ref: 004033FE
                                                                                                                              • RegDeleteValueW.ADVAPI32(?,Winamp_Back), ref: 0040343D
                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00403462
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Value$Query$CloseDeleteOpen
                                                                                                                              • String ID: "%s" %%1$AudioCD\shell\play\command$Winamp_Back
                                                                                                                              • API String ID: 2877093821-1340532153
                                                                                                                              • Opcode ID: f27a0db825a090ffcc434836c93c683b28aa4fc08bb4adc9271c27e17a87e632
                                                                                                                              • Instruction ID: de9a2d1a39648316ce111e865d81c2f9460cb5e991b53ebe76958744435a695c
                                                                                                                              • Opcode Fuzzy Hash: f27a0db825a090ffcc434836c93c683b28aa4fc08bb4adc9271c27e17a87e632
                                                                                                                              • Instruction Fuzzy Hash: 963132B280021CFADB11EF92DD49EDB7B7CEB85714F1080BBF504E6152E6349B448B69
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040196E Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 57registryprocessCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 64%
                                                                                                                              			E0040196E(WCHAR* _a8) {
				void* _v8;
				struct _PROCESS_INFORMATION _v24;
				struct _STARTUPINFOW _v92;
				void* __edi;
				void* _t27;

				_v92.cb = 0x44;
				_v8 = 0;
				E00404680(_t27,  &(_v92.lpReserved), 0, 0x40);
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				if(RegCreateKeyW(0x80000002, L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run",  &_v8) == 0) {
					E00402E36(_v8, L"WinampAgent", _a8);
					RegCloseKey(_v8);
				}
				CreateProcessW(0, _a8, 0, 0, 0, 0, 0, 0,  &_v92,  &_v24);
				CloseHandle(_v24);
				CloseHandle(_v24.hThread);
				return 0;
			}








                                                                                                                              0x00401978
                                                                                                                              0x00401984
                                                                                                                              0x00401989
                                                                                                                              0x00401993
                                                                                                                              0x00401997
                                                                                                                              0x00401998
                                                                                                                              0x00401999
                                                                                                                              0x004019b0
                                                                                                                              0x004019bd
                                                                                                                              0x004019c8
                                                                                                                              0x004019c8
                                                                                                                              0x004019e0
                                                                                                                              0x004019ef
                                                                                                                              0x004019f4
                                                                                                                              0x004019fb

                                                                                                                              APIs
                                                                                                                              • RegCreateKeyW.ADVAPI32(80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,?), ref: 004019A8
                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 004019C8
                                                                                                                              • CreateProcessW.KERNEL32 ref: 004019E0
                                                                                                                              • CloseHandle.KERNEL32(?), ref: 004019EF
                                                                                                                              • CloseHandle.KERNEL32(?), ref: 004019F4
                                                                                                                                • Part of subcall function 00402E36: RegSetValueExW.ADVAPI32(?,?,00000000,00000001,004019C2,00000000,?,004019C2,?,WinampAgent,?), ref: 00402E57
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Close$CreateHandle$ProcessValue
                                                                                                                              • String ID: D$SOFTWARE\Microsoft\Windows\CurrentVersion\Run$WinampAgent
                                                                                                                              • API String ID: 2853014528-1095323921
                                                                                                                              • Opcode ID: 219954fac4fefa3cf6b376dde8c1dc86faea93f458a62d7d8c11591fa7d6879f
                                                                                                                              • Instruction ID: 45f597583f45feb0a0c75daa3fd61ffe922fbd885dab4002e2ae2ec12b35ebea
                                                                                                                              • Opcode Fuzzy Hash: 219954fac4fefa3cf6b376dde8c1dc86faea93f458a62d7d8c11591fa7d6879f
                                                                                                                              • Instruction Fuzzy Hash: FC012972910518FADB11EBE1DD0AADFBF7DEB48350F104026FA04B2160D6749A18DBAA
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00402C62 Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 32registrywindowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00402C62(void* __ecx) {
				void* _v8;
				struct HWND__* _t5;

				_v8 = 0;
				_t5 = FindWindowW(L"WinampAgentMain", 0);
				if(_t5 != 0) {
					SendMessageW(_t5, 0x10, 0, 0);
				}
				if(RegOpenKeyW(0x80000002, L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run",  &_v8) == 0) {
					RegDeleteValueW(_v8, L"WinampAgent");
					RegCloseKey(_v8);
				}
				return 0;
			}





                                                                                                                              0x00402c6f
                                                                                                                              0x00402c72
                                                                                                                              0x00402c7a
                                                                                                                              0x00402c81
                                                                                                                              0x00402c81
                                                                                                                              0x00402c9e
                                                                                                                              0x00402ca8
                                                                                                                              0x00402cb1
                                                                                                                              0x00402cb1
                                                                                                                              0x00402cba

                                                                                                                              APIs
                                                                                                                              • FindWindowW.USER32(WinampAgentMain,00000000), ref: 00402C72
                                                                                                                              • SendMessageW.USER32(00000000,00000010,00000000,00000000), ref: 00402C81
                                                                                                                              • RegOpenKeyW.ADVAPI32(80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,?), ref: 00402C95
                                                                                                                              • RegDeleteValueW.ADVAPI32(?,WinampAgent), ref: 00402CA8
                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00402CB1
                                                                                                                              Strings
                                                                                                                              • WinampAgentMain, xrefs: 00402C6A
                                                                                                                              • SOFTWARE\Microsoft\Windows\CurrentVersion\Run, xrefs: 00402C8B
                                                                                                                              • WinampAgent, xrefs: 00402CA0
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseDeleteFindMessageOpenSendValueWindow
                                                                                                                              • String ID: SOFTWARE\Microsoft\Windows\CurrentVersion\Run$WinampAgent$WinampAgentMain
                                                                                                                              • API String ID: 232036094-4127970624
                                                                                                                              • Opcode ID: d644026efe5515fa672113ac2164d362e72e0d1b24d68c0fbf112fca85011a74
                                                                                                                              • Instruction ID: 761ee951bd65d64e179de0c5c05bad65c5e3f0c7a6b79fc177b94048d95644eb
                                                                                                                              • Opcode Fuzzy Hash: d644026efe5515fa672113ac2164d362e72e0d1b24d68c0fbf112fca85011a74
                                                                                                                              • Instruction Fuzzy Hash: 90F08271541618FBDB219BA1DE0EFDFBF6CEF44794F104021B901E1090D6748900D6AC
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040A4FC Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 320COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 81%
                                                                                                                              			E0040A4FC(void* __edx, signed int* _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, signed int _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40) {
				signed int _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				unsigned int _v24;
				signed int _v32;
				signed int _v40;
				char _v48;
				intOrPtr _v56;
				char _v60;
				void* __ebx;
				void* __edi;
				signed char _t85;
				void* _t91;
				signed int _t95;
				signed int _t97;
				signed int _t98;
				signed int _t99;
				signed int _t104;
				signed int _t105;
				void* _t106;
				signed int _t107;
				void* _t108;
				void* _t110;
				void* _t113;
				void* _t115;
				signed int _t117;
				signed int* _t118;
				void* _t121;
				signed int _t123;
				signed int _t129;
				signed int* _t130;
				signed int* _t133;
				signed int _t134;
				signed int _t137;
				signed int _t139;
				signed int _t141;
				signed int _t146;
				signed int _t147;
				signed int _t149;
				signed int _t150;
				void* _t154;
				unsigned int _t155;
				signed int _t162;
				void* _t163;
				signed int _t164;
				signed int* _t165;
				signed int _t168;
				signed int _t173;
				signed int _t174;
				signed int _t175;
				signed int _t177;
				signed int _t178;
				signed int _t179;
				void* _t181;

				_t163 = __edx;
				_t173 = _a24;
				if(_t173 < 0) {
					_t173 = 0;
				}
				_t2 =  &_a8; // 0x407143
				_t177 =  *_t2;
				 *_t177 = 0;
				E00406ADF( &_v60, _t163, _a36);
				_t5 = _t173 + 0xb; // 0xb
				_t185 = _a12 - _t5;
				if(_a12 > _t5) {
					_t133 = _a4;
					_t139 = _t133[1];
					_t164 =  *_t133;
					__eflags = (_t139 >> 0x00000014 & 0x000007ff) - 0x7ff;
					if((_t139 >> 0x00000014 & 0x000007ff) != 0x7ff) {
						__eflags = _t139;
						if(__eflags > 0) {
							L14:
							_t165 = _t177 + 1;
							_t85 = _a28 ^ 0x00000001;
							_v16 = 0x3ff;
							_v5 = _t85;
							_v40 = _t165;
							_v32 = ((_t85 & 0x000000ff) << 5) + 7;
							__eflags = _t139 & 0x7ff00000;
							_t91 = 0x30;
							if((_t139 & 0x7ff00000) != 0) {
								 *_t177 = 0x31;
								L19:
								_t141 = 0;
								__eflags = 0;
								L20:
								_t178 =  &(_t165[0]);
								_v12 = _t178;
								__eflags = _t173;
								if(_t173 != 0) {
									_t95 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v56 + 0x88))))));
								} else {
									_t95 = _t141;
								}
								 *_t165 = _t95;
								_t97 = _t133[1] & 0x000fffff;
								__eflags = _t97;
								_v24 = _t97;
								if(_t97 > 0) {
									L25:
									_t166 = _t141;
									_t142 = 0xf0000;
									_t98 = 0x30;
									_v12 = _t98;
									_v20 = _t141;
									_v24 = 0xf0000;
									do {
										__eflags = _t173;
										if(_t173 <= 0) {
											break;
										}
										_t121 = E00414270( *_t133 & _t166, _v12, _t133[1] & _t142 & 0x000fffff);
										_t154 = 0x30;
										_t123 = _t121 + _t154 & 0x0000ffff;
										__eflags = _t123 - 0x39;
										if(_t123 > 0x39) {
											_t123 = _t123 + _v32;
											__eflags = _t123;
										}
										_t155 = _v24;
										_t166 = (_t155 << 0x00000020 | _v20) >> 4;
										 *_t178 = _t123;
										_t178 = _t178 + 1;
										_t142 = _t155 >> 4;
										_t98 = _v12 - 4;
										_t173 = _t173 - 1;
										_v20 = (_t155 << 0x00000020 | _v20) >> 4;
										_v24 = _t155 >> 4;
										_v12 = _t98;
										__eflags = _t98;
									} while (_t98 >= 0);
									_v12 = _t178;
									__eflags = _t98;
									if(__eflags < 0) {
										goto L42;
									}
									_t117 = E0040AD17(__eflags, _t133, _t166, _t142, _t98, _a40);
									_t181 = _t181 + 0x14;
									__eflags = _t117;
									if(_t117 == 0) {
										goto L42;
									}
									_t118 = _t178 - 1;
									_t137 = 0x30;
									while(1) {
										_t149 =  *_t118;
										__eflags = _t149 - 0x66;
										if(_t149 == 0x66) {
											goto L35;
										}
										__eflags = _t149 - 0x46;
										if(_t149 != 0x46) {
											_t133 = _a4;
											__eflags = _t118 - _v40;
											if(_t118 == _v40) {
												_t54 = _t118 - 1;
												 *_t54 =  *(_t118 - 1) + 1;
												__eflags =  *_t54;
											} else {
												__eflags = _t149 - 0x39;
												if(_t149 != 0x39) {
													_t150 = _t149 + 1;
													__eflags = _t150;
												} else {
													_t150 = _v32 + 0x3a;
												}
												 *_t118 = _t150;
											}
											goto L42;
										}
										L35:
										 *_t118 = _t137;
										_t118 = _t118 - 1;
									}
								} else {
									__eflags =  *_t133 - _t141;
									if( *_t133 <= _t141) {
										L42:
										__eflags = _t173;
										if(_t173 > 0) {
											_push(_t173);
											_t115 = 0x30;
											_push(_t115);
											_push(_t178);
											E00404680(_t173);
											_t178 = _t178 + _t173;
											__eflags = _t178;
											_v12 = _t178;
										}
										_t99 = _v40;
										__eflags =  *_t99;
										if( *_t99 == 0) {
											_t178 = _t99;
											_v12 = _t178;
										}
										 *_t178 = (_v5 << 5) + 0x50;
										_t104 = E00414270( *_t133, 0x34, _t133[1]);
										_t179 = 0;
										_t105 = _v12;
										_t146 = (_t104 & 0x000007ff) - _v16;
										__eflags = _t146;
										asm("sbb esi, esi");
										_t168 = _t105 + 2;
										_v40 = _t168;
										if(__eflags < 0) {
											L50:
											_t146 =  ~_t146;
											asm("adc esi, 0x0");
											_t179 =  ~_t179;
											_t134 = 0x2d;
											goto L51;
										} else {
											if(__eflags > 0) {
												L49:
												_t134 = 0x2b;
												L51:
												 *(_t105 + 1) = _t134;
												_t174 = _t168;
												_t106 = 0x30;
												 *_t168 = _t106;
												_t107 = 0;
												__eflags = _t179;
												if(__eflags < 0) {
													L55:
													__eflags = _t174 - _t168;
													if(_t174 != _t168) {
														L59:
														_push(_t134);
														_push(_t107);
														_push(0x64);
														_push(_t179);
														_t108 = E00414170();
														_t179 = _t134;
														_t134 = _t146;
														_v32 = _t168;
														_t168 = _v40;
														 *_t174 = _t108 + 0x30;
														_t174 = _t174 + 1;
														_t107 = 0;
														__eflags = 0;
														L60:
														__eflags = _t174 - _t168;
														if(_t174 != _t168) {
															L64:
															_push(_t134);
															_push(_t107);
															_push(0xa);
															_push(_t179);
															_push(_t146);
															_t110 = E00414170();
															_v40 = _t168;
															 *_t174 = _t110 + 0x30;
															_t174 = _t174 + 1;
															_t107 = 0;
															__eflags = 0;
															L65:
															_t147 = _t146 + 0x30;
															__eflags = _t147;
															 *_t174 = _t147;
															 *(_t174 + 1) = _t107;
															_t175 = _t107;
															L66:
															if(_v48 != 0) {
																 *(_v60 + 0x350) =  *(_v60 + 0x350) & 0xfffffffd;
															}
															return _t175;
														}
														__eflags = _t179 - _t107;
														if(__eflags < 0) {
															goto L65;
														}
														if(__eflags > 0) {
															goto L64;
														}
														__eflags = _t146 - 0xa;
														if(_t146 < 0xa) {
															goto L65;
														}
														goto L64;
													}
													__eflags = _t179 - _t107;
													if(__eflags < 0) {
														goto L60;
													}
													if(__eflags > 0) {
														goto L59;
													}
													__eflags = _t146 - 0x64;
													if(_t146 < 0x64) {
														goto L60;
													}
													goto L59;
												}
												_t134 = 0x3e8;
												if(__eflags > 0) {
													L54:
													_push(_t134);
													_push(_t107);
													_push(_t134);
													_push(_t179);
													_t113 = E00414170();
													_t179 = _t134;
													_t134 = _t146;
													_v32 = _t168;
													_t168 = _v40;
													 *_t168 = _t113 + 0x30;
													_t174 = _t168 + 1;
													_t107 = 0;
													__eflags = 0;
													goto L55;
												}
												__eflags = _t146 - 0x3e8;
												if(_t146 < 0x3e8) {
													goto L55;
												}
												goto L54;
											}
											__eflags = _t146;
											if(_t146 < 0) {
												goto L50;
											}
											goto L49;
										}
									}
									goto L25;
								}
							}
							 *_t177 = _t91;
							_t141 =  *_t133 | _t133[1] & 0x000fffff;
							__eflags = _t141;
							if(_t141 != 0) {
								_v16 = 0x3fe;
								goto L19;
							}
							_v16 = _t141;
							goto L20;
						}
						if(__eflags < 0) {
							L13:
							 *_t177 = 0x2d;
							_t177 = _t177 + 1;
							__eflags = _t177;
							_t139 = _t133[1];
							goto L14;
						}
						__eflags = _t164;
						if(_t164 >= 0) {
							goto L14;
						}
						goto L13;
					}
					_t175 = E0040A80B(_t133, _t139, _t164, _t133, _t177, _a12, _a16, _a20, _t173, 0, _a32, 0, _a40);
					__eflags = _t175;
					if(_t175 == 0) {
						_t129 = E00414380(_t177, 0x65);
						__eflags = _t129;
						if(_t129 != 0) {
							_t162 = ((_a28 ^ 0x00000001) << 5) + 0x50;
							__eflags = _t162;
							 *_t129 = _t162;
							 *((char*)(_t129 + 3)) = 0;
						}
						_t175 = 0;
					} else {
						 *_t177 = 0;
					}
					goto L66;
				}
				_t130 = E00409BD1(_t185);
				_t175 = 0x22;
				 *_t130 = _t175;
				E00409B14();
				goto L66;
			}


























































                                                                                                                              0x0040a4fc
                                                                                                                              0x0040a507
                                                                                                                              0x0040a50c
                                                                                                                              0x0040a50e
                                                                                                                              0x0040a50e
                                                                                                                              0x0040a512
                                                                                                                              0x0040a512
                                                                                                                              0x0040a51b
                                                                                                                              0x0040a51d
                                                                                                                              0x0040a522
                                                                                                                              0x0040a525
                                                                                                                              0x0040a528
                                                                                                                              0x0040a53e
                                                                                                                              0x0040a541
                                                                                                                              0x0040a546
                                                                                                                              0x0040a550
                                                                                                                              0x0040a555
                                                                                                                              0x0040a5ac
                                                                                                                              0x0040a5ae
                                                                                                                              0x0040a5bd
                                                                                                                              0x0040a5c0
                                                                                                                              0x0040a5c3
                                                                                                                              0x0040a5c5
                                                                                                                              0x0040a5cc
                                                                                                                              0x0040a5de
                                                                                                                              0x0040a5e1
                                                                                                                              0x0040a5e6
                                                                                                                              0x0040a5ea
                                                                                                                              0x0040a5eb
                                                                                                                              0x0040a60b
                                                                                                                              0x0040a60e
                                                                                                                              0x0040a60e
                                                                                                                              0x0040a60e
                                                                                                                              0x0040a610
                                                                                                                              0x0040a610
                                                                                                                              0x0040a613
                                                                                                                              0x0040a616
                                                                                                                              0x0040a618
                                                                                                                              0x0040a629
                                                                                                                              0x0040a61a
                                                                                                                              0x0040a61a
                                                                                                                              0x0040a61a
                                                                                                                              0x0040a62b
                                                                                                                              0x0040a630
                                                                                                                              0x0040a630
                                                                                                                              0x0040a635
                                                                                                                              0x0040a638
                                                                                                                              0x0040a642
                                                                                                                              0x0040a644
                                                                                                                              0x0040a646
                                                                                                                              0x0040a64b
                                                                                                                              0x0040a64c
                                                                                                                              0x0040a64f
                                                                                                                              0x0040a652
                                                                                                                              0x0040a655
                                                                                                                              0x0040a655
                                                                                                                              0x0040a657
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040a66e
                                                                                                                              0x0040a675
                                                                                                                              0x0040a679
                                                                                                                              0x0040a67c
                                                                                                                              0x0040a67f
                                                                                                                              0x0040a681
                                                                                                                              0x0040a681
                                                                                                                              0x0040a681
                                                                                                                              0x0040a687
                                                                                                                              0x0040a68a
                                                                                                                              0x0040a68e
                                                                                                                              0x0040a690
                                                                                                                              0x0040a694
                                                                                                                              0x0040a697
                                                                                                                              0x0040a69a
                                                                                                                              0x0040a69b
                                                                                                                              0x0040a69e
                                                                                                                              0x0040a6a1
                                                                                                                              0x0040a6a4
                                                                                                                              0x0040a6a4
                                                                                                                              0x0040a6a9
                                                                                                                              0x0040a6ac
                                                                                                                              0x0040a6af
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040a6b8
                                                                                                                              0x0040a6bd
                                                                                                                              0x0040a6c0
                                                                                                                              0x0040a6c2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040a6c6
                                                                                                                              0x0040a6c9
                                                                                                                              0x0040a6ca
                                                                                                                              0x0040a6ca
                                                                                                                              0x0040a6cc
                                                                                                                              0x0040a6cf
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040a6d1
                                                                                                                              0x0040a6d4
                                                                                                                              0x0040a6db
                                                                                                                              0x0040a6de
                                                                                                                              0x0040a6e1
                                                                                                                              0x0040a6f6
                                                                                                                              0x0040a6f6
                                                                                                                              0x0040a6f6
                                                                                                                              0x0040a6e3
                                                                                                                              0x0040a6e3
                                                                                                                              0x0040a6e6
                                                                                                                              0x0040a6f0
                                                                                                                              0x0040a6f0
                                                                                                                              0x0040a6e8
                                                                                                                              0x0040a6eb
                                                                                                                              0x0040a6eb
                                                                                                                              0x0040a6f2
                                                                                                                              0x0040a6f2
                                                                                                                              0x00000000
                                                                                                                              0x0040a6e1
                                                                                                                              0x0040a6d6
                                                                                                                              0x0040a6d6
                                                                                                                              0x0040a6d8
                                                                                                                              0x0040a6d8
                                                                                                                              0x0040a63a
                                                                                                                              0x0040a63a
                                                                                                                              0x0040a63c
                                                                                                                              0x0040a6f9
                                                                                                                              0x0040a6f9
                                                                                                                              0x0040a6fb
                                                                                                                              0x0040a6fd
                                                                                                                              0x0040a700
                                                                                                                              0x0040a701
                                                                                                                              0x0040a702
                                                                                                                              0x0040a703
                                                                                                                              0x0040a70b
                                                                                                                              0x0040a70b
                                                                                                                              0x0040a70d
                                                                                                                              0x0040a70d
                                                                                                                              0x0040a710
                                                                                                                              0x0040a713
                                                                                                                              0x0040a716
                                                                                                                              0x0040a718
                                                                                                                              0x0040a71a
                                                                                                                              0x0040a71a
                                                                                                                              0x0040a727
                                                                                                                              0x0040a72e
                                                                                                                              0x0040a735
                                                                                                                              0x0040a737
                                                                                                                              0x0040a740
                                                                                                                              0x0040a740
                                                                                                                              0x0040a743
                                                                                                                              0x0040a745
                                                                                                                              0x0040a748
                                                                                                                              0x0040a74b
                                                                                                                              0x0040a757
                                                                                                                              0x0040a757
                                                                                                                              0x0040a75b
                                                                                                                              0x0040a75e
                                                                                                                              0x0040a760
                                                                                                                              0x00000000
                                                                                                                              0x0040a74d
                                                                                                                              0x0040a74d
                                                                                                                              0x0040a753
                                                                                                                              0x0040a753
                                                                                                                              0x0040a761
                                                                                                                              0x0040a761
                                                                                                                              0x0040a764
                                                                                                                              0x0040a768
                                                                                                                              0x0040a769
                                                                                                                              0x0040a76b
                                                                                                                              0x0040a76d
                                                                                                                              0x0040a76f
                                                                                                                              0x0040a799
                                                                                                                              0x0040a799
                                                                                                                              0x0040a79b
                                                                                                                              0x0040a7a8
                                                                                                                              0x0040a7a8
                                                                                                                              0x0040a7a9
                                                                                                                              0x0040a7aa
                                                                                                                              0x0040a7ac
                                                                                                                              0x0040a7ae
                                                                                                                              0x0040a7b3
                                                                                                                              0x0040a7b5
                                                                                                                              0x0040a7b9
                                                                                                                              0x0040a7bc
                                                                                                                              0x0040a7bf
                                                                                                                              0x0040a7c1
                                                                                                                              0x0040a7c2
                                                                                                                              0x0040a7c2
                                                                                                                              0x0040a7c4
                                                                                                                              0x0040a7c4
                                                                                                                              0x0040a7c6
                                                                                                                              0x0040a7d3
                                                                                                                              0x0040a7d3
                                                                                                                              0x0040a7d4
                                                                                                                              0x0040a7d5
                                                                                                                              0x0040a7d7
                                                                                                                              0x0040a7d8
                                                                                                                              0x0040a7d9
                                                                                                                              0x0040a7e2
                                                                                                                              0x0040a7e5
                                                                                                                              0x0040a7e7
                                                                                                                              0x0040a7e8
                                                                                                                              0x0040a7e8
                                                                                                                              0x0040a7ea
                                                                                                                              0x0040a7ea
                                                                                                                              0x0040a7ea
                                                                                                                              0x0040a7ed
                                                                                                                              0x0040a7ef
                                                                                                                              0x0040a7f2
                                                                                                                              0x0040a7f4
                                                                                                                              0x0040a7fa
                                                                                                                              0x0040a7ff
                                                                                                                              0x0040a7ff
                                                                                                                              0x0040a80a
                                                                                                                              0x0040a80a
                                                                                                                              0x0040a7c8
                                                                                                                              0x0040a7ca
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040a7cc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040a7ce
                                                                                                                              0x0040a7d1
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040a7d1
                                                                                                                              0x0040a79d
                                                                                                                              0x0040a79f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040a7a1
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040a7a3
                                                                                                                              0x0040a7a6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040a7a6
                                                                                                                              0x0040a771
                                                                                                                              0x0040a776
                                                                                                                              0x0040a77c
                                                                                                                              0x0040a77c
                                                                                                                              0x0040a77d
                                                                                                                              0x0040a77e
                                                                                                                              0x0040a77f
                                                                                                                              0x0040a781
                                                                                                                              0x0040a786
                                                                                                                              0x0040a788
                                                                                                                              0x0040a78a
                                                                                                                              0x0040a78f
                                                                                                                              0x0040a792
                                                                                                                              0x0040a794
                                                                                                                              0x0040a797
                                                                                                                              0x0040a797
                                                                                                                              0x00000000
                                                                                                                              0x0040a797
                                                                                                                              0x0040a778
                                                                                                                              0x0040a77a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040a77a
                                                                                                                              0x0040a74f
                                                                                                                              0x0040a751
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040a751
                                                                                                                              0x0040a74b
                                                                                                                              0x00000000
                                                                                                                              0x0040a63c
                                                                                                                              0x0040a638
                                                                                                                              0x0040a5ed
                                                                                                                              0x0040a5f9
                                                                                                                              0x0040a5f9
                                                                                                                              0x0040a5fb
                                                                                                                              0x0040a602
                                                                                                                              0x00000000
                                                                                                                              0x0040a602
                                                                                                                              0x0040a5fd
                                                                                                                              0x00000000
                                                                                                                              0x0040a5fd
                                                                                                                              0x0040a5b0
                                                                                                                              0x0040a5b6
                                                                                                                              0x0040a5b6
                                                                                                                              0x0040a5b9
                                                                                                                              0x0040a5b9
                                                                                                                              0x0040a5ba
                                                                                                                              0x00000000
                                                                                                                              0x0040a5ba
                                                                                                                              0x0040a5b2
                                                                                                                              0x0040a5b4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040a5b4
                                                                                                                              0x0040a572
                                                                                                                              0x0040a577
                                                                                                                              0x0040a579
                                                                                                                              0x0040a586
                                                                                                                              0x0040a58d
                                                                                                                              0x0040a58f
                                                                                                                              0x0040a59a
                                                                                                                              0x0040a59a
                                                                                                                              0x0040a59d
                                                                                                                              0x0040a59f
                                                                                                                              0x0040a59f
                                                                                                                              0x0040a5a3
                                                                                                                              0x0040a57b
                                                                                                                              0x0040a57b
                                                                                                                              0x0040a57b
                                                                                                                              0x00000000
                                                                                                                              0x0040a579
                                                                                                                              0x0040a52a
                                                                                                                              0x0040a531
                                                                                                                              0x0040a532
                                                                                                                              0x0040a534
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: _strrchr
                                                                                                                              • String ID: Cq@$Cq@$Cq@
                                                                                                                              • API String ID: 3213747228-1846715409
                                                                                                                              • Opcode ID: 4bf16ebe2154e433bccfba287f23cb418d46b557c3042bde16d7a34454c0b7c3
                                                                                                                              • Instruction ID: 75ab18f855e723701ad34c54aad0e4ece4fe6c7e0aa6fde218b5f10ed7c59feb
                                                                                                                              • Opcode Fuzzy Hash: 4bf16ebe2154e433bccfba287f23cb418d46b557c3042bde16d7a34454c0b7c3
                                                                                                                              • Instruction Fuzzy Hash: C5B123729003459FDB118F28C881BAEBBB5EF55344F18857BE841AB381D23D8D518B6A
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004036B2 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 120registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 95%
                                                                                                                              			E004036B2(intOrPtr* _a8, intOrPtr* _a12) {
				void* _v8;
				char _v74;
				char _v76;
				void* __edi;
				short _t43;
				signed short _t44;
				signed int _t50;
				signed short _t51;
				void* _t60;
				signed int _t61;
				signed int _t63;
				signed int _t64;
				signed int _t65;
				signed short _t67;
				signed int _t73;
				signed short* _t77;
				void* _t79;

				_v8 = 0;
				if(RegCreateKeyExW(0x80000002, L"SOFTWARE\\Nullsoft\\Winamp", 0, 0, 0, 0x2001f, 0,  &_v8, 0) != 0) {
					return 0x80004005;
				}
				_t34 = _a8;
				if( *_a8 == 0) {
					RegDeleteValueW(_v8, L"regname");
				} else {
					E00402E36(_v8, L"regname", _t34);
					_t79 = _t79 + 0xc;
				}
				_t70 = _a12;
				if( *_a12 == 0) {
					RegDeleteValueW(_v8, L"regkey");
					goto L17;
				} else {
					E00404680(_t70,  &_v76, 0, 0x42);
					E004031F3( &_v74, 0x20, _t70);
					_t43 = 0x7e;
					_v76 = _t43;
					_t44 = _v74;
					_t73 = 1;
					if(_t44 == 0) {
						L15:
						E00402E36(_v8, L"regkey",  &_v76);
						L17:
						RegCloseKey(_v8);
						return 0;
					}
					_t77 =  &_v74;
					_t61 = _t44 & 0x0000ffff;
					_t60 = 0x1b;
					do {
						_t63 = E00407AB7(_t61) & 0x0000ffff;
						if(_t63 - 0x41 > 0x19) {
							if(_t63 - 0x30 > 9) {
								if(_t63 == 0x2d) {
									_t51 = 0x2f;
									 *_t77 = _t51;
								}
								goto L14;
							}
							asm("cdq");
							_t64 = 0xa;
							_t67 = (_t63 - 0x30 + _t60) % _t64 + 0x61;
							L11:
							 *_t77 = _t67;
							goto L14;
						}
						asm("cdq");
						_t65 = 0x1a;
						_t67 = (_t63 - 0x41 + _t73) % _t65 + 0x41;
						goto L11;
						L14:
						_t73 = _t73 + 1;
						_t60 = _t60 + 0x1b;
						_t77 =  &_v76 + _t73 * 2;
						_t50 =  *_t77 & 0x0000ffff;
						_t61 = _t50;
					} while (_t50 != 0);
					goto L15;
				}
			}




















                                                                                                                              0x004036d3
                                                                                                                              0x004036de
                                                                                                                              0x00000000
                                                                                                                              0x004037e1
                                                                                                                              0x004036e4
                                                                                                                              0x004036f2
                                                                                                                              0x0040370f
                                                                                                                              0x004036f4
                                                                                                                              0x004036fd
                                                                                                                              0x00403702
                                                                                                                              0x00403702
                                                                                                                              0x00403711
                                                                                                                              0x00403717
                                                                                                                              0x004037d0
                                                                                                                              0x00000000
                                                                                                                              0x0040371d
                                                                                                                              0x00403724
                                                                                                                              0x00403733
                                                                                                                              0x0040373a
                                                                                                                              0x0040373d
                                                                                                                              0x00403741
                                                                                                                              0x00403745
                                                                                                                              0x00403749
                                                                                                                              0x004037b2
                                                                                                                              0x004037be
                                                                                                                              0x004037d2
                                                                                                                              0x004037d5
                                                                                                                              0x00000000
                                                                                                                              0x004037de
                                                                                                                              0x0040374d
                                                                                                                              0x00403750
                                                                                                                              0x00403753
                                                                                                                              0x00403754
                                                                                                                              0x0040375b
                                                                                                                              0x00403765
                                                                                                                              0x0040377e
                                                                                                                              0x00403796
                                                                                                                              0x0040379a
                                                                                                                              0x0040379b
                                                                                                                              0x0040379b
                                                                                                                              0x00000000
                                                                                                                              0x00403796
                                                                                                                              0x00403787
                                                                                                                              0x00403788
                                                                                                                              0x0040378b
                                                                                                                              0x0040378e
                                                                                                                              0x0040378e
                                                                                                                              0x00000000
                                                                                                                              0x0040378e
                                                                                                                              0x0040376e
                                                                                                                              0x0040376f
                                                                                                                              0x00403772
                                                                                                                              0x00000000
                                                                                                                              0x0040379e
                                                                                                                              0x0040379e
                                                                                                                              0x004037a2
                                                                                                                              0x004037a5
                                                                                                                              0x004037a8
                                                                                                                              0x004037ab
                                                                                                                              0x004037ad
                                                                                                                              0x00000000
                                                                                                                              0x00403754

                                                                                                                              APIs
                                                                                                                              • RegCreateKeyExW.ADVAPI32(80000002,SOFTWARE\Nullsoft\Winamp,00000000,00000000,00000000,0002001F,00000000,?,00000000), ref: 004036D6
                                                                                                                              • RegDeleteValueW.ADVAPI32(?,regname), ref: 0040370F
                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 004037D5
                                                                                                                                • Part of subcall function 00402E36: RegSetValueExW.ADVAPI32(?,?,00000000,00000001,004019C2,00000000,?,004019C2,?,WinampAgent,?), ref: 00402E57
                                                                                                                              • RegDeleteValueW.ADVAPI32(?,regkey), ref: 004037D0
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Value$Delete$CloseCreate
                                                                                                                              • String ID: SOFTWARE\Nullsoft\Winamp$regkey$regname
                                                                                                                              • API String ID: 4168493305-3332644322
                                                                                                                              • Opcode ID: aff0cfa32a58a02aedbaf9e245c089dc9eabeb7b75e85ef8485c2774c0e3139e
                                                                                                                              • Instruction ID: 57c630a49f5897274afa2a823baecd10ac76cb11e17677f4ba5a75472f72b96c
                                                                                                                              • Opcode Fuzzy Hash: aff0cfa32a58a02aedbaf9e245c089dc9eabeb7b75e85ef8485c2774c0e3139e
                                                                                                                              • Instruction Fuzzy Hash: 4131C2F6940208BADB10EF95CC86AEEBB7DEB44749F60403BF500B71C1D7789E429659
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00402069 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 105registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 67%
                                                                                                                              			E00402069(void* __eflags, int _a8) {
				void* _v8;
				int _v12;
				char _v532;
				char _v1052;
				char _v1572;
				void* __edi;
				void* __esi;
				long _t36;

				E00404680(0,  &_v1052, 0, 0x208);
				_v8 = 0;
				E0040145F( &_v1052, 0x104, L"\"%s\" %%1", _a8);
				if(RegOpenKeyW(0x80000000, L"AudioCD\\shell\\play\\command",  &_v8) == 0) {
					E00404680(0,  &_v532, 0, 0x208);
					_a8 = 0x104;
					_t36 = RegQueryValueExW(_v8, 0, 0, 0,  &_v532,  &_a8);
					_push( &_v1052);
					if(_t36 != 0) {
						L7:
						_push(_v8);
						E00402E5F();
					} else {
						_push( &_v532);
						if(E00407E98(0, RegQueryValueExW) != 0) {
							E00404680(0,  &_v1572, 0, 0x208);
							_v12 = 0x104;
							_t61 = L"Winamp_Back";
							if(RegQueryValueExW(_v8, L"Winamp_Back", 0, 0,  &_v1572,  &_v12) != 0 || E00407E98(L"Winamp_Back", RegQueryValueExW,  &_v1572,  &_v532) != 0) {
								E00402E36(_v8, _t61,  &_v532);
							}
							_push( &_v1052);
							goto L7;
						}
					}
					RegCloseKey(_v8);
				}
				return 0;
			}











                                                                                                                              0x00402085
                                                                                                                              0x00402092
                                                                                                                              0x004020a2
                                                                                                                              0x004020c0
                                                                                                                              0x004020cf
                                                                                                                              0x004020d7
                                                                                                                              0x004020f1
                                                                                                                              0x004020fb
                                                                                                                              0x004020fc
                                                                                                                              0x00402177
                                                                                                                              0x00402177
                                                                                                                              0x0040217a
                                                                                                                              0x004020fe
                                                                                                                              0x00402104
                                                                                                                              0x0040210e
                                                                                                                              0x00402119
                                                                                                                              0x00402121
                                                                                                                              0x00402135
                                                                                                                              0x00402142
                                                                                                                              0x00402168
                                                                                                                              0x0040216d
                                                                                                                              0x00402176
                                                                                                                              0x00000000
                                                                                                                              0x00402176
                                                                                                                              0x0040210e
                                                                                                                              0x00402184
                                                                                                                              0x00402184
                                                                                                                              0x00402190

                                                                                                                              APIs
                                                                                                                              • RegOpenKeyW.ADVAPI32(80000000,AudioCD\shell\play\command,?), ref: 004020B8
                                                                                                                              • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?), ref: 004020F1
                                                                                                                              • RegQueryValueExW.ADVAPI32(?,Winamp_Back,00000000,00000000,?,00000104), ref: 0040213E
                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00402184
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: QueryValue$CloseOpen
                                                                                                                              • String ID: "%s" %%1$AudioCD\shell\play\command$Winamp_Back
                                                                                                                              • API String ID: 1586453840-1340532153
                                                                                                                              • Opcode ID: 0a07c8d91381ab598ce2b2378c733d1078a0fc9cd86b7ea22b0e0a894effffc4
                                                                                                                              • Instruction ID: c02dbd4995962d0d8fcd466c56a8416befec5ed31c1479d57691db941cfd49fc
                                                                                                                              • Opcode Fuzzy Hash: 0a07c8d91381ab598ce2b2378c733d1078a0fc9cd86b7ea22b0e0a894effffc4
                                                                                                                              • Instruction Fuzzy Hash: CF3176B280011CBADB10DA91DD49EDF7B7CEB85314F0004BBFA04E2091E6759B95CBA8
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00402EC8 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 89registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 94%
                                                                                                                              			E00402EC8(intOrPtr _a8, short* _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				void* _v8;
				char _v592;
				void* __edi;
				void* _t30;
				void* _t58;
				void* _t61;
				void* _t62;
				void* _t63;

				_v8 = _v8 & 0x00000000;
				E00404680(_t58,  &_v592, 0, 0x248);
				_t62 = _t61 + 0xc;
				if(RegCreateKeyW(0x80000000, _a12,  &_v8) == 0) {
					E004031F3( &_v592, 0x124, _a16);
					E00402E5F(_v8,  &_v592);
					RegCloseKey(_v8);
				}
				_t30 = E00401EEC(0x80000000, 0x80000000, _a12, L"\\DefaultIcon",  &_v8);
				_t63 = _t62 + 0x10;
				if(_t30 == 0) {
					_push(_a20);
					_t37 =  !=  ? _a28 : _a8;
					_t39 =  ==  ? L"%s,%d" : L"%s";
					E0040145F( &_v592, 0x124,  ==  ? L"%s,%d" : L"%s",  !=  ? _a28 : _a8);
					E00402E5F(_v8,  &_v592);
					_t63 = _t63 + 0x1c;
					RegCloseKey(_v8);
				}
				if(E00401EEC(0x80000000, 0x80000000, _a12, L"\\shell",  &_v8) == 0) {
					E00402E5F(_v8, _a24);
					RegCloseKey(_v8);
				}
				return 0;
			}











                                                                                                                              0x00402ed1
                                                                                                                              0x00402ee6
                                                                                                                              0x00402eeb
                                                                                                                              0x00402f0e
                                                                                                                              0x00402f1b
                                                                                                                              0x00402f2a
                                                                                                                              0x00402f34
                                                                                                                              0x00402f34
                                                                                                                              0x00402f43
                                                                                                                              0x00402f48
                                                                                                                              0x00402f4d
                                                                                                                              0x00402f52
                                                                                                                              0x00402f5e
                                                                                                                              0x00402f6c
                                                                                                                              0x00402f78
                                                                                                                              0x00402f87
                                                                                                                              0x00402f8c
                                                                                                                              0x00402f92
                                                                                                                              0x00402f92
                                                                                                                              0x00402fab
                                                                                                                              0x00402fb3
                                                                                                                              0x00402fbd
                                                                                                                              0x00402fbd
                                                                                                                              0x00402fc5

                                                                                                                              APIs
                                                                                                                              • RegCreateKeyW.ADVAPI32(80000000,?,00000000), ref: 00402EFB
                                                                                                                              • RegCloseKey.ADVAPI32(00000000,?,00000124,?), ref: 00402F34
                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00402F92
                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00402FBD
                                                                                                                                • Part of subcall function 00402E5F: RegSetValueExW.ADVAPI32(00401AA6,00000000,00000000,00000001,?,00000000,?,00401AA6,00000000,?), ref: 00402E7F
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Close$CreateValue
                                                                                                                              • String ID: %s,%d$\DefaultIcon$\shell
                                                                                                                              • API String ID: 1009429713-3392030043
                                                                                                                              • Opcode ID: 29908f3e16233853ebc961058e008caab27f11bd97626181bb770459fd8fe959
                                                                                                                              • Instruction ID: 058b0486c70f4d86c7dbe05f34d04952e285be7287f64fbf24d4608223188054
                                                                                                                              • Opcode Fuzzy Hash: 29908f3e16233853ebc961058e008caab27f11bd97626181bb770459fd8fe959
                                                                                                                              • Instruction Fuzzy Hash: 77214A72900219BBEF01EE94DD46EEE77BDEB54344F20006AF904E21A1E7799E14AA64
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00402FC8 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 76registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 92%
                                                                                                                              			E00402FC8(void* __ecx, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr* _a24) {
				void* _v8;
				void* __edi;
				void* _t22;
				void* _t43;
				void* _t44;
				intOrPtr* _t48;

				_t36 = L"\\shell\\";
				_push(_t43);
				_v8 = 0;
				_t22 = E00401F3C(_t43, 0x80000000, _a12, L"\\shell\\", _a20,  &_v8);
				_t44 = RegCloseKey;
				if(_t22 == 0) {
					E00402E5F(_v8, _a16);
					RegCloseKey(_v8);
				}
				if(E00401F8F(_t44, 0x80000000, _a12, _t36, _a20, L"\\command",  &_v8) == 0) {
					E00402E5F(_v8, _a8);
					RegCloseKey(_v8);
				}
				_t48 = _a24;
				if(_t48 != 0 &&  *_t48 != 0 && E00401F8F(_t44, 0x80000000, _a12, _t36, _a20, L"\\DropTarget",  &_v8) == 0) {
					E00402E36(_v8, L"Clsid", _t48);
					RegCloseKey(_v8);
				}
				return 0;
			}









                                                                                                                              0x00402fd0
                                                                                                                              0x00402fd5
                                                                                                                              0x00402fd6
                                                                                                                              0x00402fea
                                                                                                                              0x00402fef
                                                                                                                              0x00402ffa
                                                                                                                              0x00403002
                                                                                                                              0x0040300c
                                                                                                                              0x0040300c
                                                                                                                              0x00403029
                                                                                                                              0x00403031
                                                                                                                              0x0040303b
                                                                                                                              0x0040303b
                                                                                                                              0x0040303d
                                                                                                                              0x00403042
                                                                                                                              0x00403075
                                                                                                                              0x00403080
                                                                                                                              0x00403080
                                                                                                                              0x00403088

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 00401F3C: RegCreateKeyW.ADVAPI32(?,?,?), ref: 00401F87
                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 0040300C
                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 0040303B
                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00403080
                                                                                                                                • Part of subcall function 00402E5F: RegSetValueExW.ADVAPI32(00401AA6,00000000,00000000,00000001,?,00000000,?,00401AA6,00000000,?), ref: 00402E7F
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Close$CreateValue
                                                                                                                              • String ID: Clsid$\DropTarget$\command$\shell\
                                                                                                                              • API String ID: 1009429713-1475924075
                                                                                                                              • Opcode ID: 7f510a9b4d3c8a616bfb68fe27edfc9778859b08e43b192bda8c1f141005c316
                                                                                                                              • Instruction ID: fcd39029819243ef4617065baeb7ce1d3d486f8f054d015f88e19fbca9b0f4c3
                                                                                                                              • Opcode Fuzzy Hash: 7f510a9b4d3c8a616bfb68fe27edfc9778859b08e43b192bda8c1f141005c316
                                                                                                                              • Instruction Fuzzy Hash: 77212972901209FEDF01AFA5CD02AEF7A6DEF54344F10046AF900B11A1E7759F20AB98
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405730 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 68%
                                                                                                                              			E00405730(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _t52;
				signed int _t59;
				intOrPtr _t60;
				void* _t61;
				intOrPtr* _t62;
				intOrPtr _t64;
				intOrPtr _t67;
				intOrPtr _t72;
				intOrPtr* _t76;
				intOrPtr _t77;
				signed int _t81;
				char _t83;
				intOrPtr _t86;
				intOrPtr _t93;
				intOrPtr _t96;
				intOrPtr* _t98;
				void* _t102;
				void* _t104;
				void* _t111;

				_t89 = __edx;
				_t76 = _a4;
				_push(__edi);
				_v5 = 0;
				_v16 = 1;
				 *_t76 = E004144B7(__ecx,  *_t76);
				_t77 = _a8;
				_t6 = _t77 + 0x10; // 0x11
				_t96 = _t6;
				_push(_t96);
				_v20 = _t96;
				_v12 =  *(_t77 + 8) ^  *0x41e018;
				E004056F0(_t77, __edx, __edi, _t96,  *(_t77 + 8) ^  *0x41e018);
				E00405C77(_a12);
				_t52 = _a4;
				_t104 = _t102 - 0x1c + 0x10;
				_t93 =  *((intOrPtr*)(_t77 + 0xc));
				if(( *(_t52 + 4) & 0x00000066) != 0) {
					__eflags = _t93 - 0xfffffffe;
					if(_t93 != 0xfffffffe) {
						_t89 = 0xfffffffe;
						E00405C60(_t77, 0xfffffffe, _t96, 0x41e018);
						goto L13;
					}
					goto L14;
				} else {
					_v32 = _t52;
					_v28 = _a12;
					 *((intOrPtr*)(_t77 - 4)) =  &_v32;
					if(_t93 == 0xfffffffe) {
						L14:
						return _v16;
					} else {
						do {
							_t81 = _v12;
							_t59 = _t93 + (_t93 + 2) * 2;
							_t77 =  *((intOrPtr*)(_t81 + _t59 * 4));
							_t60 = _t81 + _t59 * 4;
							_t82 =  *((intOrPtr*)(_t60 + 4));
							_v24 = _t60;
							if( *((intOrPtr*)(_t60 + 4)) == 0) {
								_t83 = _v5;
								goto L7;
							} else {
								_t89 = _t96;
								_t61 = E00405C00(_t82, _t96);
								_t83 = 1;
								_v5 = 1;
								_t111 = _t61;
								if(_t111 < 0) {
									_v16 = 0;
									L13:
									_push(_t96);
									E004056F0(_t77, _t89, _t93, _t96, _v12);
									goto L14;
								} else {
									if(_t111 > 0) {
										_t62 = _a4;
										__eflags =  *_t62 - 0xe06d7363;
										if( *_t62 == 0xe06d7363) {
											__eflags =  *0x416294;
											if(__eflags != 0) {
												_t72 = E00413F90(__eflags, 0x416294);
												_t104 = _t104 + 4;
												__eflags = _t72;
												if(_t72 != 0) {
													_t98 =  *0x416294; // 0x4058c4
													 *0x4151ac(_a4, 1);
													 *_t98();
													_t96 = _v20;
													_t104 = _t104 + 8;
												}
												_t62 = _a4;
											}
										}
										_t90 = _t62;
										E00405C40(_t62, _a8, _t62);
										_t64 = _a8;
										__eflags =  *((intOrPtr*)(_t64 + 0xc)) - _t93;
										if( *((intOrPtr*)(_t64 + 0xc)) != _t93) {
											_t90 = _t93;
											E00405C60(_t64, _t93, _t96, 0x41e018);
											_t64 = _a8;
										}
										_push(_t96);
										 *((intOrPtr*)(_t64 + 0xc)) = _t77;
										E004056F0(_t77, _t90, _t93, _t96, _v12);
										_t86 =  *((intOrPtr*)(_v24 + 8));
										E00405C20();
										asm("int3");
										__eflags = E00405DB1();
										if(__eflags != 0) {
											_t67 = E00405D63(_t86, __eflags);
											__eflags = _t67;
											if(_t67 != 0) {
												return 1;
											} else {
												E00405DED();
												goto L24;
											}
										} else {
											L24:
											__eflags = 0;
											return 0;
										}
									} else {
										goto L7;
									}
								}
							}
							goto L28;
							L7:
							_t93 = _t77;
						} while (_t77 != 0xfffffffe);
						if(_t83 != 0) {
							goto L13;
						}
						goto L14;
					}
				}
				L28:
			}





























                                                                                                                              0x00405730
                                                                                                                              0x00405737
                                                                                                                              0x0040573b
                                                                                                                              0x0040573c
                                                                                                                              0x00405742
                                                                                                                              0x0040574e
                                                                                                                              0x00405750
                                                                                                                              0x00405756
                                                                                                                              0x00405756
                                                                                                                              0x0040575f
                                                                                                                              0x00405761
                                                                                                                              0x00405764
                                                                                                                              0x00405767
                                                                                                                              0x0040576f
                                                                                                                              0x00405774
                                                                                                                              0x00405777
                                                                                                                              0x0040577a
                                                                                                                              0x00405781
                                                                                                                              0x004057dd
                                                                                                                              0x004057e0
                                                                                                                              0x004057e8
                                                                                                                              0x004057ef
                                                                                                                              0x00000000
                                                                                                                              0x004057ef
                                                                                                                              0x00000000
                                                                                                                              0x00405783
                                                                                                                              0x00405783
                                                                                                                              0x00405789
                                                                                                                              0x0040578f
                                                                                                                              0x00405795
                                                                                                                              0x00405800
                                                                                                                              0x00405809
                                                                                                                              0x00405797
                                                                                                                              0x00405797
                                                                                                                              0x00405797
                                                                                                                              0x0040579d
                                                                                                                              0x004057a0
                                                                                                                              0x004057a3
                                                                                                                              0x004057a6
                                                                                                                              0x004057a9
                                                                                                                              0x004057ae
                                                                                                                              0x004057c4
                                                                                                                              0x00000000
                                                                                                                              0x004057b0
                                                                                                                              0x004057b0
                                                                                                                              0x004057b2
                                                                                                                              0x004057b7
                                                                                                                              0x004057b9
                                                                                                                              0x004057bc
                                                                                                                              0x004057be
                                                                                                                              0x004057d4
                                                                                                                              0x004057f4
                                                                                                                              0x004057f4
                                                                                                                              0x004057f8
                                                                                                                              0x00000000
                                                                                                                              0x004057c0
                                                                                                                              0x004057c0
                                                                                                                              0x0040580a
                                                                                                                              0x0040580d
                                                                                                                              0x00405813
                                                                                                                              0x00405815
                                                                                                                              0x0040581c
                                                                                                                              0x00405823
                                                                                                                              0x00405828
                                                                                                                              0x0040582b
                                                                                                                              0x0040582d
                                                                                                                              0x0040582f
                                                                                                                              0x0040583c
                                                                                                                              0x00405842
                                                                                                                              0x00405844
                                                                                                                              0x00405847
                                                                                                                              0x00405847
                                                                                                                              0x0040584a
                                                                                                                              0x0040584a
                                                                                                                              0x0040581c
                                                                                                                              0x00405850
                                                                                                                              0x00405852
                                                                                                                              0x00405857
                                                                                                                              0x0040585a
                                                                                                                              0x0040585d
                                                                                                                              0x00405865
                                                                                                                              0x00405869
                                                                                                                              0x0040586e
                                                                                                                              0x0040586e
                                                                                                                              0x00405871
                                                                                                                              0x00405875
                                                                                                                              0x00405878
                                                                                                                              0x00405885
                                                                                                                              0x00405888
                                                                                                                              0x0040588d
                                                                                                                              0x00405893
                                                                                                                              0x00405895
                                                                                                                              0x0040589a
                                                                                                                              0x0040589f
                                                                                                                              0x004058a1
                                                                                                                              0x004058ac
                                                                                                                              0x004058a3
                                                                                                                              0x004058a3
                                                                                                                              0x00000000
                                                                                                                              0x004058a3
                                                                                                                              0x00405897
                                                                                                                              0x00405897
                                                                                                                              0x00405897
                                                                                                                              0x00405899
                                                                                                                              0x00405899
                                                                                                                              0x004057c2
                                                                                                                              0x00000000
                                                                                                                              0x004057c2
                                                                                                                              0x004057c0
                                                                                                                              0x004057be
                                                                                                                              0x00000000
                                                                                                                              0x004057c7
                                                                                                                              0x004057c7
                                                                                                                              0x004057c9
                                                                                                                              0x004057d0
                                                                                                                              0x00000000
                                                                                                                              0x004057d2
                                                                                                                              0x00000000
                                                                                                                              0x004057d0
                                                                                                                              0x00405795
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00405767
                                                                                                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 0040576F
                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 004057F8
                                                                                                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 00405823
                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00405878
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                              • String ID: csm
                                                                                                                              • API String ID: 1170836740-1018135373
                                                                                                                              • Opcode ID: 2ce02afde0e82c02aa7c32e985ab9768cb7cec22230a21a80114ecd400b20e1e
                                                                                                                              • Instruction ID: 040ff9309c6d6f416c5ad40f391b29f1dc74d2505fd2dc1e5b1726fd4ac06567
                                                                                                                              • Opcode Fuzzy Hash: 2ce02afde0e82c02aa7c32e985ab9768cb7cec22230a21a80114ecd400b20e1e
                                                                                                                              • Instruction Fuzzy Hash: 50418134A00619DBCF10DF69C884A9FBBB5EF45318F54806AE8147B392D739DA15CF94
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040D30B Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E0040D30B(void* __ecx, signed int* _a4, intOrPtr _a8) {
				signed int* _v8;
				void** _t12;
				void* _t16;
				void* _t18;
				signed int _t22;
				WCHAR* _t23;
				void** _t26;
				signed int* _t29;
				void* _t32;
				void* _t34;

				_t29 = _a4;
				while(_t29 != _a8) {
					_t22 =  *_t29;
					_t12 = 0x41f258 + _t22 * 4;
					_t32 =  *_t12;
					_v8 = _t12;
					if(_t32 == 0) {
						_t23 =  *(0x4181b0 + _t22 * 4);
						_t32 = LoadLibraryExW(_t23, 0, 0x800);
						if(_t32 != 0) {
							L12:
							_t26 = _v8;
							 *_t26 = _t32;
							if( *_t26 != 0) {
								FreeLibrary(_t32);
							}
							L14:
							if(_t32 != 0) {
								_t16 = _t32;
								L18:
								return _t16;
							}
							L15:
							_t29 =  &(_t29[1]);
							continue;
						}
						_t18 = GetLastError();
						if(_t18 != 0x57) {
							L9:
							_t32 = 0;
							L10:
							if(_t32 != 0) {
								goto L12;
							}
							 *_v8 = _t18 | 0xffffffff;
							goto L15;
						}
						_t18 = E00407DE2(_t23, L"api-ms-", 7);
						_t34 = _t34 + 0xc;
						if(_t18 == 0) {
							goto L9;
						}
						_t18 = E00407DE2(_t23, L"ext-ms-", 7);
						_t34 = _t34 + 0xc;
						if(_t18 == 0) {
							goto L9;
						}
						_t18 = LoadLibraryExW(_t23, _t32, _t32);
						_t32 = _t18;
						goto L10;
					}
					if(_t32 == 0xffffffff) {
						goto L15;
					}
					goto L14;
				}
				_t16 = 0;
				goto L18;
			}













                                                                                                                              0x0040d314
                                                                                                                              0x0040d3be
                                                                                                                              0x0040d31c
                                                                                                                              0x0040d31e
                                                                                                                              0x0040d325
                                                                                                                              0x0040d327
                                                                                                                              0x0040d32d
                                                                                                                              0x0040d33a
                                                                                                                              0x0040d34f
                                                                                                                              0x0040d353
                                                                                                                              0x0040d3a5
                                                                                                                              0x0040d3a5
                                                                                                                              0x0040d3aa
                                                                                                                              0x0040d3ae
                                                                                                                              0x0040d3b1
                                                                                                                              0x0040d3b1
                                                                                                                              0x0040d3b7
                                                                                                                              0x0040d3b9
                                                                                                                              0x0040d3ce
                                                                                                                              0x0040d3c9
                                                                                                                              0x0040d3cd
                                                                                                                              0x0040d3cd
                                                                                                                              0x0040d3bb
                                                                                                                              0x0040d3bb
                                                                                                                              0x00000000
                                                                                                                              0x0040d3bb
                                                                                                                              0x0040d355
                                                                                                                              0x0040d35e
                                                                                                                              0x0040d395
                                                                                                                              0x0040d395
                                                                                                                              0x0040d397
                                                                                                                              0x0040d399
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040d3a1
                                                                                                                              0x00000000
                                                                                                                              0x0040d3a1
                                                                                                                              0x0040d368
                                                                                                                              0x0040d36d
                                                                                                                              0x0040d372
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040d37c
                                                                                                                              0x0040d381
                                                                                                                              0x0040d386
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040d38b
                                                                                                                              0x0040d391
                                                                                                                              0x00000000
                                                                                                                              0x0040d391
                                                                                                                              0x0040d332
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040d338
                                                                                                                              0x0040d3c7
                                                                                                                              0x00000000

                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: api-ms-$ext-ms-
                                                                                                                              • API String ID: 0-537541572
                                                                                                                              • Opcode ID: 48e5e121557331b50861663c76557fd5c7fd5a7eb914fe440a474e870cc67b6a
                                                                                                                              • Instruction ID: d0742128dbaba6802b542a30a5542f6d68999c5e427511a751a9078682fe8366
                                                                                                                              • Opcode Fuzzy Hash: 48e5e121557331b50861663c76557fd5c7fd5a7eb914fe440a474e870cc67b6a
                                                                                                                              • Instruction Fuzzy Hash: 5121D871E05721E7C7225BA48C44B9B7758AF51760F250136FD06B73D0E638ED0586EE
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040CD1C Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E0040CD1C(intOrPtr _a4) {
				void* _t18;

				_t45 = _a4;
				if(_a4 != 0) {
					E0040CCE4(_t45, 7);
					E0040CCE4(_t45 + 0x1c, 7);
					E0040CCE4(_t45 + 0x38, 0xc);
					E0040CCE4(_t45 + 0x68, 0xc);
					E0040CCE4(_t45 + 0x98, 2);
					E00409BE4( *((intOrPtr*)(_t45 + 0xa0)));
					E00409BE4( *((intOrPtr*)(_t45 + 0xa4)));
					E00409BE4( *((intOrPtr*)(_t45 + 0xa8)));
					E0040CCE4(_t45 + 0xb4, 7);
					E0040CCE4(_t45 + 0xd0, 7);
					E0040CCE4(_t45 + 0xec, 0xc);
					E0040CCE4(_t45 + 0x11c, 0xc);
					E0040CCE4(_t45 + 0x14c, 2);
					E00409BE4( *((intOrPtr*)(_t45 + 0x154)));
					E00409BE4( *((intOrPtr*)(_t45 + 0x158)));
					E00409BE4( *((intOrPtr*)(_t45 + 0x15c)));
					return E00409BE4( *((intOrPtr*)(_t45 + 0x160)));
				}
				return _t18;
			}




                                                                                                                              0x0040cd22
                                                                                                                              0x0040cd27
                                                                                                                              0x0040cd30
                                                                                                                              0x0040cd3b
                                                                                                                              0x0040cd46
                                                                                                                              0x0040cd51
                                                                                                                              0x0040cd5f
                                                                                                                              0x0040cd6a
                                                                                                                              0x0040cd75
                                                                                                                              0x0040cd80
                                                                                                                              0x0040cd8e
                                                                                                                              0x0040cd9c
                                                                                                                              0x0040cdad
                                                                                                                              0x0040cdbb
                                                                                                                              0x0040cdc9
                                                                                                                              0x0040cdd4
                                                                                                                              0x0040cddf
                                                                                                                              0x0040cdea
                                                                                                                              0x00000000
                                                                                                                              0x0040cdfa
                                                                                                                              0x0040cdff

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 0040CCE4: _free.LIBCMT ref: 0040CD09
                                                                                                                              • _free.LIBCMT ref: 0040CD6A
                                                                                                                                • Part of subcall function 00409BE4: HeapFree.KERNEL32(00000000,00000000,?,00408F39), ref: 00409BFA
                                                                                                                                • Part of subcall function 00409BE4: GetLastError.KERNEL32(?,?,00408F39), ref: 00409C0C
                                                                                                                              • _free.LIBCMT ref: 0040CD75
                                                                                                                              • _free.LIBCMT ref: 0040CD80
                                                                                                                              • _free.LIBCMT ref: 0040CDD4
                                                                                                                              • _free.LIBCMT ref: 0040CDDF
                                                                                                                              • _free.LIBCMT ref: 0040CDEA
                                                                                                                              • _free.LIBCMT ref: 0040CDF5
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 776569668-0
                                                                                                                              • Opcode ID: b75e75529bcd0352f2d03240c340a8c8357f2f8f17569f02f1678e39e1e1ae86
                                                                                                                              • Instruction ID: 4b92e33c84eaa233ace2a91e33f3781f6afad2d1d99535aa9abcf455571b9107
                                                                                                                              • Opcode Fuzzy Hash: b75e75529bcd0352f2d03240c340a8c8357f2f8f17569f02f1678e39e1e1ae86
                                                                                                                              • Instruction Fuzzy Hash: AA110B71944704E6E630F7B2CC46F8B77AD7F01708F40093BB2ADBA2E2DA79B9044654
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004019FE Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 59registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004019FE(void* __ebx, void* __edi, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				void* _v8;
				short _v520;

				_v8 = _v8 & 0x00000000;
				E00404680(__edi,  &_v520, 0, 0x200);
				E0040143A( &_v520, 0x200, L"SOFTWARE\\Classes\\Directory\\shell\\%s", _a12);
				if(RegCreateKeyW(0x80000002,  &_v520,  &_v8) == 0) {
					E00402E5F(_v8, _a16);
					RegCloseKey(_v8);
				}
				E0040143A( &_v520, 0x200, L"SOFTWARE\\Classes\\Directory\\shell\\%s\\command", _a12);
				if(RegCreateKeyW(0x80000002,  &_v520,  &_v8) == 0) {
					E00402E5F(_v8, _a8);
					RegCloseKey(_v8);
				}
				return 0;
			}





                                                                                                                              0x00401a07
                                                                                                                              0x00401a1b
                                                                                                                              0x00401a30
                                                                                                                              0x00401a50
                                                                                                                              0x00401a58
                                                                                                                              0x00401a62
                                                                                                                              0x00401a62
                                                                                                                              0x00401a78
                                                                                                                              0x00401a99
                                                                                                                              0x00401aa1
                                                                                                                              0x00401aab
                                                                                                                              0x00401aab
                                                                                                                              0x00401ab4

                                                                                                                              APIs
                                                                                                                              • RegCreateKeyW.ADVAPI32(80000002,?,00000000), ref: 00401A48
                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00401A62
                                                                                                                              • RegCreateKeyW.ADVAPI32(80000002,?,00000000), ref: 00401A90
                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00401AAB
                                                                                                                                • Part of subcall function 00402E5F: RegSetValueExW.ADVAPI32(00401AA6,00000000,00000000,00000001,?,00000000,?,00401AA6,00000000,?), ref: 00402E7F
                                                                                                                              Strings
                                                                                                                              • SOFTWARE\Classes\Directory\shell\%s\command, xrefs: 00401A71
                                                                                                                              • SOFTWARE\Classes\Directory\shell\%s, xrefs: 00401A29
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseCreate$Value
                                                                                                                              • String ID: SOFTWARE\Classes\Directory\shell\%s$SOFTWARE\Classes\Directory\shell\%s\command
                                                                                                                              • API String ID: 543950827-2422810294
                                                                                                                              • Opcode ID: e1b24a9bd584901ede9756f00d62ed2b850a33242661afa9430993348db8506f
                                                                                                                              • Instruction ID: ee2f412eaffe8346be6a8cb5af9b885136deccc18696265944e69b42875e3680
                                                                                                                              • Opcode Fuzzy Hash: e1b24a9bd584901ede9756f00d62ed2b850a33242661afa9430993348db8506f
                                                                                                                              • Instruction Fuzzy Hash: 78113DB2910209FBDF00EFA0DD8AFDE777CEB04304F604466B614A10A2E7759E149B59
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00410D3C Relevance: 9.3, APIs: 6, Instructions: 317fileCOMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 84%
                                                                                                                              			E00410D3C(void* __eflags, intOrPtr _a4, signed int _a8, signed char* _a12, intOrPtr _a16) {
				signed int _v8;
				char _v16;
				char _v23;
				char _v24;
				void _v32;
				signed int _v33;
				signed char _v40;
				signed int _v44;
				intOrPtr _v48;
				char _v51;
				void _v52;
				long _v56;
				char _v60;
				intOrPtr _v68;
				char _v72;
				struct _OVERLAPPED* _v76;
				signed char _v80;
				signed int _v84;
				signed int _v88;
				char _v92;
				intOrPtr _v96;
				long _v100;
				signed char* _v104;
				signed char* _v108;
				void* _v112;
				intOrPtr _v116;
				char _v120;
				int _v124;
				intOrPtr _v128;
				struct _OVERLAPPED* _v132;
				struct _OVERLAPPED* _v136;
				struct _OVERLAPPED* _v140;
				struct _OVERLAPPED* _v144;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t170;
				signed int _t172;
				int _t178;
				intOrPtr _t183;
				intOrPtr _t186;
				void* _t188;
				void* _t190;
				long _t193;
				void _t198;
				signed char* _t202;
				void* _t206;
				struct _OVERLAPPED* _t211;
				void* _t220;
				long _t224;
				intOrPtr _t225;
				char _t227;
				void* _t237;
				signed int _t242;
				intOrPtr _t245;
				signed int _t248;
				signed int _t249;
				signed int _t251;
				intOrPtr _t253;
				void* _t259;
				intOrPtr _t260;
				signed int _t261;
				signed char _t264;
				intOrPtr _t267;
				signed char* _t269;
				signed int _t272;
				signed int _t273;
				signed int _t277;
				signed int _t278;
				intOrPtr _t279;
				signed int _t280;
				struct _OVERLAPPED* _t282;
				struct _OVERLAPPED* _t284;
				signed int _t285;
				void* _t286;
				void* _t287;

				_t170 =  *0x41e018; // 0x8d57f5bb
				_v8 = _t170 ^ _t285;
				_t172 = _a8;
				_t264 = _t172 >> 6;
				_t242 = (_t172 & 0x0000003f) * 0x38;
				_t269 = _a12;
				_v108 = _t269;
				_v80 = _t264;
				_v112 =  *((intOrPtr*)(_t242 +  *((intOrPtr*)(0x41eed0 + _t264 * 4)) + 0x18));
				_v44 = _t242;
				_v96 = _a16 + _t269;
				_t178 = GetConsoleOutputCP();
				_t241 = 0;
				_v124 = _t178;
				E00406ADF( &_v72, _t264, 0);
				_t273 = 0;
				_v92 = 0;
				_v88 = 0;
				_v84 = 0;
				_t245 =  *((intOrPtr*)(_v68 + 8));
				_v128 = _t245;
				_v104 = _t269;
				if(_t269 >= _v96) {
					L48:
					__eflags = _v60 - _t241;
				} else {
					while(1) {
						_t248 = _v44;
						_v51 =  *_t269;
						_v76 = _t241;
						_v40 = 1;
						_t186 =  *((intOrPtr*)(0x41eed0 + _v80 * 4));
						_v48 = _t186;
						if(_t245 != 0xfde9) {
							goto L19;
						}
						_t211 = _t241;
						_t267 = _v48 + 0x2e + _t248;
						_v116 = _t267;
						while( *((intOrPtr*)(_t267 + _t211)) != _t241) {
							_t211 =  &(_t211->Internal);
							if(_t211 < 5) {
								continue;
							}
							break;
						}
						_t264 = _v96 - _t269;
						_v40 = _t211;
						if(_t211 <= 0) {
							_t72 = ( *_t269 & 0x000000ff) + 0x41e760; // 0x0
							_t253 =  *_t72 + 1;
							_v48 = _t253;
							__eflags = _t253 - _t264;
							if(_t253 > _t264) {
								__eflags = _t264;
								if(_t264 <= 0) {
									goto L40;
								} else {
									_t278 = _v44;
									do {
										 *((char*)( *((intOrPtr*)(0x41eed0 + _v80 * 4)) + _t278 + _t241 + 0x2e)) =  *((intOrPtr*)(_t241 + _t269));
										_t241 =  &(_t241->Internal);
										__eflags = _t241 - _t264;
									} while (_t241 < _t264);
									goto L39;
								}
							} else {
								_v144 = _t241;
								__eflags = _t253 - 4;
								_v140 = _t241;
								_v56 = _t269;
								_v40 = (_t253 == 4) + 1;
								_t220 = E0040E472( &_v144,  &_v76,  &_v56, (_t253 == 4) + 1,  &_v144);
								_t287 = _t286 + 0x10;
								__eflags = _t220 - 0xffffffff;
								if(_t220 == 0xffffffff) {
									goto L48;
								} else {
									_t279 = _v48;
									goto L18;
								}
							}
						} else {
							_t224 =  *((char*)(( *(_t248 + _v48 + 0x2e) & 0x000000ff) + 0x41e760)) + 1;
							_v56 = _t224;
							_t225 = _t224 - _v40;
							_v48 = _t225;
							if(_t225 > _t264) {
								__eflags = _t264;
								if(_t264 > 0) {
									_t280 = _t248;
									do {
										_t227 =  *((intOrPtr*)(_t241 + _t269));
										_t259 =  *((intOrPtr*)(0x41eed0 + _v80 * 4)) + _t280 + _t241;
										_t241 =  &(_t241->Internal);
										 *((char*)(_t259 + _v40 + 0x2e)) = _t227;
										_t280 = _v44;
										__eflags = _t241 - _t264;
									} while (_t241 < _t264);
									L39:
									_t273 = _v88;
								}
								L40:
								_t277 = _t273 + _t264;
								__eflags = _t277;
								L41:
								__eflags = _v60;
								_v88 = _t277;
							} else {
								_t264 = _v40;
								_t282 = _t241;
								_t260 = _v116;
								do {
									 *((char*)(_t285 + _t282 - 0xc)) =  *((intOrPtr*)(_t260 + _t282));
									_t282 =  &(_t282->Internal);
								} while (_t282 < _t264);
								_t283 = _v48;
								_t261 = _v44;
								if(_v48 > 0) {
									E00406060( &_v16 + _t264, _t269, _t283);
									_t261 = _v44;
									_t286 = _t286 + 0xc;
									_t264 = _v40;
								}
								_t272 = _v80;
								_t284 = _t241;
								do {
									 *( *((intOrPtr*)(0x41eed0 + _t272 * 4)) + _t261 + _t284 + 0x2e) = _t241;
									_t284 =  &(_t284->Internal);
								} while (_t284 < _t264);
								_t269 = _v104;
								_t279 = _v48;
								_v120 =  &_v16;
								_v136 = _t241;
								_v132 = _t241;
								_v40 = (_v56 == 4) + 1;
								_t237 = E0040E472( &_v136,  &_v76,  &_v120, (_v56 == 4) + 1,  &_v136);
								_t287 = _t286 + 0x10;
								if(_t237 == 0xffffffff) {
									goto L48;
								} else {
									L18:
									_t269 = _t269 - 1 + _t279;
									L27:
									_t269 =  &(_t269[1]);
									_v104 = _t269;
									_t193 = E0040C695(_v124, _t241,  &_v76, _v40,  &_v32, 5, _t241, _t241);
									_t286 = _t287 + 0x20;
									_v56 = _t193;
									if(_t193 == 0) {
										goto L48;
									} else {
										if(WriteFile(_v112,  &_v32, _t193,  &_v100, _t241) == 0) {
											L47:
											_v92 = GetLastError();
											goto L48;
										} else {
											_t273 = _v84 - _v108 + _t269;
											_v88 = _t273;
											if(_v100 < _v56) {
												goto L48;
											} else {
												if(_v51 != 0xa) {
													L34:
													if(_t269 >= _v96) {
														goto L48;
													} else {
														_t245 = _v128;
														continue;
													}
												} else {
													_t198 = 0xd;
													_v52 = _t198;
													if(WriteFile(_v112,  &_v52, 1,  &_v100, _t241) == 0) {
														goto L47;
													} else {
														if(_v100 < 1) {
															goto L48;
														} else {
															_v84 = _v84 + 1;
															_t273 = _t273 + 1;
															_v88 = _t273;
															goto L34;
														}
													}
												}
											}
										}
									}
								}
							}
						}
						goto L49;
						L19:
						_t264 =  *((intOrPtr*)(_t248 + _t186 + 0x2d));
						__eflags = _t264 & 0x00000004;
						if((_t264 & 0x00000004) == 0) {
							_v33 =  *_t269;
							_t188 = E0040B2B2(_t264);
							_t249 = _v33 & 0x000000ff;
							__eflags =  *((intOrPtr*)(_t188 + _t249 * 2)) - _t241;
							if( *((intOrPtr*)(_t188 + _t249 * 2)) >= _t241) {
								_push(1);
								_push(_t269);
								goto L26;
							} else {
								_t100 =  &(_t269[1]); // 0x1
								_t202 = _t100;
								_v56 = _t202;
								__eflags = _t202 - _v96;
								if(_t202 >= _v96) {
									_t264 = _v80;
									_t251 = _v44;
									_t241 = _v33;
									 *((char*)(_t251 +  *((intOrPtr*)(0x41eed0 + _t264 * 4)) + 0x2e)) = _v33;
									 *(_t251 +  *((intOrPtr*)(0x41eed0 + _t264 * 4)) + 0x2d) =  *(_t251 +  *((intOrPtr*)(0x41eed0 + _t264 * 4)) + 0x2d) | 0x00000004;
									_t277 = _t273 + 1;
									goto L41;
								} else {
									_t206 = E00409DF3( &_v76, _t269, 2);
									_t287 = _t286 + 0xc;
									__eflags = _t206 - 0xffffffff;
									if(_t206 == 0xffffffff) {
										goto L48;
									} else {
										_t269 = _v56;
										goto L27;
									}
								}
							}
						} else {
							_t264 = _t264 & 0x000000fb;
							_v24 =  *((intOrPtr*)(_t248 + _t186 + 0x2e));
							_v23 =  *_t269;
							_push(2);
							 *(_t248 + _v48 + 0x2d) = _t264;
							_push( &_v24);
							L26:
							_push( &_v76);
							_t190 = E00409DF3();
							_t287 = _t286 + 0xc;
							__eflags = _t190 - 0xffffffff;
							if(_t190 == 0xffffffff) {
								goto L48;
							} else {
								goto L27;
							}
						}
						goto L49;
					}
				}
				L49:
				if(__eflags != 0) {
					_t183 = _v72;
					_t165 = _t183 + 0x350;
					 *_t165 =  *(_t183 + 0x350) & 0xfffffffd;
					__eflags =  *_t165;
				}
				__eflags = _v8 ^ _t285;
				asm("movsd");
				asm("movsd");
				asm("movsd");
				return E004042D2(_a4, _t241, _v8 ^ _t285, _t264, _a4,  &_v92);
			}















































































                                                                                                                              0x00410d47
                                                                                                                              0x00410d4e
                                                                                                                              0x00410d51
                                                                                                                              0x00410d59
                                                                                                                              0x00410d5c
                                                                                                                              0x00410d69
                                                                                                                              0x00410d6c
                                                                                                                              0x00410d6f
                                                                                                                              0x00410d76
                                                                                                                              0x00410d7e
                                                                                                                              0x00410d81
                                                                                                                              0x00410d84
                                                                                                                              0x00410d8a
                                                                                                                              0x00410d8c
                                                                                                                              0x00410d93
                                                                                                                              0x00410d9d
                                                                                                                              0x00410d9f
                                                                                                                              0x00410da2
                                                                                                                              0x00410da5
                                                                                                                              0x00410da8
                                                                                                                              0x00410dab
                                                                                                                              0x00410dae
                                                                                                                              0x00410db4
                                                                                                                              0x004110bf
                                                                                                                              0x004110bf
                                                                                                                              0x00000000
                                                                                                                              0x00410dba
                                                                                                                              0x00410dc2
                                                                                                                              0x00410dc5
                                                                                                                              0x00410dcb
                                                                                                                              0x00410dce
                                                                                                                              0x00410dd5
                                                                                                                              0x00410ddc
                                                                                                                              0x00410ddf
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00410de8
                                                                                                                              0x00410ded
                                                                                                                              0x00410def
                                                                                                                              0x00410df2
                                                                                                                              0x00410df7
                                                                                                                              0x00410dfb
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00410dfb
                                                                                                                              0x00410e00
                                                                                                                              0x00410e02
                                                                                                                              0x00410e07
                                                                                                                              0x00410ec1
                                                                                                                              0x00410ec8
                                                                                                                              0x00410ec9
                                                                                                                              0x00410ecc
                                                                                                                              0x00410ece
                                                                                                                              0x00411072
                                                                                                                              0x00411074
                                                                                                                              0x00000000
                                                                                                                              0x00411076
                                                                                                                              0x00411076
                                                                                                                              0x00411079
                                                                                                                              0x00411088
                                                                                                                              0x0041108c
                                                                                                                              0x0041108d
                                                                                                                              0x0041108d
                                                                                                                              0x00000000
                                                                                                                              0x00411091
                                                                                                                              0x00410ed4
                                                                                                                              0x00410ed6
                                                                                                                              0x00410edc
                                                                                                                              0x00410edf
                                                                                                                              0x00410eeb
                                                                                                                              0x00410ef4
                                                                                                                              0x00410eff
                                                                                                                              0x00410f04
                                                                                                                              0x00410f07
                                                                                                                              0x00410f0a
                                                                                                                              0x00000000
                                                                                                                              0x00410f10
                                                                                                                              0x00410f10
                                                                                                                              0x00000000
                                                                                                                              0x00410f10
                                                                                                                              0x00410f0a
                                                                                                                              0x00410e0d
                                                                                                                              0x00410e1c
                                                                                                                              0x00410e1d
                                                                                                                              0x00410e20
                                                                                                                              0x00410e23
                                                                                                                              0x00410e28
                                                                                                                              0x0041103e
                                                                                                                              0x00411040
                                                                                                                              0x00411042
                                                                                                                              0x00411044
                                                                                                                              0x0041104e
                                                                                                                              0x00411056
                                                                                                                              0x00411058
                                                                                                                              0x00411059
                                                                                                                              0x0041105d
                                                                                                                              0x00411060
                                                                                                                              0x00411060
                                                                                                                              0x00411064
                                                                                                                              0x00411064
                                                                                                                              0x00411064
                                                                                                                              0x00411067
                                                                                                                              0x00411067
                                                                                                                              0x00411067
                                                                                                                              0x00411069
                                                                                                                              0x00411069
                                                                                                                              0x0041106d
                                                                                                                              0x00410e2e
                                                                                                                              0x00410e2e
                                                                                                                              0x00410e31
                                                                                                                              0x00410e33
                                                                                                                              0x00410e36
                                                                                                                              0x00410e39
                                                                                                                              0x00410e3d
                                                                                                                              0x00410e3e
                                                                                                                              0x00410e42
                                                                                                                              0x00410e45
                                                                                                                              0x00410e4a
                                                                                                                              0x00410e54
                                                                                                                              0x00410e59
                                                                                                                              0x00410e5c
                                                                                                                              0x00410e5f
                                                                                                                              0x00410e5f
                                                                                                                              0x00410e62
                                                                                                                              0x00410e65
                                                                                                                              0x00410e67
                                                                                                                              0x00410e70
                                                                                                                              0x00410e74
                                                                                                                              0x00410e75
                                                                                                                              0x00410e79
                                                                                                                              0x00410e7f
                                                                                                                              0x00410e88
                                                                                                                              0x00410e95
                                                                                                                              0x00410e9c
                                                                                                                              0x00410ea0
                                                                                                                              0x00410eab
                                                                                                                              0x00410eb0
                                                                                                                              0x00410eb6
                                                                                                                              0x00000000
                                                                                                                              0x00410ebc
                                                                                                                              0x00410f13
                                                                                                                              0x00410f14
                                                                                                                              0x00410f97
                                                                                                                              0x00410f9e
                                                                                                                              0x00410fa6
                                                                                                                              0x00410fae
                                                                                                                              0x00410fb3
                                                                                                                              0x00410fb6
                                                                                                                              0x00410fbb
                                                                                                                              0x00000000
                                                                                                                              0x00410fc1
                                                                                                                              0x00410fd6
                                                                                                                              0x004110b6
                                                                                                                              0x004110bc
                                                                                                                              0x00000000
                                                                                                                              0x00410fdc
                                                                                                                              0x00410fe5
                                                                                                                              0x00410fe7
                                                                                                                              0x00410fed
                                                                                                                              0x00000000
                                                                                                                              0x00410ff3
                                                                                                                              0x00410ff7
                                                                                                                              0x0041102d
                                                                                                                              0x00411030
                                                                                                                              0x00000000
                                                                                                                              0x00411036
                                                                                                                              0x00411036
                                                                                                                              0x00000000
                                                                                                                              0x00411036
                                                                                                                              0x00410ff9
                                                                                                                              0x00410ffb
                                                                                                                              0x00410ffd
                                                                                                                              0x00411016
                                                                                                                              0x00000000
                                                                                                                              0x0041101c
                                                                                                                              0x00411020
                                                                                                                              0x00000000
                                                                                                                              0x00411026
                                                                                                                              0x00411026
                                                                                                                              0x00411029
                                                                                                                              0x0041102a
                                                                                                                              0x00000000
                                                                                                                              0x0041102a
                                                                                                                              0x00411020
                                                                                                                              0x00411016
                                                                                                                              0x00410ff7
                                                                                                                              0x00410fed
                                                                                                                              0x00410fd6
                                                                                                                              0x00410fbb
                                                                                                                              0x00410eb6
                                                                                                                              0x00410e28
                                                                                                                              0x00000000
                                                                                                                              0x00410f18
                                                                                                                              0x00410f18
                                                                                                                              0x00410f1c
                                                                                                                              0x00410f1f
                                                                                                                              0x00410f41
                                                                                                                              0x00410f44
                                                                                                                              0x00410f49
                                                                                                                              0x00410f4d
                                                                                                                              0x00410f51
                                                                                                                              0x00410f7f
                                                                                                                              0x00410f81
                                                                                                                              0x00000000
                                                                                                                              0x00410f53
                                                                                                                              0x00410f53
                                                                                                                              0x00410f53
                                                                                                                              0x00410f56
                                                                                                                              0x00410f59
                                                                                                                              0x00410f5c
                                                                                                                              0x00411093
                                                                                                                              0x00411096
                                                                                                                              0x00411099
                                                                                                                              0x004110a3
                                                                                                                              0x004110ae
                                                                                                                              0x004110b3
                                                                                                                              0x00000000
                                                                                                                              0x00410f62
                                                                                                                              0x00410f69
                                                                                                                              0x00410f6e
                                                                                                                              0x00410f71
                                                                                                                              0x00410f74
                                                                                                                              0x00000000
                                                                                                                              0x00410f7a
                                                                                                                              0x00410f7a
                                                                                                                              0x00000000
                                                                                                                              0x00410f7a
                                                                                                                              0x00410f74
                                                                                                                              0x00410f5c
                                                                                                                              0x00410f21
                                                                                                                              0x00410f25
                                                                                                                              0x00410f28
                                                                                                                              0x00410f2d
                                                                                                                              0x00410f33
                                                                                                                              0x00410f35
                                                                                                                              0x00410f3c
                                                                                                                              0x00410f82
                                                                                                                              0x00410f85
                                                                                                                              0x00410f86
                                                                                                                              0x00410f8b
                                                                                                                              0x00410f8e
                                                                                                                              0x00410f91
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00410f91
                                                                                                                              0x00000000
                                                                                                                              0x00410f1f
                                                                                                                              0x00410dba
                                                                                                                              0x004110c2
                                                                                                                              0x004110c2
                                                                                                                              0x004110c4
                                                                                                                              0x004110c7
                                                                                                                              0x004110c7
                                                                                                                              0x004110c7
                                                                                                                              0x004110c7
                                                                                                                              0x004110d9
                                                                                                                              0x004110db
                                                                                                                              0x004110dc
                                                                                                                              0x004110dd
                                                                                                                              0x004110e7

                                                                                                                              APIs
                                                                                                                              • GetConsoleOutputCP.KERNEL32(00000000,?,?), ref: 00410D84
                                                                                                                              • __fassign.LIBCMT ref: 00410F69
                                                                                                                              • __fassign.LIBCMT ref: 00410F86
                                                                                                                              • WriteFile.KERNEL32(?,00000000,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00410FCE
                                                                                                                              • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 0041100E
                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 004110B6
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FileWrite__fassign$ConsoleErrorLastOutput
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1735259414-0
                                                                                                                              • Opcode ID: 4defde215f51bff2bce586324fd725b6029db7fb5c3db9ee40a8e3636952a0b4
                                                                                                                              • Instruction ID: b0ce6b38612007ebbc159cbc9f87f1c764a52c8c3aef2771926f623f92cb1f34
                                                                                                                              • Opcode Fuzzy Hash: 4defde215f51bff2bce586324fd725b6029db7fb5c3db9ee40a8e3636952a0b4
                                                                                                                              • Instruction Fuzzy Hash: 9BC1AF75D002988FCB15CFA9C8809EDBBB5BF08304F28816AE955F7352D6359D82CF69
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405CD1 Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 85%
                                                                                                                              			E00405CD1(void* __ecx) {
				void* _t4;
				void* _t8;
				void* _t11;
				void* _t13;
				void* _t14;
				void* _t18;
				void* _t23;
				long _t24;
				void* _t27;

				_t13 = __ecx;
				if( *0x41e020 != 0xffffffff) {
					_t24 = GetLastError();
					_t11 = E00405F9C(_t13, __eflags,  *0x41e020);
					_t14 = _t23;
					__eflags = _t11 - 0xffffffff;
					if(_t11 == 0xffffffff) {
						L5:
						_t11 = 0;
					} else {
						__eflags = _t11;
						if(__eflags == 0) {
							_t4 = E00405FD7(_t14, __eflags,  *0x41e020, 0xffffffff);
							__eflags = _t4;
							if(_t4 != 0) {
								_push(0x28);
								_t27 = E00409270();
								_t18 = 1;
								__eflags = _t27;
								if(__eflags == 0) {
									L8:
									_t11 = 0;
									E00405FD7(_t18, __eflags,  *0x41e020, 0);
								} else {
									_t8 = E00405FD7(_t18, __eflags,  *0x41e020, _t27);
									_pop(_t18);
									__eflags = _t8;
									if(__eflags != 0) {
										_t11 = _t27;
										_t27 = 0;
										__eflags = 0;
									} else {
										goto L8;
									}
								}
								E00408C87(_t27);
							} else {
								goto L5;
							}
						}
					}
					SetLastError(_t24);
					return _t11;
				} else {
					return 0;
				}
			}












                                                                                                                              0x00405cd1
                                                                                                                              0x00405cd8
                                                                                                                              0x00405ceb
                                                                                                                              0x00405cf2
                                                                                                                              0x00405cf4
                                                                                                                              0x00405cf5
                                                                                                                              0x00405cf8
                                                                                                                              0x00405d11
                                                                                                                              0x00405d11
                                                                                                                              0x00405cfa
                                                                                                                              0x00405cfa
                                                                                                                              0x00405cfc
                                                                                                                              0x00405d06
                                                                                                                              0x00405d0d
                                                                                                                              0x00405d0f
                                                                                                                              0x00405d16
                                                                                                                              0x00405d1f
                                                                                                                              0x00405d22
                                                                                                                              0x00405d23
                                                                                                                              0x00405d25
                                                                                                                              0x00405d39
                                                                                                                              0x00405d39
                                                                                                                              0x00405d42
                                                                                                                              0x00405d27
                                                                                                                              0x00405d2e
                                                                                                                              0x00405d34
                                                                                                                              0x00405d35
                                                                                                                              0x00405d37
                                                                                                                              0x00405d4b
                                                                                                                              0x00405d4d
                                                                                                                              0x00405d4d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405d37
                                                                                                                              0x00405d50
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405d0f
                                                                                                                              0x00405cfc
                                                                                                                              0x00405d58
                                                                                                                              0x00405d62
                                                                                                                              0x00405cda
                                                                                                                              0x00405cdc
                                                                                                                              0x00405cdc

                                                                                                                              APIs
                                                                                                                              • GetLastError.KERNEL32(?,?,00405CC8,004059CF,0040403E), ref: 00405CDF
                                                                                                                              • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00405CED
                                                                                                                              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00405D06
                                                                                                                              • SetLastError.KERNEL32(00000000,00405CC8,004059CF,0040403E), ref: 00405D58
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorLastValue___vcrt_
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3852720340-0
                                                                                                                              • Opcode ID: eb09aca13cccd14bb29ed722acc07b8a52ff7a44c1c80375cc51d3b910f46402
                                                                                                                              • Instruction ID: 9af6227f59f489f098fcfdbfcf11d6dfcce5a03648f3f16bdb57abd01da7097b
                                                                                                                              • Opcode Fuzzy Hash: eb09aca13cccd14bb29ed722acc07b8a52ff7a44c1c80375cc51d3b910f46402
                                                                                                                              • Instruction Fuzzy Hash: 2001D236509B226EE61026A66C896A72B95DB09378730823FF620A41F1EB794C015D5C
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040BC07 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E0040BC07(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a16) {
				intOrPtr _t14;
				intOrPtr _t15;
				intOrPtr _t17;
				intOrPtr _t36;
				intOrPtr* _t38;
				intOrPtr _t39;

				_t38 = _a4;
				if(_t38 != 0) {
					__eflags =  *_t38;
					if( *_t38 != 0) {
						_t14 = E0040C695(_a16, 0, _t38, 0xffffffff, 0, 0, 0, 0);
						__eflags = _t14;
						if(__eflags != 0) {
							_t36 = _a8;
							__eflags = _t14 -  *((intOrPtr*)(_t36 + 0xc));
							if(_t14 <=  *((intOrPtr*)(_t36 + 0xc))) {
								L10:
								_t15 = E0040C695(_a16, 0, _t38, 0xffffffff,  *((intOrPtr*)(_t36 + 8)),  *((intOrPtr*)(_t36 + 0xc)), 0, 0);
								__eflags = _t15;
								if(__eflags != 0) {
									 *((intOrPtr*)(_t36 + 0x10)) = _t15 - 1;
									_t17 = 0;
									__eflags = 0;
								} else {
									E00409B9B(GetLastError());
									_t17 =  *((intOrPtr*)(E00409BD1(__eflags)));
								}
								L13:
								L14:
								return _t17;
							}
							_t17 = E0040BCCE(_t36, _t14);
							__eflags = _t17;
							if(_t17 != 0) {
								goto L13;
							}
							goto L10;
						}
						E00409B9B(GetLastError());
						_t17 =  *((intOrPtr*)(E00409BD1(__eflags)));
						goto L14;
					}
					_t39 = _a8;
					__eflags =  *((intOrPtr*)(_t39 + 0xc));
					if( *((intOrPtr*)(_t39 + 0xc)) != 0) {
						L5:
						 *((char*)( *((intOrPtr*)(_t39 + 8)))) = 0;
						_t17 = 0;
						 *((intOrPtr*)(_t39 + 0x10)) = 0;
						goto L14;
					}
					_t17 = E0040BCCE(_t39, 1);
					__eflags = _t17;
					if(_t17 != 0) {
						goto L14;
					}
					goto L5;
				}
				E0040BCF5(_a8);
				return 0;
			}









                                                                                                                              0x0040bc0d
                                                                                                                              0x0040bc12
                                                                                                                              0x0040bc26
                                                                                                                              0x0040bc29
                                                                                                                              0x0040bc5b
                                                                                                                              0x0040bc63
                                                                                                                              0x0040bc65
                                                                                                                              0x0040bc7e
                                                                                                                              0x0040bc81
                                                                                                                              0x0040bc84
                                                                                                                              0x0040bc92
                                                                                                                              0x0040bca1
                                                                                                                              0x0040bca9
                                                                                                                              0x0040bcab
                                                                                                                              0x0040bcc4
                                                                                                                              0x0040bcc7
                                                                                                                              0x0040bcc7
                                                                                                                              0x0040bcad
                                                                                                                              0x0040bcb4
                                                                                                                              0x0040bcbf
                                                                                                                              0x0040bcbf
                                                                                                                              0x0040bcc9
                                                                                                                              0x0040bcca
                                                                                                                              0x00000000
                                                                                                                              0x0040bcca
                                                                                                                              0x0040bc89
                                                                                                                              0x0040bc8e
                                                                                                                              0x0040bc90
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040bc90
                                                                                                                              0x0040bc6e
                                                                                                                              0x0040bc79
                                                                                                                              0x00000000
                                                                                                                              0x0040bc79
                                                                                                                              0x0040bc2b
                                                                                                                              0x0040bc2e
                                                                                                                              0x0040bc31
                                                                                                                              0x0040bc44
                                                                                                                              0x0040bc47
                                                                                                                              0x0040bc49
                                                                                                                              0x0040bc4b
                                                                                                                              0x00000000
                                                                                                                              0x0040bc4b
                                                                                                                              0x0040bc37
                                                                                                                              0x0040bc3c
                                                                                                                              0x0040bc3e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040bc3e
                                                                                                                              0x0040bc17
                                                                                                                              0x00000000

                                                                                                                              Strings
                                                                                                                              • C:\Program Files (x86)\Winamp\elevator.exe, xrefs: 0040BC0C
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: C:\Program Files (x86)\Winamp\elevator.exe
                                                                                                                              • API String ID: 0-3242687158
                                                                                                                              • Opcode ID: d52dc4cbe2e0e68848edf0aeb3fe03d7963249b851a405c0ea3330a72aa6df65
                                                                                                                              • Instruction ID: 163dfd2e46b2fd86583a892fded016981d2b5b4d218e2cff354b4ba6e9154001
                                                                                                                              • Opcode Fuzzy Hash: d52dc4cbe2e0e68848edf0aeb3fe03d7963249b851a405c0ea3330a72aa6df65
                                                                                                                              • Instruction Fuzzy Hash: EE217171618209AEEB11AF669C81967776CEF50368710863EF815A72D1EF39EC0187EC
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405E43 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00405E43(void* __ecx, signed int* _a4, intOrPtr _a8) {
				WCHAR* _v8;
				signed int _t11;
				WCHAR* _t12;
				struct HINSTANCE__* _t16;
				struct HINSTANCE__* _t18;
				signed int* _t22;
				signed int* _t26;
				struct HINSTANCE__* _t29;
				WCHAR* _t31;
				void* _t32;

				_t26 = _a4;
				while(_t26 != _a8) {
					_t11 =  *_t26;
					_t22 = 0x41ed30 + _t11 * 4;
					_t29 =  *_t22;
					if(_t29 == 0) {
						_t12 =  *(0x416c38 + _t11 * 4);
						_v8 = _t12;
						_t29 = LoadLibraryExW(_t12, 0, 0x800);
						if(_t29 != 0) {
							L13:
							 *_t22 = _t29;
							if( *_t22 != 0) {
								FreeLibrary(_t29);
							}
							L15:
							_t16 = _t29;
							L12:
							return _t16;
						}
						_t18 = GetLastError();
						if(_t18 != 0x57) {
							L8:
							 *_t22 = _t18 | 0xffffffff;
							L9:
							_t26 =  &(_t26[1]);
							continue;
						}
						_t31 = _v8;
						_t18 = E00407DE2(_t31, L"api-ms-", 7);
						_t32 = _t32 + 0xc;
						if(_t18 == 0) {
							goto L8;
						}
						_t18 = LoadLibraryExW(_t31, 0, 0);
						_t29 = _t18;
						if(_t29 != 0) {
							goto L13;
						}
						goto L8;
					}
					if(_t29 != 0xffffffff) {
						goto L15;
					}
					goto L9;
				}
				_t16 = 0;
				goto L12;
			}













                                                                                                                              0x00405e4a
                                                                                                                              0x00405ebe
                                                                                                                              0x00405e4f
                                                                                                                              0x00405e51
                                                                                                                              0x00405e58
                                                                                                                              0x00405e5c
                                                                                                                              0x00405e65
                                                                                                                              0x00405e74
                                                                                                                              0x00405e7d
                                                                                                                              0x00405e81
                                                                                                                              0x00405eca
                                                                                                                              0x00405ecc
                                                                                                                              0x00405ed0
                                                                                                                              0x00405ed3
                                                                                                                              0x00405ed3
                                                                                                                              0x00405ed9
                                                                                                                              0x00405ed9
                                                                                                                              0x00405ec5
                                                                                                                              0x00405ec9
                                                                                                                              0x00405ec9
                                                                                                                              0x00405e83
                                                                                                                              0x00405e8c
                                                                                                                              0x00405eb6
                                                                                                                              0x00405eb9
                                                                                                                              0x00405ebb
                                                                                                                              0x00405ebb
                                                                                                                              0x00000000
                                                                                                                              0x00405ebb
                                                                                                                              0x00405e8e
                                                                                                                              0x00405e99
                                                                                                                              0x00405e9e
                                                                                                                              0x00405ea3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405eaa
                                                                                                                              0x00405eb0
                                                                                                                              0x00405eb4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405eb4
                                                                                                                              0x00405e61
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405e63
                                                                                                                              0x00405ec3
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,?,?,00405F04,?,?,0041ECD8,00000000,?,0040602F,00000004,InitializeCriticalSectionEx,00416D2C,InitializeCriticalSectionEx,00000000), ref: 00405ED3
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FreeLibrary
                                                                                                                              • String ID: api-ms-
                                                                                                                              • API String ID: 3664257935-2084034818
                                                                                                                              • Opcode ID: 44405bfdd735ea737be06a17bb2b620c83b142f3bd6814091106a123fb39efb6
                                                                                                                              • Instruction ID: cbad70a06b6b89d64f9e4dbfaaa5ccbaa10a87834e6a8be002d6c3c8a2e69f48
                                                                                                                              • Opcode Fuzzy Hash: 44405bfdd735ea737be06a17bb2b620c83b142f3bd6814091106a123fb39efb6
                                                                                                                              • Instruction Fuzzy Hash: E6117331A01E25ABDB229B68DC40B9B37A8EF41761F254132E955F73C0D778EE018ADD
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040239A Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 52registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 80%
                                                                                                                              			E0040239A(void* __ebx, void* __edi, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				char _v592;
				void* _t17;
				void* _t32;

				_v8 = _v8 & 0x00000000;
				_push(__edi);
				_t31 = L"CLSID\\";
				if(E00401EEC(L"CLSID\\", 0x80000000, L"CLSID\\", _a12,  &_v8) == 0) {
					RegCloseKey(_v8);
				}
				_t17 = E00401F3C(_t31, 0x80000000, _t31, _a12, L"\\LocalServer32",  &_v8);
				_pop(_t32);
				if(_t17 == 0) {
					E00404680(_t32,  &_v592, _t17, 0x248);
					E0040145F( &_v592, 0x124, L"\"%s\"", _a8);
					E00402E5F(_v8,  &_v592);
					RegCloseKey(_v8);
				}
				return 0;
			}







                                                                                                                              0x004023a3
                                                                                                                              0x004023ab
                                                                                                                              0x004023b0
                                                                                                                              0x004023c6
                                                                                                                              0x004023cb
                                                                                                                              0x004023cb
                                                                                                                              0x004023df
                                                                                                                              0x004023e7
                                                                                                                              0x004023eb
                                                                                                                              0x004023fa
                                                                                                                              0x00402413
                                                                                                                              0x00402422
                                                                                                                              0x0040242d
                                                                                                                              0x0040242d
                                                                                                                              0x00402436

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 00401EEC: RegCreateKeyW.ADVAPI32(?,?,?), ref: 00401F34
                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 004023CB
                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 0040242D
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Close$Create
                                                                                                                              • String ID: "%s"$CLSID\$\LocalServer32
                                                                                                                              • API String ID: 359002179-3797121293
                                                                                                                              • Opcode ID: d8d6215ab49d1b96c785853b86bd160afcbcad1b217ffbbd471419b995db53c2
                                                                                                                              • Instruction ID: 1d4da29429d8f0758130eb3e331080831de19cf24d2a127a4be6a8d87038b31a
                                                                                                                              • Opcode Fuzzy Hash: d8d6215ab49d1b96c785853b86bd160afcbcad1b217ffbbd471419b995db53c2
                                                                                                                              • Instruction Fuzzy Hash: 040180B1900209FBDB00ABA1CD4AFDF7A7CEB44308F204476B908B1091E6798B249A68
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00408A3A Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 25%
                                                                                                                              			E00408A3A(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				_Unknown_base(*)()* _t8;
				_Unknown_base(*)()* _t14;

				_v8 = _v8 & 0x00000000;
				_t8 =  &_v8;
				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t8, __ecx);
				if(_t8 != 0) {
					_t8 = GetProcAddress(_v8, "CorExitProcess");
					_t14 = _t8;
					if(_t14 != 0) {
						 *0x4151ac(_a4);
						_t8 =  *_t14();
					}
				}
				if(_v8 != 0) {
					return FreeLibrary(_v8);
				}
				return _t8;
			}






                                                                                                                              0x00408a40
                                                                                                                              0x00408a44
                                                                                                                              0x00408a4f
                                                                                                                              0x00408a57
                                                                                                                              0x00408a62
                                                                                                                              0x00408a68
                                                                                                                              0x00408a6c
                                                                                                                              0x00408a73
                                                                                                                              0x00408a79
                                                                                                                              0x00408a79
                                                                                                                              0x00408a7b
                                                                                                                              0x00408a80
                                                                                                                              0x00000000
                                                                                                                              0x00408a85
                                                                                                                              0x00408a8c

                                                                                                                              APIs
                                                                                                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,00408A2F,?,?,004089F7,?,00000000,?), ref: 00408A4F
                                                                                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00408A62
                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,?,00408A2F,?,?,004089F7,?,00000000,?), ref: 00408A85
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                                                              • API String ID: 4061214504-1276376045
                                                                                                                              • Opcode ID: 0b5c2ebec87c1ee3ae9e74302d71d91b366871e704ffd45d0fb657ccbdd6ee72
                                                                                                                              • Instruction ID: 27b33477b19eecd422fc0e1ab24080e5a25a942a892231b31a4b0729370fe13e
                                                                                                                              • Opcode Fuzzy Hash: 0b5c2ebec87c1ee3ae9e74302d71d91b366871e704ffd45d0fb657ccbdd6ee72
                                                                                                                              • Instruction Fuzzy Hash: C9F08230A00519FBDB129BA0DD0AFDE7E78EB44765F1080B6B804B11A0CB748E41DAA8
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00401010 Relevance: 7.6, APIs: 5, Instructions: 62registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 86%
                                                                                                                              			E00401010(void* __edi, void* _a4, short* _a8) {
				void* _v8;
				int _v12;
				struct _FILETIME _v20;
				short _v1044;
				long _t20;
				long _t28;
				long _t35;

				_t33 = __edi;
				asm("xorps xmm0, xmm0");
				asm("movlpd [ebp-0x10], xmm0");
				E00404680(__edi,  &_v1044, 0, 0x400);
				_v12 = 0x200;
				_t20 = RegOpenKeyExW(_a4, _a8, 0, 0xa,  &_v8);
				if(_t20 == 0) {
					while(RegEnumKeyExW(_v8, 0,  &_v1044,  &_v12, 0, 0, 0,  &_v20) == 0) {
						_t35 = E00401010(_t33, _v8,  &_v1044);
						if(_t35 != 0) {
							RegCloseKey(_v8);
							_t28 = _t35;
							L6:
							return _t28;
						}
						_v12 = 0x200;
					}
					RegCloseKey(_v8);
					_t28 = RegDeleteKeyW(_a4, _a8);
					goto L6;
				}
				return _t20;
			}










                                                                                                                              0x00401010
                                                                                                                              0x00401027
                                                                                                                              0x0040102c
                                                                                                                              0x00401031
                                                                                                                              0x00401039
                                                                                                                              0x0040104d
                                                                                                                              0x00401055
                                                                                                                              0x00401078
                                                                                                                              0x00401069
                                                                                                                              0x0040106f
                                                                                                                              0x004010b4
                                                                                                                              0x004010ba
                                                                                                                              0x004010ad
                                                                                                                              0x00000000
                                                                                                                              0x004010ad
                                                                                                                              0x00401071
                                                                                                                              0x00401071
                                                                                                                              0x0040109b
                                                                                                                              0x004010a7
                                                                                                                              0x00000000
                                                                                                                              0x004010a7
                                                                                                                              0x004010b0

                                                                                                                              APIs
                                                                                                                              • RegOpenKeyExW.ADVAPI32(00000200,?,00000000,0000000A,?), ref: 0040104D
                                                                                                                              • RegEnumKeyExW.ADVAPI32 ref: 0040108E
                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 0040109B
                                                                                                                              • RegDeleteKeyW.ADVAPI32(00000200,?), ref: 004010A7
                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 004010B4
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Close$DeleteEnumOpen
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1912718029-0
                                                                                                                              • Opcode ID: aa9fc0249103666c167d29c146047780106112a357552a0b4e39c7a7d1a52b28
                                                                                                                              • Instruction ID: c4e9d6f10f1a1297c3bd1a8ae90b81bb9913474e32820ca1af9934db069847fb
                                                                                                                              • Opcode Fuzzy Hash: aa9fc0249103666c167d29c146047780106112a357552a0b4e39c7a7d1a52b28
                                                                                                                              • Instruction Fuzzy Hash: 7D114CB190010CFFEB119B90DD85EEE7B7CEB08348F108576FA01A1060E7758E849B98
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040CC7B Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E0040CC7B(intOrPtr* _a4) {
				intOrPtr _t6;
				intOrPtr* _t21;
				void* _t23;
				void* _t24;
				void* _t25;
				void* _t26;
				void* _t27;

				_t21 = _a4;
				if(_t21 != 0) {
					_t23 =  *_t21 -  *0x41e6f0; // 0x41e740
					if(_t23 != 0) {
						E00409BE4(_t7);
					}
					_t24 =  *((intOrPtr*)(_t21 + 4)) -  *0x41e6f4; // 0x41f330
					if(_t24 != 0) {
						E00409BE4(_t8);
					}
					_t25 =  *((intOrPtr*)(_t21 + 8)) -  *0x41e6f8; // 0x41f330
					if(_t25 != 0) {
						E00409BE4(_t9);
					}
					_t26 =  *((intOrPtr*)(_t21 + 0x30)) -  *0x41e720; // 0x41e744
					if(_t26 != 0) {
						E00409BE4(_t10);
					}
					_t6 =  *((intOrPtr*)(_t21 + 0x34));
					_t27 = _t6 -  *0x41e724; // 0x41f334
					if(_t27 != 0) {
						return E00409BE4(_t6);
					}
				}
				return _t6;
			}










                                                                                                                              0x0040cc81
                                                                                                                              0x0040cc86
                                                                                                                              0x0040cc8a
                                                                                                                              0x0040cc90
                                                                                                                              0x0040cc93
                                                                                                                              0x0040cc98
                                                                                                                              0x0040cc9c
                                                                                                                              0x0040cca2
                                                                                                                              0x0040cca5
                                                                                                                              0x0040ccaa
                                                                                                                              0x0040ccae
                                                                                                                              0x0040ccb4
                                                                                                                              0x0040ccb7
                                                                                                                              0x0040ccbc
                                                                                                                              0x0040ccc0
                                                                                                                              0x0040ccc6
                                                                                                                              0x0040ccc9
                                                                                                                              0x0040ccce
                                                                                                                              0x0040cccf
                                                                                                                              0x0040ccd2
                                                                                                                              0x0040ccd8
                                                                                                                              0x00000000
                                                                                                                              0x0040cce0
                                                                                                                              0x0040ccd8
                                                                                                                              0x0040cce3

                                                                                                                              APIs
                                                                                                                              • _free.LIBCMT ref: 0040CC93
                                                                                                                                • Part of subcall function 00409BE4: HeapFree.KERNEL32(00000000,00000000,?,00408F39), ref: 00409BFA
                                                                                                                                • Part of subcall function 00409BE4: GetLastError.KERNEL32(?,?,00408F39), ref: 00409C0C
                                                                                                                              • _free.LIBCMT ref: 0040CCA5
                                                                                                                              • _free.LIBCMT ref: 0040CCB7
                                                                                                                              • _free.LIBCMT ref: 0040CCC9
                                                                                                                              • _free.LIBCMT ref: 0040CCDB
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 776569668-0
                                                                                                                              • Opcode ID: 225ec45686ce7580420b95ae85dda5717cdaf0df54f4a1985ed6419347fcf9a3
                                                                                                                              • Instruction ID: a7d97ac19a6df0beef321df07947c9c01b3030b12558870ed2f2d960260bd6ec
                                                                                                                              • Opcode Fuzzy Hash: 225ec45686ce7580420b95ae85dda5717cdaf0df54f4a1985ed6419347fcf9a3
                                                                                                                              • Instruction Fuzzy Hash: 7AF0FF72508211EBD720DB56F5C5C5A73EEBA04724798492BF40DFB692C738FC80866C
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040B58B Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 206COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 80%
                                                                                                                              			E0040B58B(void* __esi, signed int* _a4, signed int _a8, intOrPtr _a12) {
				intOrPtr _v0;
				signed int _v6;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr* _v72;
				intOrPtr* _v104;
				intOrPtr* _v108;
				intOrPtr _v112;
				signed int _v124;
				struct _WIN32_FIND_DATAW _v608;
				char _v609;
				intOrPtr* _v616;
				union _FINDEX_INFO_LEVELS _v620;
				union _FINDEX_INFO_LEVELS _v624;
				union _FINDEX_INFO_LEVELS _v628;
				signed int _v632;
				union _FINDEX_INFO_LEVELS _v636;
				union _FINDEX_INFO_LEVELS _v640;
				signed int _v644;
				signed int _v648;
				union _FINDEX_INFO_LEVELS _v652;
				union _FINDEX_INFO_LEVELS _v656;
				union _FINDEX_INFO_LEVELS _v660;
				union _FINDEX_INFO_LEVELS _v664;
				signed int _v668;
				union _FINDEX_INFO_LEVELS _v672;
				union _FINDEX_INFO_LEVELS _v676;
				intOrPtr _v724;
				void* __ebx;
				void* __edi;
				intOrPtr* _t131;
				signed int _t132;
				signed int _t134;
				signed int _t139;
				signed int _t140;
				intOrPtr* _t150;
				signed int _t152;
				intOrPtr _t153;
				signed int _t157;
				signed int _t159;
				signed int _t164;
				signed int _t166;
				char _t168;
				signed char _t169;
				signed int _t175;
				union _FINDEX_INFO_LEVELS _t179;
				signed int _t185;
				union _FINDEX_INFO_LEVELS _t188;
				intOrPtr* _t196;
				signed int _t199;
				intOrPtr _t204;
				signed int _t206;
				signed int _t209;
				signed int _t211;
				signed int _t212;
				signed int _t213;
				signed int _t215;
				signed int _t217;
				signed int _t218;
				signed int* _t219;
				signed int _t222;
				void* _t225;
				union _FINDEX_INFO_LEVELS _t226;
				void* _t227;
				intOrPtr _t229;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				signed int _t236;
				intOrPtr* _t239;
				signed int _t241;
				intOrPtr* _t244;
				signed int _t249;
				signed int _t255;
				signed int _t257;
				signed int _t263;
				intOrPtr* _t264;
				signed int _t272;
				signed int _t274;
				intOrPtr* _t275;
				void* _t277;
				signed int _t280;
				signed int _t283;
				signed int _t285;
				intOrPtr _t287;
				void* _t288;
				signed int* _t292;
				signed int _t293;
				signed int _t295;
				signed int _t296;
				signed int _t297;
				signed int _t299;
				void* _t300;
				void* _t301;
				signed int _t302;
				void* _t306;
				signed int _t307;
				void* _t308;
				void* _t309;
				void* _t310;
				signed int _t311;
				void* _t312;
				void* _t313;

				_t131 = _a8;
				_t309 = _t308 - 0x28;
				_push(__esi);
				_t317 = _t131;
				if(_t131 != 0) {
					_t292 = _a4;
					_t222 = 0;
					 *_t131 = 0;
					_t283 = 0;
					_t132 =  *_t292;
					_t232 = 0;
					_v608.cAlternateFileName = 0;
					_v40 = 0;
					_v36 = 0;
					__eflags = _t132;
					if(_t132 == 0) {
						L9:
						_v8 = _t222;
						_t134 = _t232 - _t283;
						_t293 = _t283;
						_v12 = _t293;
						_t271 = (_t134 >> 2) + 1;
						_t136 = _t134 + 3 >> 2;
						__eflags = _t232 - _t293;
						_v16 = (_t134 >> 2) + 1;
						asm("sbb esi, esi");
						_t295 =  !_t293 & _t134 + 0x00000003 >> 0x00000002;
						__eflags = _t295;
						if(_t295 != 0) {
							_t213 = _t283;
							_t280 = _t222;
							do {
								_t264 =  *_t213;
								_t20 = _t264 + 1; // 0x1
								_v20 = _t20;
								do {
									_t215 =  *_t264;
									_t264 = _t264 + 1;
									__eflags = _t215;
								} while (_t215 != 0);
								_t222 = _t222 + 1 + _t264 - _v20;
								_t213 = _v12 + 4;
								_t280 = _t280 + 1;
								_v12 = _t213;
								__eflags = _t280 - _t295;
							} while (_t280 != _t295);
							_t271 = _v16;
							_v8 = _t222;
							_t222 = 0;
							__eflags = 0;
						}
						_t296 = E0040854D(_t136, _t271, _v8, 1);
						_t310 = _t309 + 0xc;
						__eflags = _t296;
						if(_t296 != 0) {
							_v12 = _t283;
							_t139 = _t296 + _v16 * 4;
							_t233 = _t139;
							_v28 = _t139;
							_t140 = _t283;
							_v16 = _t233;
							__eflags = _t140 - _v40;
							if(_t140 == _v40) {
								L24:
								_v12 = _t222;
								 *_a8 = _t296;
								_t297 = _t222;
								goto L25;
							} else {
								_t274 = _t296 - _t283;
								__eflags = _t274;
								_v32 = _t274;
								do {
									_t150 =  *_t140;
									_t275 = _t150;
									_v24 = _t150;
									_v20 = _t275 + 1;
									do {
										_t152 =  *_t275;
										_t275 = _t275 + 1;
										__eflags = _t152;
									} while (_t152 != 0);
									_t153 = _t275 - _v20 + 1;
									_push(_t153);
									_v20 = _t153;
									_t157 = E00410781(_t233, _v28 - _t233 + _v8, _v24);
									_t310 = _t310 + 0x10;
									__eflags = _t157;
									if(_t157 != 0) {
										_push(_t222);
										_push(_t222);
										_push(_t222);
										_push(_t222);
										_push(_t222);
										E00409B24();
										asm("int3");
										_t306 = _t310;
										_push(_t233);
										_t239 = _v72;
										_t65 = _t239 + 1; // 0x1
										_t277 = _t65;
										do {
											_t159 =  *_t239;
											_t239 = _t239 + 1;
											__eflags = _t159;
										} while (_t159 != 0);
										_push(_t283);
										_t285 = _a8;
										_t241 = _t239 - _t277 + 1;
										_v12 = _t241;
										__eflags = _t241 -  !_t285;
										if(_t241 <=  !_t285) {
											_push(_t222);
											_push(_t296);
											_t68 = _t285 + 1; // 0x1
											_t225 = _t68 + _t241;
											_t300 = E0040B378(_t225, 1);
											__eflags = _t285;
											if(_t285 == 0) {
												L40:
												_push(_v12);
												_t225 = _t225 - _t285;
												_t164 = E00410781(_t300 + _t285, _t225, _v0);
												_t311 = _t310 + 0x10;
												__eflags = _t164;
												if(_t164 != 0) {
													goto L45;
												} else {
													_t229 = _a12;
													_t206 = E0040BB75(_t229);
													_v12 = _t206;
													__eflags = _t206;
													if(_t206 == 0) {
														 *( *(_t229 + 4)) = _t300;
														_t302 = 0;
														_t77 = _t229 + 4;
														 *_t77 =  *(_t229 + 4) + 4;
														__eflags =  *_t77;
													} else {
														E00409BE4(_t300);
														_t302 = _v12;
													}
													E00409BE4(0);
													_t209 = _t302;
													goto L37;
												}
											} else {
												_push(_t285);
												_t211 = E00410781(_t300, _t225, _a4);
												_t311 = _t310 + 0x10;
												__eflags = _t211;
												if(_t211 != 0) {
													L45:
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													E00409B24();
													asm("int3");
													_push(_t306);
													_t307 = _t311;
													_t312 = _t311 - 0x298;
													_t166 =  *0x41e018; // 0x8d57f5bb
													_v124 = _t166 ^ _t307;
													_t244 = _v108;
													_t278 = _v104;
													_push(_t225);
													_push(0);
													_t287 = _v112;
													_v724 = _t278;
													__eflags = _t244 - _t287;
													if(_t244 != _t287) {
														while(1) {
															_t204 =  *_t244;
															__eflags = _t204 - 0x2f;
															if(_t204 == 0x2f) {
																break;
															}
															__eflags = _t204 - 0x5c;
															if(_t204 != 0x5c) {
																__eflags = _t204 - 0x3a;
																if(_t204 != 0x3a) {
																	_t244 = E004107D0(_t287, _t244);
																	__eflags = _t244 - _t287;
																	if(_t244 != _t287) {
																		continue;
																	}
																}
															}
															break;
														}
														_t278 = _v616;
													}
													_t168 =  *_t244;
													_v609 = _t168;
													__eflags = _t168 - 0x3a;
													if(_t168 != 0x3a) {
														L56:
														_t226 = 0;
														__eflags = _t168 - 0x2f;
														if(__eflags == 0) {
															L59:
															_t169 = 1;
														} else {
															__eflags = _t168 - 0x5c;
															if(__eflags == 0) {
																goto L59;
															} else {
																__eflags = _t168 - 0x3a;
																_t169 = 0;
																if(__eflags == 0) {
																	goto L59;
																}
															}
														}
														_v676 = _t226;
														_v672 = _t226;
														_push(_t300);
														asm("sbb eax, eax");
														_v668 = _t226;
														_v664 = _t226;
														_v644 =  ~(_t169 & 0x000000ff) & _t244 - _t287 + 0x00000001;
														_v660 = _t226;
														_v656 = _t226;
														_t175 = E0040B56E(_t244 - _t287 + 1, _t287,  &_v676, E0040BA82(_t278, __eflags));
														_t313 = _t312 + 0xc;
														asm("sbb eax, eax");
														_t179 = FindFirstFileExW( !( ~_t175) & _v668, _t226,  &_v608, _t226, _t226, _t226);
														_t301 = _t179;
														__eflags = _t301 - 0xffffffff;
														if(_t301 != 0xffffffff) {
															_t249 =  *((intOrPtr*)(_v616 + 4)) -  *_v616;
															__eflags = _t249;
															_v648 = _t249 >> 2;
															do {
																_v640 = _t226;
																_v636 = _t226;
																_v632 = _t226;
																_v628 = _t226;
																_v624 = _t226;
																_v620 = _t226;
																_t185 = E0040B49F( &(_v608.cFileName),  &_v640,  &_v609, E0040BA82(_t278, __eflags));
																_t313 = _t313 + 0x10;
																asm("sbb eax, eax");
																_t188 =  !( ~_t185) & _v632;
																__eflags =  *_t188 - 0x2e;
																if( *_t188 != 0x2e) {
																	L67:
																	_push(_v616);
																	_push(_v644);
																	_push(_t287);
																	_push(_t188);
																	L33();
																	_t313 = _t313 + 0x10;
																	_v652 = _t188;
																	__eflags = _t188;
																	if(_t188 != 0) {
																		__eflags = _v620 - _t226;
																		if(_v620 != _t226) {
																			E00409BE4(_v632);
																			_t188 = _v652;
																		}
																		_t226 = _t188;
																	} else {
																		goto L68;
																	}
																} else {
																	_t255 =  *((intOrPtr*)(_t188 + 1));
																	__eflags = _t255;
																	if(_t255 == 0) {
																		goto L68;
																	} else {
																		__eflags = _t255 - 0x2e;
																		if(_t255 != 0x2e) {
																			goto L67;
																		} else {
																			__eflags =  *((intOrPtr*)(_t188 + 2)) - _t226;
																			if( *((intOrPtr*)(_t188 + 2)) == _t226) {
																				goto L68;
																			} else {
																				goto L67;
																			}
																		}
																	}
																}
																L76:
																FindClose(_t301);
																goto L77;
																L68:
																__eflags = _v620 - _t226;
																if(_v620 != _t226) {
																	E00409BE4(_v632);
																}
																__eflags = FindNextFileW(_t301,  &_v608);
															} while (__eflags != 0);
															_t196 = _v616;
															_t257 = _v648;
															_t278 =  *_t196;
															_t199 =  *((intOrPtr*)(_t196 + 4)) -  *_t196 >> 2;
															__eflags = _t257 - _t199;
															if(_t257 != _t199) {
																E004101E0(_t278, _t278 + _t257 * 4, _t199 - _t257, 4, E0040B3D5);
															}
															goto L76;
														} else {
															_push(_v616);
															_push(_t226);
															_push(_t226);
															_push(_t287);
															L33();
															_t226 = _t179;
														}
														L77:
														__eflags = _v656;
														_pop(_t300);
														if(_v656 != 0) {
															E00409BE4(_v668);
														}
														_t190 = _t226;
													} else {
														_t190 = _t287 + 1;
														__eflags = _t244 - _t287 + 1;
														if(_t244 == _t287 + 1) {
															_t168 = _v609;
															goto L56;
														} else {
															_push(_t278);
															_push(0);
															_push(0);
															_push(_t287);
															L33();
														}
													}
													_pop(_t288);
													__eflags = _v16 ^ _t307;
													_pop(_t227);
													return E004042D2(_t190, _t227, _v16 ^ _t307, _t278, _t288, _t300);
												} else {
													goto L40;
												}
											}
										} else {
											_t209 = 0xc;
											L37:
											return _t209;
										}
									} else {
										goto L23;
									}
									goto L81;
									L23:
									_t212 = _v12;
									_t263 = _v16;
									 *((intOrPtr*)(_v32 + _t212)) = _t263;
									_t140 = _t212 + 4;
									_t233 = _t263 + _v20;
									_v16 = _t233;
									_v12 = _t140;
									__eflags = _t140 - _v40;
								} while (_t140 != _v40);
								goto L24;
							}
						} else {
							_t297 = _t296 | 0xffffffff;
							_v12 = _t297;
							L25:
							E00409BE4(_t222);
							_pop(_t234);
							goto L26;
						}
					} else {
						while(1) {
							_v8 = 0x3f2a;
							_v6 = _t222;
							_t217 = E00410790(_t132,  &_v8);
							_t234 =  *_t292;
							__eflags = _t217;
							if(_t217 != 0) {
								_push( &(_v608.cAlternateFileName));
								_push(_t217);
								_push(_t234);
								L46();
								_t309 = _t309 + 0xc;
								_v12 = _t217;
								_t297 = _t217;
							} else {
								_t218 =  &(_v608.cAlternateFileName);
								_push(_t218);
								_push(_t222);
								_push(_t222);
								_push(_t234);
								L33();
								_t297 = _t218;
								_t309 = _t309 + 0x10;
								_v12 = _t297;
							}
							__eflags = _t297;
							if(_t297 != 0) {
								break;
							}
							_t292 =  &(_a4[1]);
							_a4 = _t292;
							_t132 =  *_t292;
							__eflags = _t132;
							if(_t132 != 0) {
								continue;
							} else {
								_t283 = _v608.cAlternateFileName;
								_t232 = _v40;
								goto L9;
							}
							goto L81;
						}
						_t283 = _v608.cAlternateFileName;
						L26:
						_t272 = _t283;
						_v32 = _t272;
						__eflags = _v40 - _t272;
						asm("sbb ecx, ecx");
						_t236 =  !_t234 & _v40 - _t272 + 0x00000003 >> 0x00000002;
						__eflags = _t236;
						_v28 = _t236;
						if(_t236 != 0) {
							_t299 = _t236;
							do {
								E00409BE4( *_t283);
								_t222 = _t222 + 1;
								_t283 = _t283 + 4;
								__eflags = _t222 - _t299;
							} while (_t222 != _t299);
							_t283 = _v608.cAlternateFileName;
							_t297 = _v12;
						}
						E00409BE4(_t283);
						goto L31;
					}
				} else {
					_t219 = E00409BD1(_t317);
					_t297 = 0x16;
					 *_t219 = _t297;
					E00409B14();
					L31:
					return _t297;
				}
				L81:
			}

















































































































                                                                                                                              0x0040b590
                                                                                                                              0x0040b593
                                                                                                                              0x0040b596
                                                                                                                              0x0040b597
                                                                                                                              0x0040b599
                                                                                                                              0x0040b5af
                                                                                                                              0x0040b5b3
                                                                                                                              0x0040b5b6
                                                                                                                              0x0040b5b8
                                                                                                                              0x0040b5ba
                                                                                                                              0x0040b5bc
                                                                                                                              0x0040b5be
                                                                                                                              0x0040b5c1
                                                                                                                              0x0040b5c4
                                                                                                                              0x0040b5c7
                                                                                                                              0x0040b5c9
                                                                                                                              0x0040b62c
                                                                                                                              0x0040b62e
                                                                                                                              0x0040b631
                                                                                                                              0x0040b633
                                                                                                                              0x0040b637
                                                                                                                              0x0040b640
                                                                                                                              0x0040b641
                                                                                                                              0x0040b644
                                                                                                                              0x0040b646
                                                                                                                              0x0040b649
                                                                                                                              0x0040b64d
                                                                                                                              0x0040b64d
                                                                                                                              0x0040b64f
                                                                                                                              0x0040b651
                                                                                                                              0x0040b653
                                                                                                                              0x0040b655
                                                                                                                              0x0040b655
                                                                                                                              0x0040b657
                                                                                                                              0x0040b65a
                                                                                                                              0x0040b65d
                                                                                                                              0x0040b65d
                                                                                                                              0x0040b65f
                                                                                                                              0x0040b660
                                                                                                                              0x0040b660
                                                                                                                              0x0040b66b
                                                                                                                              0x0040b66d
                                                                                                                              0x0040b670
                                                                                                                              0x0040b671
                                                                                                                              0x0040b674
                                                                                                                              0x0040b674
                                                                                                                              0x0040b678
                                                                                                                              0x0040b67b
                                                                                                                              0x0040b67e
                                                                                                                              0x0040b67e
                                                                                                                              0x0040b67e
                                                                                                                              0x0040b68b
                                                                                                                              0x0040b68d
                                                                                                                              0x0040b690
                                                                                                                              0x0040b692
                                                                                                                              0x0040b6aa
                                                                                                                              0x0040b6ad
                                                                                                                              0x0040b6b0
                                                                                                                              0x0040b6b2
                                                                                                                              0x0040b6b5
                                                                                                                              0x0040b6b7
                                                                                                                              0x0040b6ba
                                                                                                                              0x0040b6bd
                                                                                                                              0x0040b71a
                                                                                                                              0x0040b71d
                                                                                                                              0x0040b720
                                                                                                                              0x0040b722
                                                                                                                              0x00000000
                                                                                                                              0x0040b6bf
                                                                                                                              0x0040b6c1
                                                                                                                              0x0040b6c1
                                                                                                                              0x0040b6c3
                                                                                                                              0x0040b6c6
                                                                                                                              0x0040b6c6
                                                                                                                              0x0040b6c8
                                                                                                                              0x0040b6ca
                                                                                                                              0x0040b6d0
                                                                                                                              0x0040b6d3
                                                                                                                              0x0040b6d3
                                                                                                                              0x0040b6d5
                                                                                                                              0x0040b6d6
                                                                                                                              0x0040b6d6
                                                                                                                              0x0040b6dd
                                                                                                                              0x0040b6e0
                                                                                                                              0x0040b6e4
                                                                                                                              0x0040b6f1
                                                                                                                              0x0040b6f6
                                                                                                                              0x0040b6f9
                                                                                                                              0x0040b6fb
                                                                                                                              0x0040b76f
                                                                                                                              0x0040b770
                                                                                                                              0x0040b771
                                                                                                                              0x0040b772
                                                                                                                              0x0040b773
                                                                                                                              0x0040b774
                                                                                                                              0x0040b779
                                                                                                                              0x0040b77d
                                                                                                                              0x0040b77f
                                                                                                                              0x0040b780
                                                                                                                              0x0040b783
                                                                                                                              0x0040b783
                                                                                                                              0x0040b786
                                                                                                                              0x0040b786
                                                                                                                              0x0040b788
                                                                                                                              0x0040b789
                                                                                                                              0x0040b789
                                                                                                                              0x0040b78d
                                                                                                                              0x0040b78e
                                                                                                                              0x0040b795
                                                                                                                              0x0040b798
                                                                                                                              0x0040b79b
                                                                                                                              0x0040b79d
                                                                                                                              0x0040b7a5
                                                                                                                              0x0040b7a6
                                                                                                                              0x0040b7a7
                                                                                                                              0x0040b7aa
                                                                                                                              0x0040b7b4
                                                                                                                              0x0040b7b8
                                                                                                                              0x0040b7ba
                                                                                                                              0x0040b7ce
                                                                                                                              0x0040b7ce
                                                                                                                              0x0040b7d1
                                                                                                                              0x0040b7db
                                                                                                                              0x0040b7e0
                                                                                                                              0x0040b7e3
                                                                                                                              0x0040b7e5
                                                                                                                              0x00000000
                                                                                                                              0x0040b7e7
                                                                                                                              0x0040b7e7
                                                                                                                              0x0040b7ec
                                                                                                                              0x0040b7f3
                                                                                                                              0x0040b7f6
                                                                                                                              0x0040b7f8
                                                                                                                              0x0040b809
                                                                                                                              0x0040b80b
                                                                                                                              0x0040b80d
                                                                                                                              0x0040b80d
                                                                                                                              0x0040b80d
                                                                                                                              0x0040b7fa
                                                                                                                              0x0040b7fb
                                                                                                                              0x0040b800
                                                                                                                              0x0040b803
                                                                                                                              0x0040b812
                                                                                                                              0x0040b818
                                                                                                                              0x00000000
                                                                                                                              0x0040b81b
                                                                                                                              0x0040b7bc
                                                                                                                              0x0040b7bc
                                                                                                                              0x0040b7c2
                                                                                                                              0x0040b7c7
                                                                                                                              0x0040b7ca
                                                                                                                              0x0040b7cc
                                                                                                                              0x0040b81e
                                                                                                                              0x0040b820
                                                                                                                              0x0040b821
                                                                                                                              0x0040b822
                                                                                                                              0x0040b823
                                                                                                                              0x0040b824
                                                                                                                              0x0040b825
                                                                                                                              0x0040b82a
                                                                                                                              0x0040b82d
                                                                                                                              0x0040b82e
                                                                                                                              0x0040b830
                                                                                                                              0x0040b836
                                                                                                                              0x0040b83d
                                                                                                                              0x0040b840
                                                                                                                              0x0040b843
                                                                                                                              0x0040b846
                                                                                                                              0x0040b847
                                                                                                                              0x0040b848
                                                                                                                              0x0040b84b
                                                                                                                              0x0040b851
                                                                                                                              0x0040b853
                                                                                                                              0x0040b855
                                                                                                                              0x0040b855
                                                                                                                              0x0040b857
                                                                                                                              0x0040b859
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040b85b
                                                                                                                              0x0040b85d
                                                                                                                              0x0040b85f
                                                                                                                              0x0040b861
                                                                                                                              0x0040b86c
                                                                                                                              0x0040b86e
                                                                                                                              0x0040b870
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040b870
                                                                                                                              0x0040b861
                                                                                                                              0x00000000
                                                                                                                              0x0040b85d
                                                                                                                              0x0040b872
                                                                                                                              0x0040b872
                                                                                                                              0x0040b878
                                                                                                                              0x0040b87a
                                                                                                                              0x0040b880
                                                                                                                              0x0040b882
                                                                                                                              0x0040b8a4
                                                                                                                              0x0040b8a4
                                                                                                                              0x0040b8a6
                                                                                                                              0x0040b8a8
                                                                                                                              0x0040b8b4
                                                                                                                              0x0040b8b4
                                                                                                                              0x0040b8aa
                                                                                                                              0x0040b8aa
                                                                                                                              0x0040b8ac
                                                                                                                              0x00000000
                                                                                                                              0x0040b8ae
                                                                                                                              0x0040b8ae
                                                                                                                              0x0040b8b0
                                                                                                                              0x0040b8b2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040b8b2
                                                                                                                              0x0040b8ac
                                                                                                                              0x0040b8bc
                                                                                                                              0x0040b8c4
                                                                                                                              0x0040b8ca
                                                                                                                              0x0040b8cb
                                                                                                                              0x0040b8cd
                                                                                                                              0x0040b8d5
                                                                                                                              0x0040b8db
                                                                                                                              0x0040b8e1
                                                                                                                              0x0040b8e7
                                                                                                                              0x0040b8fb
                                                                                                                              0x0040b900
                                                                                                                              0x0040b90b
                                                                                                                              0x0040b91b
                                                                                                                              0x0040b921
                                                                                                                              0x0040b923
                                                                                                                              0x0040b926
                                                                                                                              0x0040b949
                                                                                                                              0x0040b949
                                                                                                                              0x0040b94e
                                                                                                                              0x0040b954
                                                                                                                              0x0040b954
                                                                                                                              0x0040b95a
                                                                                                                              0x0040b960
                                                                                                                              0x0040b966
                                                                                                                              0x0040b96c
                                                                                                                              0x0040b972
                                                                                                                              0x0040b993
                                                                                                                              0x0040b998
                                                                                                                              0x0040b99d
                                                                                                                              0x0040b9a1
                                                                                                                              0x0040b9a7
                                                                                                                              0x0040b9aa
                                                                                                                              0x0040b9bd
                                                                                                                              0x0040b9bd
                                                                                                                              0x0040b9c3
                                                                                                                              0x0040b9c9
                                                                                                                              0x0040b9ca
                                                                                                                              0x0040b9cb
                                                                                                                              0x0040b9d0
                                                                                                                              0x0040b9d3
                                                                                                                              0x0040b9d9
                                                                                                                              0x0040b9db
                                                                                                                              0x0040ba39
                                                                                                                              0x0040ba3f
                                                                                                                              0x0040ba47
                                                                                                                              0x0040ba4c
                                                                                                                              0x0040ba52
                                                                                                                              0x0040ba53
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040b9ac
                                                                                                                              0x0040b9ac
                                                                                                                              0x0040b9af
                                                                                                                              0x0040b9b1
                                                                                                                              0x00000000
                                                                                                                              0x0040b9b3
                                                                                                                              0x0040b9b3
                                                                                                                              0x0040b9b6
                                                                                                                              0x00000000
                                                                                                                              0x0040b9b8
                                                                                                                              0x0040b9b8
                                                                                                                              0x0040b9bb
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040b9bb
                                                                                                                              0x0040b9b6
                                                                                                                              0x0040b9b1
                                                                                                                              0x0040ba55
                                                                                                                              0x0040ba56
                                                                                                                              0x00000000
                                                                                                                              0x0040b9dd
                                                                                                                              0x0040b9dd
                                                                                                                              0x0040b9e3
                                                                                                                              0x0040b9eb
                                                                                                                              0x0040b9f0
                                                                                                                              0x0040b9ff
                                                                                                                              0x0040b9ff
                                                                                                                              0x0040ba07
                                                                                                                              0x0040ba0d
                                                                                                                              0x0040ba13
                                                                                                                              0x0040ba1a
                                                                                                                              0x0040ba1d
                                                                                                                              0x0040ba1f
                                                                                                                              0x0040ba2f
                                                                                                                              0x0040ba34
                                                                                                                              0x00000000
                                                                                                                              0x0040b928
                                                                                                                              0x0040b928
                                                                                                                              0x0040b92e
                                                                                                                              0x0040b92f
                                                                                                                              0x0040b930
                                                                                                                              0x0040b931
                                                                                                                              0x0040b939
                                                                                                                              0x0040b939
                                                                                                                              0x0040ba5c
                                                                                                                              0x0040ba5c
                                                                                                                              0x0040ba63
                                                                                                                              0x0040ba64
                                                                                                                              0x0040ba6c
                                                                                                                              0x0040ba71
                                                                                                                              0x0040ba72
                                                                                                                              0x0040b884
                                                                                                                              0x0040b884
                                                                                                                              0x0040b887
                                                                                                                              0x0040b889
                                                                                                                              0x0040b89e
                                                                                                                              0x00000000
                                                                                                                              0x0040b88b
                                                                                                                              0x0040b88b
                                                                                                                              0x0040b88e
                                                                                                                              0x0040b88f
                                                                                                                              0x0040b890
                                                                                                                              0x0040b891
                                                                                                                              0x0040b896
                                                                                                                              0x0040b889
                                                                                                                              0x0040ba77
                                                                                                                              0x0040ba78
                                                                                                                              0x0040ba7a
                                                                                                                              0x0040ba81
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040b7cc
                                                                                                                              0x0040b79f
                                                                                                                              0x0040b7a1
                                                                                                                              0x0040b7a2
                                                                                                                              0x0040b7a4
                                                                                                                              0x0040b7a4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040b6fd
                                                                                                                              0x0040b6fd
                                                                                                                              0x0040b703
                                                                                                                              0x0040b706
                                                                                                                              0x0040b709
                                                                                                                              0x0040b70c
                                                                                                                              0x0040b70f
                                                                                                                              0x0040b712
                                                                                                                              0x0040b715
                                                                                                                              0x0040b715
                                                                                                                              0x00000000
                                                                                                                              0x0040b6c6
                                                                                                                              0x0040b694
                                                                                                                              0x0040b694
                                                                                                                              0x0040b697
                                                                                                                              0x0040b724
                                                                                                                              0x0040b725
                                                                                                                              0x0040b72a
                                                                                                                              0x00000000
                                                                                                                              0x0040b72a
                                                                                                                              0x0040b5cb
                                                                                                                              0x0040b5cb
                                                                                                                              0x0040b5ce
                                                                                                                              0x0040b5d6
                                                                                                                              0x0040b5d9
                                                                                                                              0x0040b5e0
                                                                                                                              0x0040b5e2
                                                                                                                              0x0040b5e4
                                                                                                                              0x0040b5ff
                                                                                                                              0x0040b600
                                                                                                                              0x0040b601
                                                                                                                              0x0040b602
                                                                                                                              0x0040b607
                                                                                                                              0x0040b60a
                                                                                                                              0x0040b60d
                                                                                                                              0x0040b5e6
                                                                                                                              0x0040b5e6
                                                                                                                              0x0040b5e9
                                                                                                                              0x0040b5ea
                                                                                                                              0x0040b5eb
                                                                                                                              0x0040b5ec
                                                                                                                              0x0040b5ed
                                                                                                                              0x0040b5f2
                                                                                                                              0x0040b5f4
                                                                                                                              0x0040b5f7
                                                                                                                              0x0040b5f7
                                                                                                                              0x0040b60f
                                                                                                                              0x0040b611
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040b61a
                                                                                                                              0x0040b61d
                                                                                                                              0x0040b620
                                                                                                                              0x0040b622
                                                                                                                              0x0040b624
                                                                                                                              0x00000000
                                                                                                                              0x0040b626
                                                                                                                              0x0040b626
                                                                                                                              0x0040b629
                                                                                                                              0x00000000
                                                                                                                              0x0040b629
                                                                                                                              0x00000000
                                                                                                                              0x0040b624
                                                                                                                              0x0040b69f
                                                                                                                              0x0040b72b
                                                                                                                              0x0040b72e
                                                                                                                              0x0040b732
                                                                                                                              0x0040b73b
                                                                                                                              0x0040b73e
                                                                                                                              0x0040b742
                                                                                                                              0x0040b742
                                                                                                                              0x0040b744
                                                                                                                              0x0040b747
                                                                                                                              0x0040b749
                                                                                                                              0x0040b74b
                                                                                                                              0x0040b74d
                                                                                                                              0x0040b752
                                                                                                                              0x0040b753
                                                                                                                              0x0040b757
                                                                                                                              0x0040b757
                                                                                                                              0x0040b75b
                                                                                                                              0x0040b75e
                                                                                                                              0x0040b75e
                                                                                                                              0x0040b762
                                                                                                                              0x00000000
                                                                                                                              0x0040b769
                                                                                                                              0x0040b59b
                                                                                                                              0x0040b59b
                                                                                                                              0x0040b5a2
                                                                                                                              0x0040b5a3
                                                                                                                              0x0040b5a5
                                                                                                                              0x0040b76a
                                                                                                                              0x0040b76e
                                                                                                                              0x0040b76e
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: _free
                                                                                                                              • String ID: *?
                                                                                                                              • API String ID: 269201875-2564092906
                                                                                                                              • Opcode ID: 7688b7859e3597a293808f2516b3ae7ef280342fd19cf54f7afc6c8e0dba88bc
                                                                                                                              • Instruction ID: 17149a85fc1282f9a974f7bb910fe397fdb2ffca6ecb96410321eee4f3578a3d
                                                                                                                              • Opcode Fuzzy Hash: 7688b7859e3597a293808f2516b3ae7ef280342fd19cf54f7afc6c8e0dba88bc
                                                                                                                              • Instruction Fuzzy Hash: 02615D75D002199FCB14DFA9C8819EEFBF5EF48314B24856AE815F7380D739AE418B98
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00401C93 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 77COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 89%
                                                                                                                              			E00401C93(void* __ecx, void* __eflags, intOrPtr _a8, WCHAR* _a12, WCHAR* _a16) {
				char _v8;
				intOrPtr _v14;
				struct _SHFILEOPSTRUCTW _v40;
				short _v564;
				char _v1088;
				void* __edi;
				intOrPtr _t30;
				signed int _t37;
				int _t41;
				void* _t45;
				void* _t49;
				short _t51;
				void* _t52;

				_t45 = __ecx;
				_v40.wFunc = 2;
				_t51 = 0;
				asm("xorps xmm0, xmm0");
				_v40.hwnd = 0;
				asm("movlpd [ebp-0x12], xmm0");
				E00404680(_t49,  &_v1088, 0, 0x20a);
				E0040308B(_t45,  &_v1088, 0x104, _a8,  &_v8, 0, 0);
				_t30 = _v8;
				if(_t30 != 0) {
					 *((short*)(_t30 + 2)) = 0;
				}
				_v40.pFrom =  &_v1088;
				E00404680(0x104,  &_v564, _t51, 0x20a);
				PathCombineW( &_v564, _a12, _a16);
				_t37 = E00407B0A( &_v564);
				_v14 = 0x41573c;
				 *((short*)(_t52 + _t37 * 2 - 0x22e)) = 0;
				_v40.pTo =  &_v564;
				_v40.fFlags = 0x714;
				_t41 = SHFileOperationW( &_v40);
				if(_t41 != 0 && _t41 != 0x71) {
					E0040145F(_a16, 0x104, L"0x%x", _t41);
					_t51 = 0x80004005;
				}
				return _t51;
			}
















                                                                                                                              0x00401c93
                                                                                                                              0x00401ca4
                                                                                                                              0x00401cab
                                                                                                                              0x00401cb4
                                                                                                                              0x00401cb7
                                                                                                                              0x00401cbc
                                                                                                                              0x00401cc1
                                                                                                                              0x00401cdf
                                                                                                                              0x00401ce4
                                                                                                                              0x00401ce9
                                                                                                                              0x00401ced
                                                                                                                              0x00401ced
                                                                                                                              0x00401cf8
                                                                                                                              0x00401d03
                                                                                                                              0x00401d18
                                                                                                                              0x00401d25
                                                                                                                              0x00401d2d
                                                                                                                              0x00401d34
                                                                                                                              0x00401d42
                                                                                                                              0x00401d4a
                                                                                                                              0x00401d52
                                                                                                                              0x00401d5a
                                                                                                                              0x00401d6b
                                                                                                                              0x00401d73
                                                                                                                              0x00401d73
                                                                                                                              0x00401d7e

                                                                                                                              APIs
                                                                                                                              • PathCombineW.SHLWAPI(?,?,?,?,00000000,00000000), ref: 00401D18
                                                                                                                              • SHFileOperationW.SHELL32(?), ref: 00401D52
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CombineFileOperationPath
                                                                                                                              • String ID: 0x%x$<WA
                                                                                                                              • API String ID: 3833142431-1470870491
                                                                                                                              • Opcode ID: 5d18d67261042330f45a13ae0c1eab232e3564618e4017004dc9114cc4244d60
                                                                                                                              • Instruction ID: ecd0b1d3aa5a4718e37e5eeb62588a75c07390ee57e294d395e88ff5746f3ad2
                                                                                                                              • Opcode Fuzzy Hash: 5d18d67261042330f45a13ae0c1eab232e3564618e4017004dc9114cc4244d60
                                                                                                                              • Instruction Fuzzy Hash: 272151B190021DAACB10DFA5DC89EDFBBBCEF44314F00446AF904F2151E6389B44CBA9
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040AF2D Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 66COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E0040AF2D(void* __ecx) {
				intOrPtr _t9;
				intOrPtr _t14;
				intOrPtr _t18;
				signed int _t21;
				signed int _t28;
				intOrPtr _t30;
				intOrPtr _t31;

				_t9 =  *0x41eeb8; // 0x200
				_t30 = 3;
				if(_t9 != 0) {
					__eflags = _t9 - _t30;
					if(_t9 < _t30) {
						_t9 = _t30;
						goto L4;
					}
				} else {
					_t9 = 0x200;
					L4:
					 *0x41eeb8 = _t9;
				}
				 *0x41eebc = E0040B378(_t9, 4);
				E00409BE4(0);
				if( *0x41eebc != 0) {
					L8:
					_t28 = 0;
					__eflags = 0;
					_t31 = 0x41e060;
					do {
						_t1 = _t31 + 0x20; // 0x41e080
						E0040D5B3(__eflags, _t1, 0xfa0, 0);
						_t14 =  *0x41eebc; // 0x0
						 *((intOrPtr*)(_t14 + _t28 * 4)) = _t31;
						_t18 =  *((intOrPtr*)( *((intOrPtr*)(0x41eed0 + (_t28 >> 6) * 4)) + 0x18 + (_t28 & 0x0000003f) * 0x38));
						__eflags = _t18 - 0xffffffff;
						if(_t18 == 0xffffffff) {
							L12:
							 *((intOrPtr*)(_t31 + 0x10)) = 0xfffffffe;
						} else {
							__eflags = _t18 - 0xfffffffe;
							if(_t18 == 0xfffffffe) {
								goto L12;
							} else {
								__eflags = _t18;
								if(_t18 == 0) {
									goto L12;
								}
							}
						}
						_t31 = _t31 + 0x38;
						_t28 = _t28 + 1;
						__eflags = _t31 - 0x41e108;
					} while (__eflags != 0);
					__eflags = 0;
					return 0;
				} else {
					 *0x41eeb8 = _t30;
					 *0x41eebc = E0040B378(_t30, 4);
					_t21 = E00409BE4(0);
					if( *0x41eebc != 0) {
						goto L8;
					} else {
						return _t21 | 0xffffffff;
					}
				}
			}










                                                                                                                              0x0040af2d
                                                                                                                              0x0040af35
                                                                                                                              0x0040af38
                                                                                                                              0x0040af41
                                                                                                                              0x0040af43
                                                                                                                              0x0040af45
                                                                                                                              0x00000000
                                                                                                                              0x0040af45
                                                                                                                              0x0040af3a
                                                                                                                              0x0040af3a
                                                                                                                              0x0040af47
                                                                                                                              0x0040af47
                                                                                                                              0x0040af47
                                                                                                                              0x0040af56
                                                                                                                              0x0040af5b
                                                                                                                              0x0040af6a
                                                                                                                              0x0040af97
                                                                                                                              0x0040af98
                                                                                                                              0x0040af98
                                                                                                                              0x0040af9a
                                                                                                                              0x0040af9f
                                                                                                                              0x0040afa6
                                                                                                                              0x0040afaa
                                                                                                                              0x0040afaf
                                                                                                                              0x0040afb9
                                                                                                                              0x0040afcb
                                                                                                                              0x0040afcf
                                                                                                                              0x0040afd2
                                                                                                                              0x0040afdd
                                                                                                                              0x0040afdd
                                                                                                                              0x0040afd4
                                                                                                                              0x0040afd4
                                                                                                                              0x0040afd7
                                                                                                                              0x00000000
                                                                                                                              0x0040afd9
                                                                                                                              0x0040afd9
                                                                                                                              0x0040afdb
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040afdb
                                                                                                                              0x0040afd7
                                                                                                                              0x0040afe4
                                                                                                                              0x0040afe7
                                                                                                                              0x0040afe8
                                                                                                                              0x0040afe8
                                                                                                                              0x0040aff1
                                                                                                                              0x0040aff4
                                                                                                                              0x0040af6c
                                                                                                                              0x0040af6f
                                                                                                                              0x0040af7c
                                                                                                                              0x0040af81
                                                                                                                              0x0040af90
                                                                                                                              0x00000000
                                                                                                                              0x0040af92
                                                                                                                              0x0040af96
                                                                                                                              0x0040af96
                                                                                                                              0x0040af90

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: _free
                                                                                                                              • String ID: `zA$`A
                                                                                                                              • API String ID: 269201875-1881612098
                                                                                                                              • Opcode ID: 14d1fbd5d1b105dd84725d75f0f20844de0af43dd7f10caecd5d2e506ab4e3f3
                                                                                                                              • Instruction ID: a75a6cfa9db0aa3fe537bcaa213248546f35e6b770c4d0cbeffe404dabe2efe0
                                                                                                                              • Opcode Fuzzy Hash: 14d1fbd5d1b105dd84725d75f0f20844de0af43dd7f10caecd5d2e506ab4e3f3
                                                                                                                              • Instruction Fuzzy Hash: A811B6B5A483115AD7209B3BAC05B967695A710734F14463BFD11EB3E0D3B8D8924B8E
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040B49F Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E0040B49F(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a16) {
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t19;
				intOrPtr _t29;
				char _t31;
				intOrPtr _t38;
				intOrPtr* _t40;
				intOrPtr _t41;

				_t40 = _a4;
				if(_t40 != 0) {
					_t31 = 0;
					__eflags =  *_t40;
					if( *_t40 != 0) {
						_t16 = E0040C695(_a16, 0, _t40, 0xffffffff, 0, 0, 0, 0);
						__eflags = _t16;
						if(__eflags != 0) {
							_t38 = _a8;
							__eflags = _t16 -  *((intOrPtr*)(_t38 + 0xc));
							if(__eflags <= 0) {
								L11:
								_t17 = E0040C695(_a16, _t31, _t40, 0xffffffff,  *((intOrPtr*)(_t38 + 8)),  *((intOrPtr*)(_t38 + 0xc)), _t31, _t31);
								__eflags = _t17;
								if(__eflags != 0) {
									 *((intOrPtr*)(_t38 + 0x10)) = _t17 - 1;
									_t19 = 0;
									__eflags = 0;
								} else {
									E00409B9B(GetLastError());
									_t19 =  *((intOrPtr*)(E00409BD1(__eflags)));
								}
								L14:
								return _t19;
							}
							_t19 = E0040BADB(_t38, __eflags, _t16);
							__eflags = _t19;
							if(_t19 != 0) {
								goto L14;
							}
							goto L11;
						}
						E00409B9B(GetLastError());
						return  *((intOrPtr*)(E00409BD1(__eflags)));
					}
					_t41 = _a8;
					__eflags =  *((intOrPtr*)(_t41 + 0xc));
					if(__eflags != 0) {
						L6:
						 *((char*)( *((intOrPtr*)(_t41 + 8)))) = _t31;
						L2:
						 *((intOrPtr*)(_t41 + 0x10)) = _t31;
						return 0;
					}
					_t29 = E0040BADB(_t41, __eflags, 1);
					__eflags = _t29;
					if(_t29 != 0) {
						return _t29;
					}
					goto L6;
				}
				_t41 = _a8;
				E0040BAC1(_t41);
				_t31 = 0;
				 *((intOrPtr*)(_t41 + 8)) = 0;
				 *((intOrPtr*)(_t41 + 0xc)) = 0;
				goto L2;
			}











                                                                                                                              0x0040b4a6
                                                                                                                              0x0040b4ab
                                                                                                                              0x0040b4c9
                                                                                                                              0x0040b4cb
                                                                                                                              0x0040b4ce
                                                                                                                              0x0040b4fb
                                                                                                                              0x0040b503
                                                                                                                              0x0040b505
                                                                                                                              0x0040b51e
                                                                                                                              0x0040b521
                                                                                                                              0x0040b524
                                                                                                                              0x0040b532
                                                                                                                              0x0040b541
                                                                                                                              0x0040b549
                                                                                                                              0x0040b54b
                                                                                                                              0x0040b564
                                                                                                                              0x0040b567
                                                                                                                              0x0040b567
                                                                                                                              0x0040b54d
                                                                                                                              0x0040b554
                                                                                                                              0x0040b55f
                                                                                                                              0x0040b55f
                                                                                                                              0x0040b569
                                                                                                                              0x00000000
                                                                                                                              0x0040b569
                                                                                                                              0x0040b529
                                                                                                                              0x0040b52e
                                                                                                                              0x0040b530
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040b530
                                                                                                                              0x0040b50e
                                                                                                                              0x00000000
                                                                                                                              0x0040b519
                                                                                                                              0x0040b4d0
                                                                                                                              0x0040b4d3
                                                                                                                              0x0040b4d6
                                                                                                                              0x0040b4e9
                                                                                                                              0x0040b4ec
                                                                                                                              0x0040b4bf
                                                                                                                              0x0040b4bf
                                                                                                                              0x00000000
                                                                                                                              0x0040b4c2
                                                                                                                              0x0040b4dc
                                                                                                                              0x0040b4e1
                                                                                                                              0x0040b4e3
                                                                                                                              0x0040b56d
                                                                                                                              0x0040b56d
                                                                                                                              0x00000000
                                                                                                                              0x0040b4e3
                                                                                                                              0x0040b4ad
                                                                                                                              0x0040b4b2
                                                                                                                              0x0040b4b7
                                                                                                                              0x0040b4b9
                                                                                                                              0x0040b4bc
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 0040BAC1: _free.LIBCMT ref: 0040BACF
                                                                                                                                • Part of subcall function 0040C695: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,00000000,004116C4,0000FDE9,00000000,?,?,?,0041143D,0000FDE9,00000000,?), ref: 0040C741
                                                                                                                              • GetLastError.KERNEL32 ref: 0040B507
                                                                                                                              • __dosmaperr.LIBCMT ref: 0040B50E
                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 0040B54D
                                                                                                                              • __dosmaperr.LIBCMT ref: 0040B554
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 167067550-0
                                                                                                                              • Opcode ID: e853e4531792134dc8bae11eec7f0b39c70d980d17c08e792fd068981e6f2a33
                                                                                                                              • Instruction ID: 13f0d0bc1a66377a886712bc0a1edcc3a4012dd62bae7c3ef28d20c58f14cbdc
                                                                                                                              • Opcode Fuzzy Hash: e853e4531792134dc8bae11eec7f0b39c70d980d17c08e792fd068981e6f2a33
                                                                                                                              • Instruction Fuzzy Hash: E221A171600205BFDB209F669C8186B77ACEF043A8710853AF819B72D1E738ED018BEC
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040A14B Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 75%
                                                                                                                              			E0040A14B(void* __ecx, void* __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t2;
				long _t3;
				intOrPtr _t5;
				long _t6;
				intOrPtr _t9;
				long _t10;
				signed int _t39;
				signed int _t40;
				void* _t43;
				void* _t49;
				signed int _t51;
				signed int _t53;
				signed int _t54;
				long _t56;
				long _t60;
				long _t61;
				void* _t65;

				_t49 = __edx;
				_t43 = __ecx;
				_t60 = GetLastError();
				_t2 =  *0x41e058; // 0x6
				_t67 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L6:
					_t3 = E0040D571(__eflags, _t2, 0xffffffff);
					__eflags = _t3;
					if(_t3 == 0) {
						goto L3;
					} else {
						_t51 = E0040B378(1, 0x364);
						_pop(_t43);
						__eflags = _t51;
						if(__eflags != 0) {
							__eflags = E0040D571(__eflags,  *0x41e058, _t51);
							if(__eflags != 0) {
								E00409F79(_t51, 0x41eecc);
								E00409BE4(0);
								_t65 = _t65 + 0xc;
								goto L13;
							} else {
								_t39 = 0;
								E0040D571(__eflags,  *0x41e058, 0);
								_push(_t51);
								goto L9;
							}
						} else {
							_t39 = 0;
							__eflags = 0;
							E0040D571(0,  *0x41e058, 0);
							_push(0);
							L9:
							E00409BE4();
							_pop(_t43);
							goto L4;
						}
					}
				} else {
					_t51 = E0040D532(_t67, _t2);
					if(_t51 == 0) {
						_t2 =  *0x41e058; // 0x6
						goto L6;
					} else {
						if(_t51 != 0xffffffff) {
							L13:
							_t39 = _t51;
						} else {
							L3:
							_t39 = 0;
							L4:
							_t51 = _t39;
						}
					}
				}
				SetLastError(_t60);
				asm("sbb edi, edi");
				_t53 =  ~_t51 & _t39;
				if(_t53 == 0) {
					E0040922C(_t39, _t43, _t49, _t53, _t60);
					asm("int3");
					_t5 =  *0x41e058; // 0x6
					_push(_t60);
					__eflags = _t5 - 0xffffffff;
					if(__eflags == 0) {
						L22:
						_t6 = E0040D571(__eflags, _t5, 0xffffffff);
						__eflags = _t6;
						if(_t6 == 0) {
							goto L31;
						} else {
							_t60 = E0040B378(1, 0x364);
							_pop(_t43);
							__eflags = _t60;
							if(__eflags != 0) {
								__eflags = E0040D571(__eflags,  *0x41e058, _t60);
								if(__eflags != 0) {
									E00409F79(_t60, 0x41eecc);
									E00409BE4(0);
									_t65 = _t65 + 0xc;
									goto L29;
								} else {
									E0040D571(__eflags,  *0x41e058, _t21);
									_push(_t60);
									goto L25;
								}
							} else {
								E0040D571(__eflags,  *0x41e058, _t20);
								_push(_t60);
								L25:
								E00409BE4();
								_pop(_t43);
								goto L31;
							}
						}
					} else {
						_t60 = E0040D532(__eflags, _t5);
						__eflags = _t60;
						if(__eflags == 0) {
							_t5 =  *0x41e058; // 0x6
							goto L22;
						} else {
							__eflags = _t60 - 0xffffffff;
							if(_t60 == 0xffffffff) {
								L31:
								E0040922C(_t39, _t43, _t49, _t53, _t60);
								asm("int3");
								_push(_t39);
								_push(_t60);
								_push(_t53);
								_t61 = GetLastError();
								_t9 =  *0x41e058; // 0x6
								__eflags = _t9 - 0xffffffff;
								if(__eflags == 0) {
									L38:
									_t10 = E0040D571(__eflags, _t9, 0xffffffff);
									__eflags = _t10;
									if(_t10 == 0) {
										goto L35;
									} else {
										_t54 = E0040B378(1, 0x364);
										__eflags = _t54;
										if(__eflags != 0) {
											__eflags = E0040D571(__eflags,  *0x41e058, _t54);
											if(__eflags != 0) {
												E00409F79(_t54, 0x41eecc);
												E00409BE4(0);
												goto L45;
											} else {
												_t40 = 0;
												E0040D571(__eflags,  *0x41e058, 0);
												_push(_t54);
												goto L41;
											}
										} else {
											_t40 = 0;
											__eflags = 0;
											E0040D571(0,  *0x41e058, 0);
											_push(0);
											L41:
											E00409BE4();
											goto L36;
										}
									}
								} else {
									_t54 = E0040D532(__eflags, _t9);
									__eflags = _t54;
									if(__eflags == 0) {
										_t9 =  *0x41e058; // 0x6
										goto L38;
									} else {
										__eflags = _t54 - 0xffffffff;
										if(_t54 != 0xffffffff) {
											L45:
											_t40 = _t54;
										} else {
											L35:
											_t40 = 0;
											__eflags = 0;
											L36:
											_t54 = _t40;
										}
									}
								}
								SetLastError(_t61);
								asm("sbb edi, edi");
								_t56 =  ~_t54 & _t40;
								__eflags = _t56;
								return _t56;
							} else {
								L29:
								__eflags = _t60;
								if(_t60 == 0) {
									goto L31;
								} else {
									return _t60;
								}
							}
						}
					}
				} else {
					return _t53;
				}
			}























                                                                                                                              0x0040a14b
                                                                                                                              0x0040a14b
                                                                                                                              0x0040a156
                                                                                                                              0x0040a158
                                                                                                                              0x0040a15d
                                                                                                                              0x0040a160
                                                                                                                              0x0040a17e
                                                                                                                              0x0040a181
                                                                                                                              0x0040a186
                                                                                                                              0x0040a188
                                                                                                                              0x00000000
                                                                                                                              0x0040a18a
                                                                                                                              0x0040a196
                                                                                                                              0x0040a199
                                                                                                                              0x0040a19a
                                                                                                                              0x0040a19c
                                                                                                                              0x0040a1c1
                                                                                                                              0x0040a1c3
                                                                                                                              0x0040a1dc
                                                                                                                              0x0040a1e3
                                                                                                                              0x0040a1e8
                                                                                                                              0x00000000
                                                                                                                              0x0040a1c5
                                                                                                                              0x0040a1c5
                                                                                                                              0x0040a1ce
                                                                                                                              0x0040a1d3
                                                                                                                              0x00000000
                                                                                                                              0x0040a1d3
                                                                                                                              0x0040a19e
                                                                                                                              0x0040a19e
                                                                                                                              0x0040a19e
                                                                                                                              0x0040a1a7
                                                                                                                              0x0040a1ac
                                                                                                                              0x0040a1ad
                                                                                                                              0x0040a1ad
                                                                                                                              0x0040a1b2
                                                                                                                              0x00000000
                                                                                                                              0x0040a1b2
                                                                                                                              0x0040a19c
                                                                                                                              0x0040a162
                                                                                                                              0x0040a168
                                                                                                                              0x0040a16c
                                                                                                                              0x0040a179
                                                                                                                              0x00000000
                                                                                                                              0x0040a16e
                                                                                                                              0x0040a171
                                                                                                                              0x0040a1eb
                                                                                                                              0x0040a1eb
                                                                                                                              0x0040a173
                                                                                                                              0x0040a173
                                                                                                                              0x0040a173
                                                                                                                              0x0040a175
                                                                                                                              0x0040a175
                                                                                                                              0x0040a175
                                                                                                                              0x0040a171
                                                                                                                              0x0040a16c
                                                                                                                              0x0040a1ee
                                                                                                                              0x0040a1f6
                                                                                                                              0x0040a1f8
                                                                                                                              0x0040a1fa
                                                                                                                              0x0040a202
                                                                                                                              0x0040a207
                                                                                                                              0x0040a208
                                                                                                                              0x0040a20d
                                                                                                                              0x0040a20e
                                                                                                                              0x0040a211
                                                                                                                              0x0040a22b
                                                                                                                              0x0040a22e
                                                                                                                              0x0040a233
                                                                                                                              0x0040a235
                                                                                                                              0x00000000
                                                                                                                              0x0040a237
                                                                                                                              0x0040a243
                                                                                                                              0x0040a246
                                                                                                                              0x0040a247
                                                                                                                              0x0040a249
                                                                                                                              0x0040a26c
                                                                                                                              0x0040a26e
                                                                                                                              0x0040a285
                                                                                                                              0x0040a28c
                                                                                                                              0x0040a291
                                                                                                                              0x00000000
                                                                                                                              0x0040a270
                                                                                                                              0x0040a277
                                                                                                                              0x0040a27c
                                                                                                                              0x00000000
                                                                                                                              0x0040a27c
                                                                                                                              0x0040a24b
                                                                                                                              0x0040a252
                                                                                                                              0x0040a257
                                                                                                                              0x0040a258
                                                                                                                              0x0040a258
                                                                                                                              0x0040a25d
                                                                                                                              0x00000000
                                                                                                                              0x0040a25d
                                                                                                                              0x0040a249
                                                                                                                              0x0040a213
                                                                                                                              0x0040a219
                                                                                                                              0x0040a21b
                                                                                                                              0x0040a21d
                                                                                                                              0x0040a226
                                                                                                                              0x00000000
                                                                                                                              0x0040a21f
                                                                                                                              0x0040a21f
                                                                                                                              0x0040a222
                                                                                                                              0x0040a29c
                                                                                                                              0x0040a29c
                                                                                                                              0x0040a2a1
                                                                                                                              0x0040a2a4
                                                                                                                              0x0040a2a5
                                                                                                                              0x0040a2a6
                                                                                                                              0x0040a2ad
                                                                                                                              0x0040a2af
                                                                                                                              0x0040a2b4
                                                                                                                              0x0040a2b7
                                                                                                                              0x0040a2d5
                                                                                                                              0x0040a2d8
                                                                                                                              0x0040a2dd
                                                                                                                              0x0040a2df
                                                                                                                              0x00000000
                                                                                                                              0x0040a2e1
                                                                                                                              0x0040a2ed
                                                                                                                              0x0040a2f1
                                                                                                                              0x0040a2f3
                                                                                                                              0x0040a318
                                                                                                                              0x0040a31a
                                                                                                                              0x0040a333
                                                                                                                              0x0040a33a
                                                                                                                              0x00000000
                                                                                                                              0x0040a31c
                                                                                                                              0x0040a31c
                                                                                                                              0x0040a325
                                                                                                                              0x0040a32a
                                                                                                                              0x00000000
                                                                                                                              0x0040a32a
                                                                                                                              0x0040a2f5
                                                                                                                              0x0040a2f5
                                                                                                                              0x0040a2f5
                                                                                                                              0x0040a2fe
                                                                                                                              0x0040a303
                                                                                                                              0x0040a304
                                                                                                                              0x0040a304
                                                                                                                              0x00000000
                                                                                                                              0x0040a309
                                                                                                                              0x0040a2f3
                                                                                                                              0x0040a2b9
                                                                                                                              0x0040a2bf
                                                                                                                              0x0040a2c1
                                                                                                                              0x0040a2c3
                                                                                                                              0x0040a2d0
                                                                                                                              0x00000000
                                                                                                                              0x0040a2c5
                                                                                                                              0x0040a2c5
                                                                                                                              0x0040a2c8
                                                                                                                              0x0040a342
                                                                                                                              0x0040a342
                                                                                                                              0x0040a2ca
                                                                                                                              0x0040a2ca
                                                                                                                              0x0040a2ca
                                                                                                                              0x0040a2ca
                                                                                                                              0x0040a2cc
                                                                                                                              0x0040a2cc
                                                                                                                              0x0040a2cc
                                                                                                                              0x0040a2c8
                                                                                                                              0x0040a2c3
                                                                                                                              0x0040a345
                                                                                                                              0x0040a34d
                                                                                                                              0x0040a34f
                                                                                                                              0x0040a34f
                                                                                                                              0x0040a356
                                                                                                                              0x0040a224
                                                                                                                              0x0040a294
                                                                                                                              0x0040a294
                                                                                                                              0x0040a296
                                                                                                                              0x00000000
                                                                                                                              0x0040a298
                                                                                                                              0x0040a29b
                                                                                                                              0x0040a29b
                                                                                                                              0x0040a296
                                                                                                                              0x0040a222
                                                                                                                              0x0040a21d
                                                                                                                              0x0040a1fc
                                                                                                                              0x0040a201
                                                                                                                              0x0040a201

                                                                                                                              APIs
                                                                                                                              • GetLastError.KERNEL32(?,?,?,00406B1F,?,00000000,00000104,?,00406638,00401138,00000000,?,?), ref: 0040A150
                                                                                                                              • _free.LIBCMT ref: 0040A1AD
                                                                                                                              • _free.LIBCMT ref: 0040A1E3
                                                                                                                              • SetLastError.KERNEL32(00000000,00000006,000000FF,?,00406638,00401138,00000000,?,?), ref: 0040A1EE
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorLast_free
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2283115069-0
                                                                                                                              • Opcode ID: 9f0b28b938602f32d485e8bf558c3294680e8b6dac099576a85ae81e79b0800c
                                                                                                                              • Instruction ID: 4d6328fb1ab202a210534800032c7240e4d339bd4ba3e66b41cf46156ead7382
                                                                                                                              • Opcode Fuzzy Hash: 9f0b28b938602f32d485e8bf558c3294680e8b6dac099576a85ae81e79b0800c
                                                                                                                              • Instruction Fuzzy Hash: 571127366047013AD70122B6AC85D6B26599BC137CF34023BFD24BA2D1DD7C8C19412D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040A2A2 Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 85%
                                                                                                                              			E0040A2A2(void* __ecx) {
				intOrPtr _t2;
				signed int _t3;
				signed int _t13;
				signed int _t18;
				long _t21;

				_t21 = GetLastError();
				_t2 =  *0x41e058; // 0x6
				_t24 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L6:
					_t3 = E0040D571(__eflags, _t2, 0xffffffff);
					__eflags = _t3;
					if(_t3 == 0) {
						goto L3;
					} else {
						_t18 = E0040B378(1, 0x364);
						__eflags = _t18;
						if(__eflags != 0) {
							__eflags = E0040D571(__eflags,  *0x41e058, _t18);
							if(__eflags != 0) {
								E00409F79(_t18, 0x41eecc);
								E00409BE4(0);
								goto L13;
							} else {
								_t13 = 0;
								E0040D571(__eflags,  *0x41e058, 0);
								_push(_t18);
								goto L9;
							}
						} else {
							_t13 = 0;
							__eflags = 0;
							E0040D571(0,  *0x41e058, 0);
							_push(0);
							L9:
							E00409BE4();
							goto L4;
						}
					}
				} else {
					_t18 = E0040D532(_t24, _t2);
					if(_t18 == 0) {
						_t2 =  *0x41e058; // 0x6
						goto L6;
					} else {
						if(_t18 != 0xffffffff) {
							L13:
							_t13 = _t18;
						} else {
							L3:
							_t13 = 0;
							L4:
							_t18 = _t13;
						}
					}
				}
				SetLastError(_t21);
				asm("sbb edi, edi");
				return  ~_t18 & _t13;
			}








                                                                                                                              0x0040a2ad
                                                                                                                              0x0040a2af
                                                                                                                              0x0040a2b4
                                                                                                                              0x0040a2b7
                                                                                                                              0x0040a2d5
                                                                                                                              0x0040a2d8
                                                                                                                              0x0040a2dd
                                                                                                                              0x0040a2df
                                                                                                                              0x00000000
                                                                                                                              0x0040a2e1
                                                                                                                              0x0040a2ed
                                                                                                                              0x0040a2f1
                                                                                                                              0x0040a2f3
                                                                                                                              0x0040a318
                                                                                                                              0x0040a31a
                                                                                                                              0x0040a333
                                                                                                                              0x0040a33a
                                                                                                                              0x00000000
                                                                                                                              0x0040a31c
                                                                                                                              0x0040a31c
                                                                                                                              0x0040a325
                                                                                                                              0x0040a32a
                                                                                                                              0x00000000
                                                                                                                              0x0040a32a
                                                                                                                              0x0040a2f5
                                                                                                                              0x0040a2f5
                                                                                                                              0x0040a2f5
                                                                                                                              0x0040a2fe
                                                                                                                              0x0040a303
                                                                                                                              0x0040a304
                                                                                                                              0x0040a304
                                                                                                                              0x00000000
                                                                                                                              0x0040a309
                                                                                                                              0x0040a2f3
                                                                                                                              0x0040a2b9
                                                                                                                              0x0040a2bf
                                                                                                                              0x0040a2c3
                                                                                                                              0x0040a2d0
                                                                                                                              0x00000000
                                                                                                                              0x0040a2c5
                                                                                                                              0x0040a2c8
                                                                                                                              0x0040a342
                                                                                                                              0x0040a342
                                                                                                                              0x0040a2ca
                                                                                                                              0x0040a2ca
                                                                                                                              0x0040a2ca
                                                                                                                              0x0040a2cc
                                                                                                                              0x0040a2cc
                                                                                                                              0x0040a2cc
                                                                                                                              0x0040a2c8
                                                                                                                              0x0040a2c3
                                                                                                                              0x0040a345
                                                                                                                              0x0040a34d
                                                                                                                              0x0040a356

                                                                                                                              APIs
                                                                                                                              • GetLastError.KERNEL32(?,?,00000000,00409BD6,00409C0A,?,?,00408F39), ref: 0040A2A7
                                                                                                                              • _free.LIBCMT ref: 0040A304
                                                                                                                              • _free.LIBCMT ref: 0040A33A
                                                                                                                              • SetLastError.KERNEL32(00000000,00000006,000000FF,?,00000000,00409BD6,00409C0A,?,?,00408F39), ref: 0040A345
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorLast_free
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2283115069-0
                                                                                                                              • Opcode ID: 4650689367c15ca5cf24f1e60d5f0ccce7b6385d6be2f1c4133324665d4c0d6b
                                                                                                                              • Instruction ID: fa39c14e53cc2dc52c675bdce78b75956287561d7adf185894395a6cd0e6f851
                                                                                                                              • Opcode Fuzzy Hash: 4650689367c15ca5cf24f1e60d5f0ccce7b6385d6be2f1c4133324665d4c0d6b
                                                                                                                              • Instruction Fuzzy Hash: A71129366047013BD71022B76C85DAB2A599BC537CB30023FFD19F22E2D97D8C15522D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00401D81 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 17%
                                                                                                                              			E00401D81(void* __edx, signed short _a4, signed short _a8, short _a12) {
				struct _OSVERSIONINFOEXW _v288;
				void* _t28;
				void* _t29;
				intOrPtr* _t31;

				_t28 = __edx;
				_v288.dwOSVersionInfoSize = 0x11c;
				_v288.dwBuildNumber = 0;
				_v288.dwPlatformId = 0;
				E00404680(_t29,  &(_v288.szCSDVersion), 0, 0x100);
				_v288.wSuiteMask = 0;
				_v288.wServicePackMinor = 0;
				_t31 = __imp__VerSetConditionMask;
				 *_t31(0, 0, 2, 3, 1, 3, 0x20, 3);
				 *_t31(0, _t28);
				 *_t31(0, _t28);
				_push(_t28);
				_v288.dwMajorVersion = _a4 & 0x0000ffff;
				_v288.dwMinorVersion = _a8 & 0x0000ffff;
				_v288.wServicePackMajor = _a12;
				return VerifyVersionInfoW( &_v288, 0x23, 0) & 0xffffff00 | _t23 != 0x00000000;
			}







                                                                                                                              0x00401d81
                                                                                                                              0x00401d8d
                                                                                                                              0x00401da2
                                                                                                                              0x00401daa
                                                                                                                              0x00401db0
                                                                                                                              0x00401db8
                                                                                                                              0x00401dbd
                                                                                                                              0x00401dcf
                                                                                                                              0x00401dd5
                                                                                                                              0x00401dd9
                                                                                                                              0x00401ddd
                                                                                                                              0x00401de3
                                                                                                                              0x00401de4
                                                                                                                              0x00401def
                                                                                                                              0x00401e02
                                                                                                                              0x00401e13

                                                                                                                              APIs
                                                                                                                              • VerSetConditionMask.KERNEL32(00000000,00000000,00000002,00000003,00000001,00000003,00000020,00000003), ref: 00401DD5
                                                                                                                              • VerSetConditionMask.KERNEL32(00000000), ref: 00401DD9
                                                                                                                              • VerSetConditionMask.KERNEL32(00000000), ref: 00401DDD
                                                                                                                              • VerifyVersionInfoW.KERNEL32(0000011C,00000023,00000000), ref: 00401E06
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ConditionMask$InfoVerifyVersion
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2793162063-0
                                                                                                                              • Opcode ID: 26cf2bcf2381bbe350a69450f33e36229da530dc58e54d25139c65c399f821fc
                                                                                                                              • Instruction ID: b40bfd758ecbe7df651cb3728a8143c3c3a7a0f29b8c4347e7371419a63f7e2a
                                                                                                                              • Opcode Fuzzy Hash: 26cf2bcf2381bbe350a69450f33e36229da530dc58e54d25139c65c399f821fc
                                                                                                                              • Instruction Fuzzy Hash: A50112B1D4032CBADB249F55DC06BDB7EBCEF49B10F00849AB648A6181D6B44B848FE4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004037EB Relevance: 6.0, APIs: 4, Instructions: 47registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004037EB(void* _a4, short* _a8) {
				void* _v8;
				short _v2056;
				void* __edi;
				long _t14;

				_v8 = 0;
				_t14 = RegOpenKeyW(_a4, _a8,  &_v8);
				if(_t14 == 0) {
					E00404680(0,  &_v2056, 0, 0x800);
					while(RegEnumKeyW(_v8, 0,  &_v2056, 0x400) == 0) {
						if(E004037EB(_v8,  &_v2056) != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					return RegDeleteKeyW(_a4, _a8);
				}
				return _t14;
			}







                                                                                                                              0x004037fe
                                                                                                                              0x00403804
                                                                                                                              0x0040380c
                                                                                                                              0x0040381c
                                                                                                                              0x00403840
                                                                                                                              0x0040383e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040383e
                                                                                                                              0x00403859
                                                                                                                              0x00000000
                                                                                                                              0x0040386b
                                                                                                                              0x0040386e

                                                                                                                              APIs
                                                                                                                              • RegOpenKeyW.ADVAPI32(00000200,00000000,?), ref: 00403804
                                                                                                                              • RegEnumKeyW.ADVAPI32(?,00000000,?,00000400), ref: 0040384C
                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00403859
                                                                                                                              • RegDeleteKeyW.ADVAPI32(00000200,00000000), ref: 00403865
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseDeleteEnumOpen
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 4142876296-0
                                                                                                                              • Opcode ID: 1226e3a76df7f2a917c3d088236c5109cb134b390dad88a463dd23823c9db395
                                                                                                                              • Instruction ID: ed6aba839132bbf552c5bd6238570d632839d0c8c0d609884452e70d610941fa
                                                                                                                              • Opcode Fuzzy Hash: 1226e3a76df7f2a917c3d088236c5109cb134b390dad88a463dd23823c9db395
                                                                                                                              • Instruction Fuzzy Hash: 01011EB6500108FBDF11AF91ED45DDA7FBCFB88755F1080B6FA05A5060EB358B149B98
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00413356 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00413356(void* _a4, long _a8, DWORD* _a12) {
				void* _t13;

				_t13 = WriteConsoleW( *0x41e860, _a4, _a8, _a12, 0);
				if(_t13 == 0 && GetLastError() == 6) {
					E0041333F();
					E00413301();
					_t13 = WriteConsoleW( *0x41e860, _a4, _a8, _a12, _t13);
				}
				return _t13;
			}




                                                                                                                              0x00413373
                                                                                                                              0x00413377
                                                                                                                              0x00413384
                                                                                                                              0x00413389
                                                                                                                              0x004133a4
                                                                                                                              0x004133a4
                                                                                                                              0x004133aa

                                                                                                                              APIs
                                                                                                                              • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,?,004124EF,?,00000001,?,?,?,00411113,?,00000000,?), ref: 0041336D
                                                                                                                              • GetLastError.KERNEL32(?,004124EF,?,00000001,?,?,?,00411113,?,00000000,?,?,?,?,0041165F,00000000), ref: 00413379
                                                                                                                                • Part of subcall function 0041333F: CloseHandle.KERNEL32(FFFFFFFE,00413389,?,004124EF,?,00000001,?,?,?,00411113,?,00000000,?,?,?), ref: 0041334F
                                                                                                                              • ___initconout.LIBCMT ref: 00413389
                                                                                                                                • Part of subcall function 00413301: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00413330,004124DC,?,?,00411113,?,00000000,?,?), ref: 00413314
                                                                                                                              • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,004124EF,?,00000001,?,?,?,00411113,?,00000000,?,?), ref: 0041339E
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2744216297-0
                                                                                                                              • Opcode ID: b309c650b3e3544950c1a273aa171ed5d9e46de339961f6d0dcbe6f063b4f872
                                                                                                                              • Instruction ID: 6ab10810d76df8942f59effc9c327c42d1bd4ea0605a423babd69b2b06a71369
                                                                                                                              • Opcode Fuzzy Hash: b309c650b3e3544950c1a273aa171ed5d9e46de339961f6d0dcbe6f063b4f872
                                                                                                                              • Instruction Fuzzy Hash: 3BF0FE3640021CFBCF222FD29C049CA3E76EB493B1B108421FD1C86120CA3289609B9C
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00409077 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00409077() {

				E00409BE4( *0x41eec4);
				 *0x41eec4 = 0;
				E00409BE4( *0x41eec8);
				 *0x41eec8 = 0;
				E00409BE4( *0x41f0f0);
				 *0x41f0f0 = 0;
				E00409BE4( *0x41f0f4);
				 *0x41f0f4 = 0;
				return 1;
			}



                                                                                                                              0x00409080
                                                                                                                              0x0040908d
                                                                                                                              0x00409093
                                                                                                                              0x0040909e
                                                                                                                              0x004090a4
                                                                                                                              0x004090af
                                                                                                                              0x004090b5
                                                                                                                              0x004090bd
                                                                                                                              0x004090c6

                                                                                                                              APIs
                                                                                                                              • _free.LIBCMT ref: 00409080
                                                                                                                                • Part of subcall function 00409BE4: HeapFree.KERNEL32(00000000,00000000,?,00408F39), ref: 00409BFA
                                                                                                                                • Part of subcall function 00409BE4: GetLastError.KERNEL32(?,?,00408F39), ref: 00409C0C
                                                                                                                              • _free.LIBCMT ref: 00409093
                                                                                                                              • _free.LIBCMT ref: 004090A4
                                                                                                                              • _free.LIBCMT ref: 004090B5
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 776569668-0
                                                                                                                              • Opcode ID: 14bfd7fd336b4e9fb8e316aa3b5d332519ac93358376fa8b453e53b984e84ecc
                                                                                                                              • Instruction ID: 1e685e9be34eac9ffe3d35b3e56b87ca7397db7c90fa0df2b9d38465fc8f3c02
                                                                                                                              • Opcode Fuzzy Hash: 14bfd7fd336b4e9fb8e316aa3b5d332519ac93358376fa8b453e53b984e84ecc
                                                                                                                              • Instruction Fuzzy Hash: 55E0B6798042229BC7026F17BD018C93E7AB748729315C07BF8142B273D77929569ACD
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004082A3 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 91%
                                                                                                                              			E004082A3(void* __edx, intOrPtr _a4) {
				signed int _v8;
				void* _v12;
				char _v16;
				char* _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				char* _t26;
				intOrPtr* _t36;
				signed int _t37;
				signed int _t40;
				char _t42;
				signed int _t43;
				intOrPtr* _t44;
				intOrPtr* _t45;
				intOrPtr _t48;
				signed int _t49;
				signed int _t54;
				void* _t57;
				intOrPtr* _t58;
				signed int _t64;
				signed int _t66;

				_t57 = __edx;
				_t48 = _a4;
				if(_t48 != 0) {
					__eflags = _t48 - 2;
					if(_t48 == 2) {
						L5:
						E0040C2C2(_t48);
						E0040BD09(_t48, _t57, 0, 0x41ed60, 0, 0x41ed60, 0x104);
						_t26 =  *0x41f0f8; // 0x5133b0
						 *0x41f0e8 = 0x41ed60;
						_v20 = _t26;
						__eflags = _t26;
						if(_t26 == 0) {
							L7:
							_t26 = 0x41ed60;
							_v20 = 0x41ed60;
							L8:
							_v8 = 0;
							_v16 = 0;
							_t64 = E0040854D(E004083D9( &_v8, _t26, 0, 0,  &_v8,  &_v16), _v8, _v16, 1);
							__eflags = _t64;
							if(__eflags != 0) {
								E004083D9( &_v8, _v20, _t64, _t64 + _v8 * 4,  &_v8,  &_v16);
								__eflags = _t48 - 1;
								if(_t48 != 1) {
									_v12 = 0;
									_push( &_v12);
									_t49 = E0040BBFC(_t64, _t64);
									__eflags = _t49;
									if(_t49 == 0) {
										_t58 = _v12;
										_t54 = 0;
										_t36 = _t58;
										__eflags =  *_t58;
										if( *_t58 == 0) {
											L17:
											_t37 = 0;
											 *0x41f0ec = _t54;
											_v12 = 0;
											_t49 = 0;
											 *0x41f0f0 = _t58;
											L18:
											E00409BE4(_t37);
											_v12 = 0;
											L19:
											E00409BE4(_t64);
											_t40 = _t49;
											L20:
											return _t40;
										} else {
											goto L16;
										}
										do {
											L16:
											_t36 = _t36 + 4;
											_t54 = _t54 + 1;
											__eflags =  *_t36;
										} while ( *_t36 != 0);
										goto L17;
									}
									_t37 = _v12;
									goto L18;
								}
								_t42 = _v8 - 1;
								__eflags = _t42;
								 *0x41f0ec = _t42;
								_t43 = _t64;
								_t64 = 0;
								 *0x41f0f0 = _t43;
								L12:
								_t49 = 0;
								goto L19;
							}
							_t44 = E00409BD1(__eflags);
							_push(0xc);
							_pop(0);
							 *_t44 = 0;
							goto L12;
						}
						__eflags =  *_t26;
						if( *_t26 != 0) {
							goto L8;
						}
						goto L7;
					}
					__eflags = _t48 - 1;
					if(__eflags == 0) {
						goto L5;
					}
					_t45 = E00409BD1(__eflags);
					_t66 = 0x16;
					 *_t45 = _t66;
					E00409B14();
					_t40 = _t66;
					goto L20;
				}
				return 0;
			}

























                                                                                                                              0x004082a3
                                                                                                                              0x004082ac
                                                                                                                              0x004082b1
                                                                                                                              0x004082bb
                                                                                                                              0x004082be
                                                                                                                              0x004082db
                                                                                                                              0x004082dc
                                                                                                                              0x004082ef
                                                                                                                              0x004082f4
                                                                                                                              0x004082fc
                                                                                                                              0x00408302
                                                                                                                              0x00408305
                                                                                                                              0x00408307
                                                                                                                              0x0040830e
                                                                                                                              0x0040830e
                                                                                                                              0x00408310
                                                                                                                              0x00408313
                                                                                                                              0x00408316
                                                                                                                              0x0040831d
                                                                                                                              0x00408336
                                                                                                                              0x0040833b
                                                                                                                              0x0040833d
                                                                                                                              0x0040835e
                                                                                                                              0x00408366
                                                                                                                              0x00408369
                                                                                                                              0x00408384
                                                                                                                              0x00408387
                                                                                                                              0x0040838e
                                                                                                                              0x00408392
                                                                                                                              0x00408394
                                                                                                                              0x0040839b
                                                                                                                              0x0040839e
                                                                                                                              0x004083a0
                                                                                                                              0x004083a2
                                                                                                                              0x004083a4
                                                                                                                              0x004083ae
                                                                                                                              0x004083ae
                                                                                                                              0x004083b0
                                                                                                                              0x004083b6
                                                                                                                              0x004083b9
                                                                                                                              0x004083bb
                                                                                                                              0x004083c1
                                                                                                                              0x004083c2
                                                                                                                              0x004083c8
                                                                                                                              0x004083cb
                                                                                                                              0x004083cc
                                                                                                                              0x004083d2
                                                                                                                              0x004083d5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004083a6
                                                                                                                              0x004083a6
                                                                                                                              0x004083a6
                                                                                                                              0x004083a9
                                                                                                                              0x004083aa
                                                                                                                              0x004083aa
                                                                                                                              0x00000000
                                                                                                                              0x004083a6
                                                                                                                              0x00408396
                                                                                                                              0x00000000
                                                                                                                              0x00408396
                                                                                                                              0x0040836e
                                                                                                                              0x0040836e
                                                                                                                              0x0040836f
                                                                                                                              0x00408374
                                                                                                                              0x00408376
                                                                                                                              0x00408378
                                                                                                                              0x0040837d
                                                                                                                              0x0040837d
                                                                                                                              0x00000000
                                                                                                                              0x0040837d
                                                                                                                              0x0040833f
                                                                                                                              0x00408344
                                                                                                                              0x00408346
                                                                                                                              0x00408347
                                                                                                                              0x00000000
                                                                                                                              0x00408347
                                                                                                                              0x00408309
                                                                                                                              0x0040830c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040830c
                                                                                                                              0x004082c0
                                                                                                                              0x004082c3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004082c5
                                                                                                                              0x004082cc
                                                                                                                              0x004082cd
                                                                                                                              0x004082cf
                                                                                                                              0x004082d4
                                                                                                                              0x00000000
                                                                                                                              0x004082d4
                                                                                                                              0x00000000

                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: C:\Program Files (x86)\Winamp\elevator.exe
                                                                                                                              • API String ID: 0-3242687158
                                                                                                                              • Opcode ID: 9cc3dad3496d058748b0b3fbc71cffecee8a62b9979d62bb9f24f157d37038d0
                                                                                                                              • Instruction ID: a375a460368e0b3616e69ef5b16a3c297ea325fe5644a2d033eb9570dc86c4e7
                                                                                                                              • Opcode Fuzzy Hash: 9cc3dad3496d058748b0b3fbc71cffecee8a62b9979d62bb9f24f157d37038d0
                                                                                                                              • Instruction Fuzzy Hash: DD41A671A00214ABCB11DB9A9D81D9FBBF8EBC4710B14407FE845F7291EB799E41C798
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040284F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E0040284F(void* __edx, void* __edi, void* __eflags, intOrPtr _a8, intOrPtr _a12) {
				void* _v8;
				short _v136;

				_v8 = 0;
				if(E00401D81(__edx, 6, 0, 0) != 0 && E00401FE5(L"Capabilities\\URLAssociations",  &_v8, _a12) == 0) {
					E00404680(__edi,  &_v136, 0, 0x80);
					E00403232( &_v136, 0x40, 0, _a8, 0x7ffffffe);
					CharUpperW( &_v136);
					E00402E36(_v8, _a8,  &_v136);
					RegCloseKey(_v8);
				}
				return 0;
			}





                                                                                                                              0x0040285f
                                                                                                                              0x0040286c
                                                                                                                              0x00402893
                                                                                                                              0x004028ad
                                                                                                                              0x004028b9
                                                                                                                              0x004028cc
                                                                                                                              0x004028d7
                                                                                                                              0x004028d7
                                                                                                                              0x004028e1

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 00401D81: VerSetConditionMask.KERNEL32(00000000,00000000,00000002,00000003,00000001,00000003,00000020,00000003), ref: 00401DD5
                                                                                                                                • Part of subcall function 00401D81: VerSetConditionMask.KERNEL32(00000000), ref: 00401DD9
                                                                                                                                • Part of subcall function 00401D81: VerSetConditionMask.KERNEL32(00000000), ref: 00401DDD
                                                                                                                                • Part of subcall function 00401D81: VerifyVersionInfoW.KERNEL32(0000011C,00000023,00000000), ref: 00401E06
                                                                                                                              • CharUpperW.USER32(?,?,00000040,00000000,?,7FFFFFFE), ref: 004028B9
                                                                                                                                • Part of subcall function 00402E36: RegSetValueExW.ADVAPI32(?,?,00000000,00000001,004019C2,00000000,?,004019C2,?,WinampAgent,?), ref: 00402E57
                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 004028D7
                                                                                                                              Strings
                                                                                                                              • Capabilities\URLAssociations, xrefs: 00402875
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ConditionMask$CharCloseInfoUpperValueVerifyVersion
                                                                                                                              • String ID: Capabilities\URLAssociations
                                                                                                                              • API String ID: 428561242-3928604285
                                                                                                                              • Opcode ID: ff1df61fb4bcd4005cd37145ba05fc73f29b5c9e1a5f60994bdc33c9fac26847
                                                                                                                              • Instruction ID: 7265f4001139d6dbe076970cdda36ccd53dfd06468224e1c2f81ded0c44373e9
                                                                                                                              • Opcode Fuzzy Hash: ff1df61fb4bcd4005cd37145ba05fc73f29b5c9e1a5f60994bdc33c9fac26847
                                                                                                                              • Instruction Fuzzy Hash: FA017972C00119FACF10ABA19E0AFCF7B6DAF05358F004175BA08F50D1E6759714CB95
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00401FE5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 87%
                                                                                                                              			E00401FE5(intOrPtr* _a4, void** _a8, intOrPtr _a12) {
				short _v516;
				void* __edi;
				intOrPtr* _t11;
				void* _t13;
				void* _t16;

				E00404680(0,  &_v516, 0, 0x200);
				_t11 = _a4;
				if(_t11 == 0 ||  *_t11 == 0) {
					_t13 = E0040143A( &_v516, 0x200, L"Software\\Clients\\Media\\%s", _a12);
				} else {
					_push(_t11);
					_t13 = E0040143A( &_v516, 0x200, L"Software\\Clients\\Media\\%s\\%s", _a12);
				}
				if(_t13 == 0) {
					return RegCreateKeyW(0x80000002,  &_v516, _a8);
				} else {
					_t16 = 8;
					return _t16;
				}
			}








                                                                                                                              0x00402000
                                                                                                                              0x00402005
                                                                                                                              0x0040200d
                                                                                                                              0x0040203f
                                                                                                                              0x00402014
                                                                                                                              0x00402014
                                                                                                                              0x00402025
                                                                                                                              0x0040202a
                                                                                                                              0x0040204b
                                                                                                                              0x00402068
                                                                                                                              0x0040204d
                                                                                                                              0x0040204f
                                                                                                                              0x00402051
                                                                                                                              0x00402051

                                                                                                                              APIs
                                                                                                                              • RegCreateKeyW.ADVAPI32(80000002,?,?), ref: 00402061
                                                                                                                              Strings
                                                                                                                              • Software\Clients\Media\%s\%s, xrefs: 0040201E
                                                                                                                              • Software\Clients\Media\%s, xrefs: 00402038
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Create
                                                                                                                              • String ID: Software\Clients\Media\%s$Software\Clients\Media\%s\%s
                                                                                                                              • API String ID: 2289755597-21152550
                                                                                                                              • Opcode ID: 93d7ddec2df915b61bdcb8d9e4a33dab1c6c5128f96379a6c5a2e6cc5c8f535f
                                                                                                                              • Instruction ID: 7d4bd9be91abd07202928c9a876119b80334cd60b4f0c2e8256ecb4ad85c8145
                                                                                                                              • Opcode Fuzzy Hash: 93d7ddec2df915b61bdcb8d9e4a33dab1c6c5128f96379a6c5a2e6cc5c8f535f
                                                                                                                              • Instruction Fuzzy Hash: 1501F73194031AA6EF20AA518C4DFE73B6CEF40348F440477BD18E30D2E678C955C6E4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00402193 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00402193(void* __ecx, void* __edx, void* __eflags, intOrPtr _a8, intOrPtr _a12, short* _a16) {
				signed int _v8;

				if(E00401D81(__edx, 6, 0, 0) != 0) {
					_v8 = _v8 & 0x00000000;
					if(E00401FE5(L"Capabilities\\FileAssociations",  &_v8, _a8) == 0) {
						RegDeleteValueW(_v8, _a16);
						E00402E36(_v8, _a16, _a12);
						RegCloseKey(_v8);
					}
				}
				return 0;
			}




                                                                                                                              0x004021a7
                                                                                                                              0x004021ac
                                                                                                                              0x004021c3
                                                                                                                              0x004021cb
                                                                                                                              0x004021da
                                                                                                                              0x004021e5
                                                                                                                              0x004021e5
                                                                                                                              0x004021c3
                                                                                                                              0x004021ee

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 00401D81: VerSetConditionMask.KERNEL32(00000000,00000000,00000002,00000003,00000001,00000003,00000020,00000003), ref: 00401DD5
                                                                                                                                • Part of subcall function 00401D81: VerSetConditionMask.KERNEL32(00000000), ref: 00401DD9
                                                                                                                                • Part of subcall function 00401D81: VerSetConditionMask.KERNEL32(00000000), ref: 00401DDD
                                                                                                                                • Part of subcall function 00401D81: VerifyVersionInfoW.KERNEL32(0000011C,00000023,00000000), ref: 00401E06
                                                                                                                              • RegDeleteValueW.ADVAPI32(00000000,?), ref: 004021CB
                                                                                                                                • Part of subcall function 00402E36: RegSetValueExW.ADVAPI32(?,?,00000000,00000001,004019C2,00000000,?,004019C2,?,WinampAgent,?), ref: 00402E57
                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 004021E5
                                                                                                                              Strings
                                                                                                                              • Capabilities\FileAssociations, xrefs: 004021B4
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ConditionMask$Value$CloseDeleteInfoVerifyVersion
                                                                                                                              • String ID: Capabilities\FileAssociations
                                                                                                                              • API String ID: 3894844506-3346714214
                                                                                                                              • Opcode ID: 960b690f8927d68698793c139dbb50f1396a11af88714f21a057f4eb7e06cd77
                                                                                                                              • Instruction ID: 60a7d2ad630b2b68766d472f195ef8dbdfa039da750ba510c685a56dd89da7bf
                                                                                                                              • Opcode Fuzzy Hash: 960b690f8927d68698793c139dbb50f1396a11af88714f21a057f4eb7e06cd77
                                                                                                                              • Instruction Fuzzy Hash: 60F0DA32900208FBDF019F91DE0BFDE7B65AF08348F504065BA05781E1E7B69B24AB59
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00403660 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00403660(void* __ecx, intOrPtr _a8, intOrPtr _a12) {
				void* _v8;

				_v8 = 0;
				if(RegCreateKeyExW(0x80000002, L"SOFTWARE\\Nullsoft\\Winamp", 0, 0, 0, 0x2001f, 0,  &_v8, 0) != 0) {
					return 0x80004005;
				}
				E00402E36(_v8, _a8, _a12);
				RegCloseKey(_v8);
				return 0;
			}




                                                                                                                              0x0040367e
                                                                                                                              0x00403689
                                                                                                                              0x00000000
                                                                                                                              0x004036a9
                                                                                                                              0x00403694
                                                                                                                              0x0040369f
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • RegCreateKeyExW.ADVAPI32(80000002,SOFTWARE\Nullsoft\Winamp,00000000,00000000,00000000,0002001F,00000000,?,00000000), ref: 00403681
                                                                                                                                • Part of subcall function 00402E36: RegSetValueExW.ADVAPI32(?,?,00000000,00000001,004019C2,00000000,?,004019C2,?,WinampAgent,?), ref: 00402E57
                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 0040369F
                                                                                                                              Strings
                                                                                                                              • SOFTWARE\Nullsoft\Winamp, xrefs: 00403674
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseCreateValue
                                                                                                                              • String ID: SOFTWARE\Nullsoft\Winamp
                                                                                                                              • API String ID: 1818849710-4267968800
                                                                                                                              • Opcode ID: 78ab19b833f6d66f763474d00b5ee122cd375e67511aeab58d2966ea4754c5b7
                                                                                                                              • Instruction ID: 0fb857bc4b788ff6c3ff9563ba344473f1855a55885deec2223ee509a64359bd
                                                                                                                              • Opcode Fuzzy Hash: 78ab19b833f6d66f763474d00b5ee122cd375e67511aeab58d2966ea4754c5b7
                                                                                                                              • Instruction Fuzzy Hash: E8F065B1510108FFEB189FA1DD0FEAF7B6DFB08305B10453DB501B4251E6B69E20AB69
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00403471 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00403471(void* __ecx, void* __edx, void* __eflags, short* _a8, intOrPtr _a12) {
				void* _v8;

				_v8 = 0;
				if(E00401D81(__edx, 6, 0, 0) != 0 && E00401FE5(L"Capabilities\\URLAssociations",  &_v8, _a12) == 0) {
					RegDeleteValueW(_v8, _a8);
					RegCloseKey(_v8);
				}
				return 0;
			}




                                                                                                                              0x0040347b
                                                                                                                              0x00403488
                                                                                                                              0x004034a8
                                                                                                                              0x004034b1
                                                                                                                              0x004034b1
                                                                                                                              0x004034ba

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 00401D81: VerSetConditionMask.KERNEL32(00000000,00000000,00000002,00000003,00000001,00000003,00000020,00000003), ref: 00401DD5
                                                                                                                                • Part of subcall function 00401D81: VerSetConditionMask.KERNEL32(00000000), ref: 00401DD9
                                                                                                                                • Part of subcall function 00401D81: VerSetConditionMask.KERNEL32(00000000), ref: 00401DDD
                                                                                                                                • Part of subcall function 00401D81: VerifyVersionInfoW.KERNEL32(0000011C,00000023,00000000), ref: 00401E06
                                                                                                                              • RegDeleteValueW.ADVAPI32(?,?), ref: 004034A8
                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 004034B1
                                                                                                                              Strings
                                                                                                                              • Capabilities\URLAssociations, xrefs: 00403491
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.472648680.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000008.00000002.472645122.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472661527.0000000000415000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472667845.000000000041E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              • Associated: 00000008.00000002.472671141.0000000000420000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_Elevator.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ConditionMask$CloseDeleteInfoValueVerifyVersion
                                                                                                                              • String ID: Capabilities\URLAssociations
                                                                                                                              • API String ID: 2359735906-3928604285
                                                                                                                              • Opcode ID: 039b472daf67d72b31827298ab944a706726b46bc96ea0b39a58099dd84f5e22
                                                                                                                              • Instruction ID: 13d1a1237c5368a3ac67b5cc8695af8118dc36ae5d5a22f2a913f9da0686be06
                                                                                                                              • Opcode Fuzzy Hash: 039b472daf67d72b31827298ab944a706726b46bc96ea0b39a58099dd84f5e22
                                                                                                                              • Instruction Fuzzy Hash: 58E0C971900609FFDF019FE19D06EEE7BA9AF54348F108476BD01A51A1E63A8A249658
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%